When entering a job, a new employee provides the employer with an enormous amount of personal information. This is partly due to production needs. Regardless of the nature of the data provided, they must be properly stored and properly protected. If this does not happen and the personal information of the employees is disclosed, then significant damage is inflicted on the employees (both their dignity and personal safety). Therefore, it is important to consider the concept of "personal data" in more detail. What applies to them? How should they be stored? What are the methods for protecting personal data? Who regulates the process of their storage and processing? Answers to these and some other questions will be provided directly in this article. Be as careful as possible.
Personal Data Act
A variety of regulations provide different definitions of the concept of "personal data of an employee." In order to understand what exactly is meant, it is necessary to correlate their various positions. Their legislative basis is the law "On Personal Data" and a number of norms contained in the Constitution of the Russian Federation.
So, what about the information that is collected from the employees of the enterprise? Such employees become subjects of personal data. This kind of information includes the following data: full name, birth data, family status, place of residence, social status, information on current income, education data, and so on.
This data refers to the type of information with limited access, because it is legally confirmed that no one can be interfered with in his personal life. This also applies to personal data.
Such information is necessary in order to effectively identify the citizen. And if we are talking about an employee, then personal data provide information about him as a professional in a certain field of activity. Therefore, it is logical that only personal information pertains to the personal information of the employee, which is related to his professional potential and the specifics of fulfilling his job duties.
The Constitution of the Russian Federation guarantees citizens the confidentiality of their personal lives. And personal information is directly related to it. This is determined by the relevant Decree of the President of the Russian Federation, which confirms the confidential nature of this kind of information and reinforces the lack of access to it for the public.
At the same time, the Labor Code of the Russian Federation provides a rather narrow definition of the concept under consideration. He claims that the employee’s personal data is information that is necessary for his manager in connection with the performance of his direct professional duties and which relates exclusively to a particular employee.
Processing personal data
Why do I need to process and store personal data? They are necessary in order to properly implement the labor activity of the enterprise.
The objectives of their processing are as follows:
- the fact of employment;
- basis for career advancement;
- making salary payments;
- monitoring the implementation of work.
There are a number of methods for protecting personal information. Workers have every right to know how their personal data is stored and used. It is the responsibility of managers to familiarize employees with this information. Employees confirm the fact of notification with a personal signature.
Types of Personal Data
What kind of personal information about employees should be collected is determined by the Labor Code, the Constitution of the Russian Federation and a number of federal laws. So, two kinds of documents are necessary. The first one is papers related to the submission of an employment contract. The second is the documentation requested or compiled by the employer directly.
So, personal data are classified according to the following criteria:
Degree of access
- Publicly available. Available to a wide range of people.
- Confidential. Available only to those whom the employee allowed.
Direction
- Special. Personal life, criminal record, religious beliefs, political beliefs.
- Ordinary. Everything that does not apply to special data.
Content
- Biometrics. Characterize physiology.
- Not biometric. Data that is not biometric.
Types of personal data
What types of personal data are divided into? What applies to them?
It is important to understand that all the information that is stored in the enterprise regarding a particular employee can be viewed from two different points of view.
- Data on the marital status and family of the employee (its individual members), namely: the presence of dependents, the presence of children, their age and number, health status.
- Information about a specific employee, namely: full name (passport), profession, state of health, as well as any special circumstances.
The head of the enterprise is obliged to formulate a regulatory act of local importance, which considers the procedure that determines the storage of personal data. It can be presented in different forms. For example, it may be the Regulation on personal data.
So, we will discuss one of the nuances in more detail. Personal data: what applies to them? Information contained in personal files. It is about the following:
- passport details (place and year of birth and so on);
- copy of diploma;
- copy of documents that confirm the presence of special skills and knowledge;
- copy of documents of state pension insurance;
- other documents.
So, to summarize, what does the concept of personal data mean? What applies to them? This is personal information about the employee that the employer needs in order to most effectively use the employee’s potential and skills. The latter, of course, must give his consent to the processing of personal data. If all the formalities are followed, then the information will remain as secure as possible.
Disclosure Responsibility
It is important to take into account that 152 Federal Law "On the protection of personal data" provides only for the administrative responsibility of the company for the disclosure of personal data of an employee. This means that if an organization is not able to guarantee employees absolute protection of their personal information, then only a fine awaits it. Moreover, the amount of monetary punishment for improper storage of personal data is absolutely ridiculous. In general, they range from five to ten thousand rubles. Of course, this is the case when it comes to single payments only. As a rule, in enterprises where there are such problems, violations are multiple, which means that the amount of the fine increases significantly.
However, cash costs are far from the most important consequence of the fact that the use of personal data occurs in the wrong way. This greatly affects the company's reputation. After all, when employees give their consent to the processing of personal data, they expect that their safety is guaranteed. If it turns out otherwise, such personnel refuse to deal with a company of this kind.The company is losing the ability to hire professionals.
How Roskomnadzor checks the protection of personal data
In this case, we are interested in 152 Federal Law "On the protection of personal data". It is he who is the legislative basis for the implementation of this function.
Usually, Roskomnadzor checks three main areas of the considered sphere:
- Media.
- Communication
- Protection of personal information.
The Personal Data Regulation recommends that Roskomnadzor conduct such checks at least three times a year. This rule applies to scheduled inspections. Unscheduled are produced as needed. What could be the reason for this? For example, if a planned audit has been carried out for a long time. Or if you need to make sure that past comments have been taken into account and necessary changes have been made.
Rules for the storage of personal data
Each company must have developed special rules governing how employees' personal data is stored and used. There are several options for how exactly the described document can be executed. This can be either a separate provision or a section included in the local Internal Rules. Each employee has the right to participate in the development and implementation of measures to protect personal data. That is why all employees must be carefully acquainted with the described document.
It will be necessary to compile a list of personal data and a list of employees, as well as create a document template. It must be signed by everyone who works at the enterprise.
Physical storage
There are various ways to store data. Some are not ready to switch to electronic archives, which means they prefer to conduct business in the traditional way (that is, on paper). The essence of the method is to store all the data about employees, his personal documents and copies in a literal folder called a personal file.
What are the benefits of this type of personal record keeping? Among them are the following:
- all information is easy to find, as it is located in one place;
- data can be easily systematized;
- information search takes as short a time as possible.
However, this method has some disadvantages. For example, the following:
- the availability of additional resources for storage, such as special rooms, equipment, safes, and so on;
- the complexity of the process;
- Special skills required for paper documentation.
Sometimes human resources departments prefer to store information about one employee separately (in different thematic folders). So, all labor contracts, questionnaires and other documents for all employees are stored separately. They are numbered for a more convenient search. This method is less labor intensive than the one described above, and does not require any special skills from an employee of the personnel department.
Nevertheless, he is not without flaws. Among them are the following:
- a large amount of time is required in order to find the necessary data about a particular employee;
- the risk of leakage of confidential information is significantly increased.
Electronic storage
In this case, human resources departments prefer to use electronic databases and a variety of information systems. Often this ensures the security of personal data.
What are the benefits of this type of information storage? The main ones will be listed below:
- no need to have a large archive;
- significant space savings;
- there are no restrictions on the shelf life;
- It’s convenient to process personal data, and it does not take a lot of time;
- unauthorized access to data is practically excluded;
- no additional resources are needed.
There are, of course, some minuses. For example, the following:
- the need to back up the entire database;
- need a specialist who will administer the information system;
- expenses for specially designed equipment and software will be required;
- An employee who processes personal data must be extremely competent.
What methods are used in order to effectively protect personal information of employees?
- Make the premises in which personal data is processed completely closed to other employees.
- Employees must obtain special permission to receive any information.
- Data storage should be clearly organized.
Given the presence of both disadvantages and advantages of each of the methods, as a rule, employers combine them. It does not matter which method of storing information is used, the employer, one way or another, must obtain the consent of the employee to process his personal information.
Conclusion
Personal data - confidential information that may be collected by the employer in order to identify the employee’s identity, as well as to determine the level of qualification of the employee and his professional potential. There are several ways to store and process personal information (it can be recorded on paper or electronic media, depending on the preferences of the personnel department and the capabilities of the enterprise). The protection of personal data should be the first priority of the relevant department, as this is the right of the employee, which is guaranteed to him by the Constitution of the Russian Federation. It is important to know your rights well in order to be able to protect yourself in a controversial situation.