Belarusian Helsinki Committee, profile picture
Uploaded byBelarusian Helsinki Committee
PDF, PPTX1,346 views

Personal data eng

The document discusses issues with personal data protection in Belarusian national databases. It finds that there is no clear definition of personal data, data is retained in several different databases without unified access registration, and individuals have no way of knowing who accesses their data or holding them accountable. It also notes the lack of set retention periods and an inability to delete data on request.

Embed presentation

Download as PDF, PPTX
PROBLEM ISSUES IN PERSONAL DATA PROTECTION AT T H E N AT I O N A L L E V E L
PREPARED BY THE RHRPA "BELARUSIAN HELSINKI COMMITTEE"
Use and protection of personal data becomes more and more relevant issue because of development of informational technologies. Belarus is no exception. Many people know that our personal data is collected, summarized, and retained by state bodies. But not many people know which data is col- lected, how it is protected, what it is used for, and whom it is transferred to. This information will help you to fill this gap.
Population Register Credit Register Personal Record-Keeping United State Delict Data Bank Dactyloscopy Registration Databank Database of nationals whose right to departure was temporarily restricted Mobile networks user database retained by the Ministry of Internal Affairs retained by the Ministry of Internal Affairs retained by the Ministry of Internal Affairs retained by the Social Protection Fund retained by the National Bank retained by mobile network operators Automated Information Data System "Raschet" retained by the National Bank retained by the Ministry of Internal Affairs DATABASES UNDER REVIEW
Main criteria for comparison of personal data databases Whether the register of users who enter the data is kept Whether the data users are registered Whether the purpose for retaining the data is provided Whether the closed register of the collected data is provided Whether the person is enabled to learn who got access to his data Whether the responsibility for leaks is stipulated Whether reasonable retention period is provided for the data Whether the data can be deleted CRITERIA FOR COMPARISON
Population Register Credit Register Personal Record-Keeping United State Delict Data Bank Dactyloscopic Registration Database Database of nationals whose right to departure is temporarily restricted Mobile network users database Automated Information Data System "Raschet" Whether the register of users who enter the data is kept legislation regulates this issue no legislation regulates this issue or is too general legislation does not protect personal data Whether the closed register of the collected data is provided Whether reasonable retention period is provided for the data Whether the data users are registered Whether the person is enabled to learn who got access to his data Whether the data can be deleted Whether the purpose for retaining the data is provided Whether the responsibility for leaks is stipulated ASCERTAINED FEATURES
The data user is registered automatically or manually The purposes for collecting and retaining data are too general and unspecific Authorized employees are responsible for illegal provision or distribution of personal data which they learned because of their official (work) duties,even after they ceased to perform them The data is retained permanently.When a person dies,his data is filed Population Register ASCERTAINED FEATURES
ASCERTAINED FEATURES The insured who make payments,are registered when they access data; but the remote data access by the Ministry of Internal Affairs is not registered It can be enlarged with "other data which is needed to grant or pay a pension or an allowance" Responsibility for the leak is stipulated by the Administrative and Criminal Codes The data is retained for life,but it answers its purpose: granting and paying pensions Personal Record-Keeping
Credit Register ASCERTAINED FEATURES The data user is registered when the interested party files an application and with the individual's consent.No such consent is needed if the data is requested by courts, law enforcement bodies,notaries (see the list of bodies in the Bank Code) The special law stipulates no responsibility for the leak.It stipulates administrative responsibility for divulgation of trade (or other) secret (clause 22.13 of the Administrative Code) The data is retained for 15 years after the credit agreement is terminated and the debt is discharged
ASCERTAINED FEATURES The data is retained for 25 years after it is excluded (due to falsity) or filed (due to death or restrictions being lifted) Database of nationals whose right to departure was temporarily restricted
Mobile networks user database ASCERTAINED FEATURES The data is retained for not less than 5 years Data cannot be deleted
Automated Information Data System "Raschet" ASCERTAINED FEATURES Data is retained for 3 years Data cannot be deleted
United State Delict Database ASCERTAINED FEATURES The data user is registered by way of registration of the inquiry of an interested body or an official Retention period for crime data is 100 years; for delict data,it is 10 years. These periods are unreasonably long. For example,a person is not considered being held administratively liable in a year after he was called to account; there is no need to retain such data for more than 1 year.
ASCERTAINED FEATURES The data user is registered by way of registration of the inquiry of an interested body or an official The purposes for collecting and retaining data are too general and unspecific Dactyloscopic information is retained not less than until the person is 80 years old, or dead,or has retired or resigned Data can be deleted when the retention period is over,or when a written application is filed in case the registration was voluntary,or if the suspicions have not been confirmed Dactyloscopic Registration Database
Databases which retain it* full name & patronimyc identification number sex date of birth birthplace digital portrait photo citizenship place of residence death information disability, legal incapacity nearest relations marriage wardship, guardianship status of being working, unemployed, inactive tax liabilities military duty education academic degree (rank) labor activity pensions, support compulsory insurance credits electric communication service AIDS "Raschet" data departure restriction crimes and delicts data dactyloscopic information Population Register Credit Register Personal Record-Keeping Dactyloscopic Registration Database Database of nationals whose right to departure is temporarily restricted Mobile networks users database Automated Information Data System "Raschet" United State Delict Data Bank PERSONAL DATA *main databases are listed
Entities which enter it to these databases full name & patronimyc identification number sex date of birth birthplace digital portrait photo citizenship place of residence death information disability, legal incapacity nearest relations marriage wardship, guardianship status of being working, unemployed, inactive tax liabilities military duty education academic degree (rank) labor activity pensions, support compulsory insurance credits electric communication service AIDS "Raschet" data departure restriction crimes and delicts data dactyloscopic information Ministry of Internal Affairs Social Protection Fund State Security Committee Ministry for Emergency Situations Military registration and enlistment offices Ministry of taxation Ministry of Education Belgosstrakh Executive committees Courts Civil Registry Offices National Bank Operations and Analysis Center under the President of the Republic of Belarus Presidential Security Service Service providers Ministry of Defense Higher Attestation Commission PERSONAL DATA
There is no clear understanding what personal data is Personal data is retained in several databases Total registration of personal data accesses is not implemented Information about national’s data users is inaccessible There is no real responsibility for illegal access and divulgence of personal data There is no uniform approach to retention periods It is impossible to delete personal data by request MAIN CONCLUSIONS
Definitions stipulated by the laws on population register and on information, informatization and information security,differ in scope.The law on register contains an exhaustive definition; the law on information attributes any data that can help identify the person to it.Such non-coordination of the key definition makes uniform approach to legal regulation of this sphere impossible. MAIN CONCLUSIONS There is no clear understanding what personal data is
Personal data is retained in different databases Though the law on population register stipulates that the Ministry of Internal Affairs is the body responsible for the personal data databases,other bodies have their own databases with such information (National Bank retains credit histories, Social Protection Fund retains state social insurance data). MAIN CONCLUSIONS
Total registration of personal data accesses is not implemented National legislation contains no uniform approach to registration of the access to the personal data.The law on population register stipulates that each fact of access to the population register data should be registered online.Legislation contains no such requirement to personal data retained in other databases. MAIN CONCLUSIONS
Information about national’s data users is inaccessible National legislation does not regulate the right of a national to be informed about who,when and why has got access to his personal data. MAIN CONCLUSIONS
There is no real responsibility for illegal access and divulgence of personal data Though the legislation stipulates responsibility for the leak and illegal access to personal data,it would be extremely difficult to prove guilt of any specific official in practice as the legislation does not oblige to register each fact of access to it. MAIN CONCLUSIONS
There is no uniform approach to retention periods National legislation does not contain uniform approach to the period of retention of personal data.International legal regulations of the personal data protection provide necessity to limit such periods to the duration needed to achieve the purpose of the data retention; Belarusian legislation stipulates that such periods can last until the national dies. ОСНОВНЫЕ ВЫВОДЫ
It is impossible to delete personal data by request The "to be forgotten"principle which has been formulated in international standards,is not implemented in various personal data databases.Databases which somehow have such option have unreasonably long retention periods for personal data. ОСНОВНЫЕ ВЫВОДЫ
RHRPA “Belarusian Helsinki Committee” 220036, Republic of Belarus Minsk, Karl Liebknecht Street 68 Office 1201 Phone: +375 17 222-48-00 Fax: +375 17 222-48-01 Email: office@belhelcom.org BELHELCOM.ORG FACEBOOK.COM/ BELHELCOM

More Related Content

PDF
India's Data Protection Law 2018- Future Road Ahead
byEquiCorp Associates
 
PPTX
General Data Protection Regulation (GDPR)
byExtentia Information Technology
 
PDF
HCMUT IMP Computer Science 20 - E-Government from the view of Privacy
byDuc Lai Trung Minh
 
PDF
Puerto Rico
byHeriberto Luna
 
PPTX
HIPAA Privacy, Security, Breach Overview
byHealthCare Too, LLC
 
PDF
Personal data protection bill
byMathew Chacko
 
PDF
Feedback on Draft Personal Data Protection Bill 2018 submitted to MEITY
byNanda Mohan Shenoy
 
PDF
Personal Data Protection Bill 2018
byNanda Mohan Shenoy
 
India's Data Protection Law 2018- Future Road Ahead
byEquiCorp Associates
 
General Data Protection Regulation (GDPR)
byExtentia Information Technology
 
HCMUT IMP Computer Science 20 - E-Government from the view of Privacy
byDuc Lai Trung Minh
 
Puerto Rico
byHeriberto Luna
 
HIPAA Privacy, Security, Breach Overview
byHealthCare Too, LLC
 
Personal data protection bill
byMathew Chacko
 
Feedback on Draft Personal Data Protection Bill 2018 submitted to MEITY
byNanda Mohan Shenoy
 
Personal Data Protection Bill 2018
byNanda Mohan Shenoy
 

What's hot

PPT
Data legislation, governance and policy/Abraham M Keetshabe
byAfrican Open Science Platform
 
PDF
SECURITY BREACH NOTIFICATION CHART 2013
by- Mark - Fullbright
 
PDF
Feedback on Personal Data Protection Bill 2019
byNanda Mohan Shenoy
 
PPT
Data protection in_india
byAltacit Global
 
PDF
DATA BREACH CHARTS
by- Mark - Fullbright
 
PDF
Legal Aspects in Health Informatics
byNawanan Theera-Ampornpunt
 
PDF
Fifth Annual Study on Medical Identity Theft
by- Mark - Fullbright
 
PPTX
Presentation on GDPR
byDipanjanDey12
 
PDF
Uchi data local presentation 2020
byChristo W. Meyer
 
PPTX
Draft Bill on the Protection of Personal Data
byRenato Monteiro
 
PDF
Key Issues on the new General Data Protection Regulation
byOlivier Vandeputte
 
PDF
By 23 February 2018 we will have new mandatory data breach reporting obligati...
byLJ Gilland Real Estate Pty Ltd
 
PPT
Privacy and Data Security: Risk Management and Avoidance
byAmy Purcell
 
PDF
D2015 Protected-Health-Information-Data-Breach-Report
byThe Internet of Things
 
PPSX
State Data Breach Laws - A National Patchwork Quilt
byRochester Security Summit
 
PDF
Startups - data protection
byMathew Chacko
 
PDF
What you can do online at the social security administration website
bymosmedicalreview
 
PDF
An overview of the Indian Data Privacy Bill
byKomal Gadia
 
PPTX
Privacy and Data Protection CLE Presentation for Touro Law Center
byJonathan Ezor
 
Data legislation, governance and policy/Abraham M Keetshabe
byAfrican Open Science Platform
 
SECURITY BREACH NOTIFICATION CHART 2013
by- Mark - Fullbright
 
Feedback on Personal Data Protection Bill 2019
byNanda Mohan Shenoy
 
Data protection in_india
byAltacit Global
 
DATA BREACH CHARTS
by- Mark - Fullbright
 
Legal Aspects in Health Informatics
byNawanan Theera-Ampornpunt
 
Fifth Annual Study on Medical Identity Theft
by- Mark - Fullbright
 
Presentation on GDPR
byDipanjanDey12
 
Uchi data local presentation 2020
byChristo W. Meyer
 
Draft Bill on the Protection of Personal Data
byRenato Monteiro
 
Key Issues on the new General Data Protection Regulation
byOlivier Vandeputte
 
By 23 February 2018 we will have new mandatory data breach reporting obligati...
byLJ Gilland Real Estate Pty Ltd
 
Privacy and Data Security: Risk Management and Avoidance
byAmy Purcell
 
D2015 Protected-Health-Information-Data-Breach-Report
byThe Internet of Things
 
State Data Breach Laws - A National Patchwork Quilt
byRochester Security Summit
 
Startups - data protection
byMathew Chacko
 
What you can do online at the social security administration website
bymosmedicalreview
 
An overview of the Indian Data Privacy Bill
byKomal Gadia
 
Privacy and Data Protection CLE Presentation for Touro Law Center
byJonathan Ezor
 

Similar to Personal data eng

PPT
DATA-PRIVACY-ACT OF THE PHILIPPINES*****
byNEILIANDUMANGAS
 
PPTX
IT-TRENDS-FINALTERM understanding the self.pptx
byPaulJohnMadrigal
 
PPT
The Data Privacy Act of 2012 by Tristan Calaguas
byjane649083
 
PPTX
Data Privacy Act in the Philippines
byShirley Ingles-Cruz
 
PPTX
RA 10173 or the Data Privacy Act of 2012.pptx
byJordanJalbuna
 
PPTX
DATA-PRIVACY-ACT OF 2012- draft only ppt.pptx
bygentlejosh3161
 
PDF
2019 Bar Notes On Data Privacy Act Data Privacy Act Of 2012
byMaria Perkins
 
PDF
Data privacy act of 2012 presentation
byKittelson & Carpo Consulting
 
PDF
Data privacy act of 2012.pdf
byrjrremolana
 
PDF
Rapid7 Report: Data Breaches in the Government Sector
byRapid7
 
PPT
Data breach protection from a DB2 perspective
byCraig Mullins
 
DOC
Personal Data and Information Classification under Data Privacy Act of the Ph...
byABLoveria
 
PDF
Applying Data Privacy Techniques on Published Data in Uganda
byKato Mivule
 
PPTX
Processing of Personal Data. What’s new?
byAwara Direct Search
 
PDF
databreach whitepaper
byPaige Schaffer
 
PPT
Gary Davis
bydri_ireland
 
PPT
Personal data protection and information security
byCharles Mok
 
PDF
A Survey On Data Leakage Detection
byIJERA Editor
 
PDF
Cyber Review_April 2015
byJames Sheehan
 
PDF
2013 cost of data breach study - France
byBee_Ware
 
DATA-PRIVACY-ACT OF THE PHILIPPINES*****
byNEILIANDUMANGAS
 
IT-TRENDS-FINALTERM understanding the self.pptx
byPaulJohnMadrigal
 
The Data Privacy Act of 2012 by Tristan Calaguas
byjane649083
 
Data Privacy Act in the Philippines
byShirley Ingles-Cruz
 
RA 10173 or the Data Privacy Act of 2012.pptx
byJordanJalbuna
 
DATA-PRIVACY-ACT OF 2012- draft only ppt.pptx
bygentlejosh3161
 
2019 Bar Notes On Data Privacy Act Data Privacy Act Of 2012
byMaria Perkins
 
Data privacy act of 2012 presentation
byKittelson & Carpo Consulting
 
Data privacy act of 2012.pdf
byrjrremolana
 
Rapid7 Report: Data Breaches in the Government Sector
byRapid7
 
Data breach protection from a DB2 perspective
byCraig Mullins
 
Personal Data and Information Classification under Data Privacy Act of the Ph...
byABLoveria
 
Applying Data Privacy Techniques on Published Data in Uganda
byKato Mivule
 
Processing of Personal Data. What’s new?
byAwara Direct Search
 
databreach whitepaper
byPaige Schaffer
 
Gary Davis
bydri_ireland
 
Personal data protection and information security
byCharles Mok
 
A Survey On Data Leakage Detection
byIJERA Editor
 
Cyber Review_April 2015
byJames Sheehan
 
2013 cost of data breach study - France
byBee_Ware
 

More from Belarusian Helsinki Committee

PDF
Лайфхаки для людей по общению с милицией
byBelarusian Helsinki Committee
 
PDF
Абарона персанальных дадзеных / Защита персональных данных / Protection of pe...
byBelarusian Helsinki Committee
 
PDF
7 причин отменить декрет о тунеядстве
byBelarusian Helsinki Committee
 
PDF
Подсказки и лайфхаки для сотрудников милиции
byBelarusian Helsinki Committee
 
PDF
Памятка для граждан по общению с милицией
byBelarusian Helsinki Committee
 
PDF
Милиция в Минске и области как сервис для людей
byBelarusian Helsinki Committee
 
PDF
Как Беларусь выполняет рекомендации ОБСЕ по улучшению процедуры выборов
byBelarusian Helsinki Committee
 
PDF
Смертная казнь в Беларуси. Что думают люди, 2013-2014.
byBelarusian Helsinki Committee
 
PPTX
Смертная казнь в Беларуси
byBelarusian Helsinki Committee
 
PDF
Студенту. Что нужно знать о распределении
byBelarusian Helsinki Committee
 
PDF
К административной ответственности привлекает начальник органа внутренних дел...
byBelarusian Helsinki Committee
 
PDF
Об открытости и гласности судов в Минске
byBelarusian Helsinki Committee
 
PDF
Студенты и дисциплинарка (замечание, выговор,отчисление) - знай свои права!
byBelarusian Helsinki Committee
 
PDF
Охрана магазинов и покупатели - права сторон
byBelarusian Helsinki Committee
 
Лайфхаки для людей по общению с милицией
byBelarusian Helsinki Committee
 
Абарона персанальных дадзеных / Защита персональных данных / Protection of pe...
byBelarusian Helsinki Committee
 
7 причин отменить декрет о тунеядстве
byBelarusian Helsinki Committee
 
Подсказки и лайфхаки для сотрудников милиции
byBelarusian Helsinki Committee
 
Памятка для граждан по общению с милицией
byBelarusian Helsinki Committee
 
Милиция в Минске и области как сервис для людей
byBelarusian Helsinki Committee
 
Как Беларусь выполняет рекомендации ОБСЕ по улучшению процедуры выборов
byBelarusian Helsinki Committee
 
Смертная казнь в Беларуси. Что думают люди, 2013-2014.
byBelarusian Helsinki Committee
 
Смертная казнь в Беларуси
byBelarusian Helsinki Committee
 
Студенту. Что нужно знать о распределении
byBelarusian Helsinki Committee
 
К административной ответственности привлекает начальник органа внутренних дел...
byBelarusian Helsinki Committee
 
Об открытости и гласности судов в Минске
byBelarusian Helsinki Committee
 
Студенты и дисциплинарка (замечание, выговор,отчисление) - знай свои права!
byBelarusian Helsinki Committee
 
Охрана магазинов и покупатели - права сторон
byBelarusian Helsinki Committee
 

Recently uploaded

PDF
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
PPTX
cybercrime in Information security .pptx
byismaeelsahib032
 
PDF
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
PDF
Security Technologys: Access Control, Firewall, VPN
byShielaLasala
 
PDF
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
PDF
API-First Architecture in Financial Systems
bycyy111112
 
PPTX
Cybersecurity Best Practices - Step by Step guidelines
byYasir Naveed Riaz
 
PPT
software-security-intro in information security.ppt
byismaeelsahib032
 
PPTX
AI's Impact on Cybersecurity - Challenges and Opportunities
byYasir Naveed Riaz
 
PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
PDF
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
PDF
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
PDF
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
PDF
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
PDF
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
PDF
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
PDF
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
PDF
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
PPTX
Unit-4-ARTIFICIAL NEURAL NETWORKS.pptx ANN ppt Artificial neural network
byssuserd4481a
 
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
cybercrime in Information security .pptx
byismaeelsahib032
 
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
Security Technologys: Access Control, Firewall, VPN
byShielaLasala
 
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
API-First Architecture in Financial Systems
bycyy111112
 
Cybersecurity Best Practices - Step by Step guidelines
byYasir Naveed Riaz
 
software-security-intro in information security.ppt
byismaeelsahib032
 
AI's Impact on Cybersecurity - Challenges and Opportunities
byYasir Naveed Riaz
 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
Day 3 - Data and Application Security - 2nd Sight Lab Cloud Security Class
by2nd Sight Lab
 
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
The year in review - MarvelClient in 2025
bypanagenda
 
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
Unit-4-ARTIFICIAL NEURAL NETWORKS.pptx ANN ppt Artificial neural network
byssuserd4481a
 

Personal data eng

  • 1.
    PROBLEM ISSUES IN PERSONAL DATAPROTECTION AT T H E N AT I O N A L L E V E L
  • 2.
    PREPARED BY THERHRPA "BELARUSIAN HELSINKI COMMITTEE"
  • 3.
    Use and protectionof personal data becomes more and more relevant issue because of development of informational technologies. Belarus is no exception. Many people know that our personal data is collected, summarized, and retained by state bodies. But not many people know which data is col- lected, how it is protected, what it is used for, and whom it is transferred to. This information will help you to fill this gap.
  • 4.
    Population Register Credit Register PersonalRecord-Keeping United State Delict Data Bank Dactyloscopy Registration Databank Database of nationals whose right to departure was temporarily restricted Mobile networks user database retained by the Ministry of Internal Affairs retained by the Ministry of Internal Affairs retained by the Ministry of Internal Affairs retained by the Social Protection Fund retained by the National Bank retained by mobile network operators Automated Information Data System "Raschet" retained by the National Bank retained by the Ministry of Internal Affairs DATABASES UNDER REVIEW
  • 5.
    Main criteria forcomparison of personal data databases Whether the register of users who enter the data is kept Whether the data users are registered Whether the purpose for retaining the data is provided Whether the closed register of the collected data is provided Whether the person is enabled to learn who got access to his data Whether the responsibility for leaks is stipulated Whether reasonable retention period is provided for the data Whether the data can be deleted CRITERIA FOR COMPARISON
  • 6.
    Population Register Credit Register PersonalRecord-Keeping United State Delict Data Bank Dactyloscopic Registration Database Database of nationals whose right to departure is temporarily restricted Mobile network users database Automated Information Data System "Raschet" Whether the register of users who enter the data is kept legislation regulates this issue no legislation regulates this issue or is too general legislation does not protect personal data Whether the closed register of the collected data is provided Whether reasonable retention period is provided for the data Whether the data users are registered Whether the person is enabled to learn who got access to his data Whether the data can be deleted Whether the purpose for retaining the data is provided Whether the responsibility for leaks is stipulated ASCERTAINED FEATURES
  • 7.
    The data useris registered automatically or manually The purposes for collecting and retaining data are too general and unspecific Authorized employees are responsible for illegal provision or distribution of personal data which they learned because of their official (work) duties,even after they ceased to perform them The data is retained permanently.When a person dies,his data is filed Population Register ASCERTAINED FEATURES
  • 8.
    ASCERTAINED FEATURES The insuredwho make payments,are registered when they access data; but the remote data access by the Ministry of Internal Affairs is not registered It can be enlarged with "other data which is needed to grant or pay a pension or an allowance" Responsibility for the leak is stipulated by the Administrative and Criminal Codes The data is retained for life,but it answers its purpose: granting and paying pensions Personal Record-Keeping
  • 9.
    Credit Register ASCERTAINED FEATURES Thedata user is registered when the interested party files an application and with the individual's consent.No such consent is needed if the data is requested by courts, law enforcement bodies,notaries (see the list of bodies in the Bank Code) The special law stipulates no responsibility for the leak.It stipulates administrative responsibility for divulgation of trade (or other) secret (clause 22.13 of the Administrative Code) The data is retained for 15 years after the credit agreement is terminated and the debt is discharged
  • 10.
    ASCERTAINED FEATURES The datais retained for 25 years after it is excluded (due to falsity) or filed (due to death or restrictions being lifted) Database of nationals whose right to departure was temporarily restricted
  • 11.
    Mobile networks userdatabase ASCERTAINED FEATURES The data is retained for not less than 5 years Data cannot be deleted
  • 12.
    Automated Information DataSystem "Raschet" ASCERTAINED FEATURES Data is retained for 3 years Data cannot be deleted
  • 13.
    United State DelictDatabase ASCERTAINED FEATURES The data user is registered by way of registration of the inquiry of an interested body or an official Retention period for crime data is 100 years; for delict data,it is 10 years. These periods are unreasonably long. For example,a person is not considered being held administratively liable in a year after he was called to account; there is no need to retain such data for more than 1 year.
  • 14.
    ASCERTAINED FEATURES The datauser is registered by way of registration of the inquiry of an interested body or an official The purposes for collecting and retaining data are too general and unspecific Dactyloscopic information is retained not less than until the person is 80 years old, or dead,or has retired or resigned Data can be deleted when the retention period is over,or when a written application is filed in case the registration was voluntary,or if the suspicions have not been confirmed Dactyloscopic Registration Database
  • 15.
    Databases which retainit* full name & patronimyc identification number sex date of birth birthplace digital portrait photo citizenship place of residence death information disability, legal incapacity nearest relations marriage wardship, guardianship status of being working, unemployed, inactive tax liabilities military duty education academic degree (rank) labor activity pensions, support compulsory insurance credits electric communication service AIDS "Raschet" data departure restriction crimes and delicts data dactyloscopic information Population Register Credit Register Personal Record-Keeping Dactyloscopic Registration Database Database of nationals whose right to departure is temporarily restricted Mobile networks users database Automated Information Data System "Raschet" United State Delict Data Bank PERSONAL DATA *main databases are listed
  • 16.
    Entities which enterit to these databases full name & patronimyc identification number sex date of birth birthplace digital portrait photo citizenship place of residence death information disability, legal incapacity nearest relations marriage wardship, guardianship status of being working, unemployed, inactive tax liabilities military duty education academic degree (rank) labor activity pensions, support compulsory insurance credits electric communication service AIDS "Raschet" data departure restriction crimes and delicts data dactyloscopic information Ministry of Internal Affairs Social Protection Fund State Security Committee Ministry for Emergency Situations Military registration and enlistment offices Ministry of taxation Ministry of Education Belgosstrakh Executive committees Courts Civil Registry Offices National Bank Operations and Analysis Center under the President of the Republic of Belarus Presidential Security Service Service providers Ministry of Defense Higher Attestation Commission PERSONAL DATA
  • 17.
    There is noclear understanding what personal data is Personal data is retained in several databases Total registration of personal data accesses is not implemented Information about national’s data users is inaccessible There is no real responsibility for illegal access and divulgence of personal data There is no uniform approach to retention periods It is impossible to delete personal data by request MAIN CONCLUSIONS
  • 18.
    Definitions stipulated bythe laws on population register and on information, informatization and information security,differ in scope.The law on register contains an exhaustive definition; the law on information attributes any data that can help identify the person to it.Such non-coordination of the key definition makes uniform approach to legal regulation of this sphere impossible. MAIN CONCLUSIONS There is no clear understanding what personal data is
  • 19.
    Personal data isretained in different databases Though the law on population register stipulates that the Ministry of Internal Affairs is the body responsible for the personal data databases,other bodies have their own databases with such information (National Bank retains credit histories, Social Protection Fund retains state social insurance data). MAIN CONCLUSIONS
  • 20.
    Total registration ofpersonal data accesses is not implemented National legislation contains no uniform approach to registration of the access to the personal data.The law on population register stipulates that each fact of access to the population register data should be registered online.Legislation contains no such requirement to personal data retained in other databases. MAIN CONCLUSIONS
  • 21.
    Information about national’sdata users is inaccessible National legislation does not regulate the right of a national to be informed about who,when and why has got access to his personal data. MAIN CONCLUSIONS
  • 22.
    There is noreal responsibility for illegal access and divulgence of personal data Though the legislation stipulates responsibility for the leak and illegal access to personal data,it would be extremely difficult to prove guilt of any specific official in practice as the legislation does not oblige to register each fact of access to it. MAIN CONCLUSIONS
  • 23.
    There is nouniform approach to retention periods National legislation does not contain uniform approach to the period of retention of personal data.International legal regulations of the personal data protection provide necessity to limit such periods to the duration needed to achieve the purpose of the data retention; Belarusian legislation stipulates that such periods can last until the national dies. ОСНОВНЫЕ ВЫВОДЫ
  • 24.
    It is impossibleto delete personal data by request The "to be forgotten"principle which has been formulated in international standards,is not implemented in various personal data databases.Databases which somehow have such option have unreasonably long retention periods for personal data. ОСНОВНЫЕ ВЫВОДЫ
  • 25.
    RHRPA “Belarusian HelsinkiCommittee” 220036, Republic of Belarus Minsk, Karl Liebknecht Street 68 Office 1201 Phone: +375 17 222-48-00 Fax: +375 17 222-48-01 Email: office@belhelcom.org BELHELCOM.ORG FACEBOOK.COM/ BELHELCOM