P R O B L E M I S S U E SI N P E R S O N A LD ATA P R O T E C T I O NAT T H E N AT I O N A L L E V E L
P R E PA R E D BY T H E R H R PA " B E L A R U S I A N H E L S I N K I C O M M I T T E E "
Use and protection of personal data becomes more and more relevant issue because of development of informational technologies. Belarus is no exception.
Many people know that our personal data is collected, summarized, and retained by state bodies. But not many people know which data is col-lected, how it is protected, what it is used for, and whom it is transferred to.
This information will help you to fill this gap.
Population Register
Credit Register
Personal Record-Keeping
United State Delict Data Bank
Dactyloscopy RegistrationDatabank
Database of nationalswhose right to departurewas temporarily restricted
Mobile networks user database
retained by the Ministry of Internal Affairs
retained by the Ministry of Internal Affairs
retained by the Ministry of Internal Affairs
retained by the Social Protection Fund
retained by the National Bank
retained by mobile network operators
Automated InformationData System "Raschet"retained by the National Bank
retained by the Ministry of Internal Affairs
D ATA B A S E S U N D E R R E V I E W
Main criteria for comparison of personal data databases
Whether the registerof users who enter the data is kept
Whether the datausers are registered
Whether the purpose for retaining the data is provided
Whether the closedregister of the collecteddata is provided
Whether the personis enabled to learn whogot access to his data
Whether the responsibilityfor leaks is stipulated
Whether reasonableretention periodis provided for the data
Whether the data can be deleted
C R I T E R I A F O R C O M PA R I S O N
Population Register
Credit Register
Personal Record-Keeping
United State Delict Data Bank
Dactyloscopic RegistrationDatabase
Database of nationals whose rightto departure is temporarily restricted
Mobile network users database
Automated InformationData System "Raschet"
Whether the registerof users who enter
the data is kept
legislation regulates this issue
no legislation regulatesthis issue or is too general
legislation does not protectpersonal data
Whether the closedregister of the collected
data is provided
Whether reasonableretention period is
provided for the dataWhether the data
users are registeredWhether the person
is enabled to learn whogot access to his data
Whether the datacan be deleted
Whether the purposefor retaining the data
is provided
Whetherthe responsibility
for leaks is stipulated
A S C E R TA I N E D F E AT U R E S
The data user is registered automatically or manually
The purposes for collecting and retaining data are too general and unspecific
Authorized employees are responsible for illegal provision or distribution of personal data which they learned because of their official (work) duties, even after they ceased to perform them
The data is retained permanently. When a person dies, his data is filed
Population Register
A S C E R TA I N E D F E AT U R E S
A S C E R TA I N E D F E AT U R E S
The insured who make payments, are registered when they access data; but the remote data access by the Ministry of Internal Affairs is not registered
It can be enlarged with "other data which is needed to grant or pay a pension or an allowance"
Responsibility for the leak is stipulated by the Administrative and Criminal Codes
The data is retained for life, but it answers its purpose: granting and paying pensions
Personal Record-Keeping
Credit Register
A S C E R TA I N E D F E AT U R E S
The data user is registered when the interested party files an application and with the individual's consent. No such consent is needed if the data is requested by courts, law enforcement bodies, notaries (see the list of bodies in the Bank Code)
The special law stipulates no responsibility for the leak. It stipulates administrative responsibility for divulgation of trade (or other) secret (clause 22.13 of the Administrative Code)
The data is retained for 15 years after the credit agreement is terminated and the debt is discharged
A S C E R TA I N E D F E AT U R E S
The data is retained for 25 years after it is excluded (due to falsity) or filed(due to death or restrictions being lifted)
Database of nationals whose right to departure was temporarily restricted
Mobile networks user database
A S C E R TA I N E D F E AT U R E S
The data is retained for not less than 5 years
Data cannot be deleted
Automated Information Data System "Raschet"
A S C E R TA I N E D F E AT U R E S
Data is retained for 3 years
Data cannot be deleted
United State Delict Database
A S C E R TA I N E D F E AT U R E S
The data user is registered by way of registration of the inquiry of an interested body or an official
Retention period for crime data is 100 years; for delict data, it is 10 years. These periods are unreasonably long.
For example, a person is not considered being held administratively liable in a year after he was called to account; there is no need to retain such data for more than 1 year.
A S C E R TA I N E D F E AT U R E S
The data user is registered by way of registration of the inquiry of an interested body or an official
The purposes for collecting and retaining data are too general and unspecific
Dactyloscopic information is retained not less than until the person is 80 years old, or dead, or has retired or resigned
Data can be deleted when the retention period is over, or when a written application is filed in case the registration was voluntary, or if the suspicions have not been confirmed
Dactyloscopic Registration Database
Databases which retain it*full name & patronimycidentification numbersexdate of birthbirthplacedigital portrait photocitizenshipplace of residencedeath informationdisability, legal incapacitynearest relationsmarriagewardship, guardianshipstatus of being working, unemployed, inactivetax liabilitiesmilitary dutyeducationacademic degree (rank)labor activitypensions, supportcompulsory insurancecreditselectric communication serviceAIDS "Raschet" datadeparture restrictioncrimes and delicts datadactyloscopic information
Population Register
Credit Register
Personal Record-Keeping
Dactyloscopic RegistrationDatabase
Database of nationals whose right to departureis temporarily restricted
Mobile networks usersdatabase
Automated Information Data System "Raschet"
United State Delict Data Bank
P E R S O N A L D ATA
*main databases are listed
Entities which enter it to these databasesfull name & patronimycidentification numbersexdate of birthbirthplacedigital portrait photocitizenshipplace of residencedeath informationdisability, legal incapacitynearest relationsmarriagewardship, guardianshipstatus of being working, unemployed, inactivetax liabilitiesmilitary dutyeducationacademic degree (rank)labor activitypensions, supportcompulsory insurancecreditselectric communication serviceAIDS "Raschet" datadeparture restrictioncrimes and delicts datadactyloscopic information
Ministry of Internal Affairs
Social Protection FundState Security Committee
Ministry for Emergency Situations
Military registrationand enlistment offices
Ministry of taxation
Ministry of Education
Belgosstrakh
Executive committeesCourts
Civil Registry OfficesNational Bank
Operations and Analysis Centerunder the President
of the Republic of BelarusPresidential Security Service
Service providers
Ministry of Defense
Higher Attestation Commission
P E R S O N A L D ATA
There is no clear understandingwhat personal data is
Personal data is retainedin several databases
Total registrationof personal data accessesis not implemented
Information about national’sdata users is inaccessible
There is no real responsibility for illegal access and divulgenceof personal data
There is no uniform approachto retention periods
It is impossible to deletepersonal data by request
M A I N C O N C L U S I O N S
Definitions stipulated by the laws on population register and on information, informatization and information security, differ in scope. The law on register contains an exhaustive definition; the law on information attributes any data that can help identify the person to it. Such non-coordination of the key definition makes uniform approach to legal regulation of this sphere impossible.
M A I N C O N C L U S I O N S
There is no clear understanding what personal data is
Personal data is retained in different databases
Though the law on population register stipulates that the Ministry of Internal Affairs is the body responsible for the personal data databases, other bodies have their own databases with such information (National Bank retains credit histories, Social Protection Fund retains state social insurance data).
M A I N C O N C L U S I O N S
Total registration of personal data accessesis not implemented
National legislation contains no uniform approach to registration of the access to the personal data. The law on population register stipulates that each fact of access to the population register data should be registered online. Legislation contains no such requirement to personal data retained in other databases.
M A I N C O N C L U S I O N S
Information about national’s data usersis inaccessible
National legislation does not regulate the right of a national to be informed about who, when and why has got access to his personal data.
M A I N C O N C L U S I O N S
There is no real responsibility for illegal access and divulgence of personal data
Though the legislation stipulates responsibility for the leak and illegal access to personal data, it would be extremely difficult to prove guilt of any specific official in practice as the legislation does not oblige to register each fact of access to it.
M A I N C O N C L U S I O N S
There is no uniform approach to retention periods
National legislation does not contain uniform approach to the period of retention of personal data. International legal regulations of the personal data protection provide necessity to limit such periods to the duration needed to achieve the purpose of the data retention; Belarusian legislation stipulates that such periods can last until the national dies.
О С Н О В Н Ы Е В Ы В О Д Ы
It is impossible to delete personal data by request
The "to be forgotten" principle which has been formulated in international standards, is not implemented in various personal data databases. Databases which somehow have such option have unreasonably long retention periods for personal data.
О С Н О В Н Ы Е В Ы В О Д Ы
RHRPA “Belarusian Helsinki Committee”
220036, Republic of BelarusMinsk, Karl Liebknecht Street 68Office 1201
Phone: +375 17 222-48-00Fax: +375 17 222-48-01Email: [email protected]
BELHELCOM.ORG FACEBOOK.COM/BELHELCOM
Top Related