S
S
slava_ch2013-07-31 15:23:51
Law in IT
slava_ch, 2013-07-31 15:23:51

Personal data at the checkpoint for everyone to see

A monitor weighs at the checkpoint, when using a card, my full name / company name / office number / photo and something else appears on it. How legal is it to show this info to everyone like that?

Answer the question

In order to leave comments, you need to log in

8 answer(s)
A
Akr0n, 2013-07-31
@Akr0n

Personal data - information that allows you to uniquely identify a person (in short, according to 152 FZ). There is a photograph here, which, under certain conditions, is biometric information, and this is the most serious type of personal data.
Only the guard should see such a monitor, in extreme cases, you should at least deploy it “beyond the perimeter”. The IS that processes this information must be documented with documents on the protection of PD, the security guard must have a clause in the regulation on handling this data.
Roskomnadzor will definitely not pat on the head for such a thing!

N
Next_Alex, 2013-07-31
@Next_Alex

It all depends on the papers you signed.

M
Mario_Z, 2013-07-31
@Mario_Z

See what data is displayed there. If only a photo and full name, then it seems acceptable to me. Although on the other hand, such monitors should be seen only by employees of the checkpoint, and not just anyone.

A
Adium, 2013-07-31
@Adium

I asked a lawyer friend - she says that if there is no data such as a series and a passport number, then there is nothing illegal here.

L
Loreweil, 2013-08-01
@Loreweil

A clear violation of 152-FZ. If you have not agreed that your PD can be considered public, then the personal data operator (in this case, your employer) must ensure the confidentiality of such data. One of the requirements of the FSTEC is the deployment of monitors that display personal data with the back to the doors, as well as the use of blinds on the windows, since this is a visual channel for leaking personal data. Even aside from legal gibberish, this is a serious vulnerability, since such data obtained by an attacker opens wide horizons for the use of social engineering methods.

K
kimssster, 2013-08-01
@kimssster

In this case, the photo is not biometric information. What is a biometric photograph is described in GOST, with Roskomnadzor we have already gone through this. Your full name + position for the company is publicly available, as is the telephone directory. If the ACS is organized in this way, then the monitor just needs to be turned to face the guard. no one has yet canceled the specific TKUY.

I
Ilya Sevostyanov, 2013-08-01
@RUVATA

In this case, the data set is hardly 4K.
With special diligence, of course, you can “hang up” for them,
although in this particular case, from the “personal data” there is only the full name and the far-fetched “place of work”, which is the “Company” (as I understand it), office number, etc. . are not personal data.
PS: It is also worth mentioning that anyone who does not slip employees, these days, an agreement on the processing of personal data is, to put it mildly, a “standing target” of the FSTEC, FSIS, FSB and 13 other departments that will certainly sooner or later announce “with a check ".
So first you need to make sure that the owner of the monitor does not have the appropriate document signed by you.
PPS: Of course, this is dangerous to some extent, but believe me, your personal data is much more PERSONAL - it is obtained differently.

D
dummy2002, 2013-08-01
@dummy2002

As far as I understand, the illuminated personal data at the checkpoint is no different in terms of information content from a badge hung on the chest.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question