The legal regime of information resources
The legal regime of information resources is determined by the norms establishing:
the procedure for documenting information;
ownership of individual documents and their arrays;
the category of information by the level of access to it;
the procedure for the legal protection of information.
The State has the right to purchase documented information from individuals and legal entities in case this information is classified as a state secret.
The owner of information resources containing information classified as a state secret has the right to dispose of this property only with the permission of the relevant state authorities.
The state information resources of the Russian Federation are open and publicly accessible, with the exception of documented information classified by law as restricted access.
Documented information with limited access under the terms of its legal regime is divided into information classified as a state secret and confidential.
The information protection mode is set:
in relation to information classified as a state secret - by authorized bodies on the basis of the Law of the Russian Federation "On State Secrets" dated 09/21/93 No. 182-FZ;
in relation to confidential information - by the owner of information resources or an authorized person on the basis of the Federal Law "On Information, Information Technologies and Information Protection dated 07/27/2006 No. 149-FZ;
in relation to personal data - Federal Law "On Personal Data" dated 07/27/2006 No. 152-FZ.
Public authorities and organizations responsible for the formation and use of information resources subject to protection, developing and applying information technologies for the formation and use of information resources with limited access, are guided in their activities by the Legislation of the Russian Federation.
Control over compliance with information protection requirements and the operation of special software and hardware protection tools, as well as ensuring organizational measures to protect information resources processing information with limited access in non-governmental structures, is carried out by public authorities.
The owner of information resources has the right to monitor compliance with information protection requirements and prohibit or suspend the processing of information in case of non-compliance with these requirements.
The risk associated with the use of non-certified systems and facilities lies with the owner(s) of these systems and facilities. The risk associated with the use of information obtained from a non-certified system lies with the consumer of the information.
Personal data belongs to the category of confidential information, however, lists of these data must be fixed at the level of federal law. In this regard, the activities of non-governmental organizations and individuals related to the processing and presentation of personal data to users are subject to mandatory licensing.
All information systems, databases and data banks designed to provide information services to citizens and organizations are subject to certification.
Automated systems of public authorities that process documented information with limited access, as well as the means of protecting these systems, are subject to mandatory certification. Organizations that perform work in the field of design, production of information security tools and personal data processing receive licenses for this type of activity.
The Law provides for the protection of the rights of access to information. Denial of access to public information or provision of knowingly unreliable information to users may be appealed in court.
In all cases, persons who have received false information have the right to compensation for the damage they have suffered.
Managers and other employees of public authorities and organizations guilty of illegally restricting access to information and violating the information protection regime are liable in accordance with criminal, civil and administrative law.
The characteristic of the concept of "information", the allocation of the main properties of information are the key points in determining what is subject to protection.
There are three main properties of information (confidentiality, integrity and accessibility), the protection of which ensures the preservation of the value of information.
Information is an object of ownership and information relations are regulated by relevant legislative and regulatory acts.
Information resources are classified depending on the type of mystery they reflect.
