Concise and to the point with ALRUD: HR & DIGITAL (?3)
Earlier, we informed about the position of the GIT of the Nizhny Novgorod Region that if the employer’s ****local policy**** prohibits the ****disclosure**** of the ****salary**** of other employees, then employees who view another employee’s pay slip and disclose his/her salary may be ****disciplined****.
The ****Ministry of Labour**** reminded: the employer shall adopt local policies aimed at ****protecting the personal data**** (“PD”) of employees, with which the latter must be ****familiarized**** under signature. Only in this case, when an employee discloses the salary of other employees, the perpetrator may be disciplined by making a ****warning****, ****reprimand****, and even ****dismissed**** (Letter of the Ministry of Labour No. 14-6/OOG-1418 dated 11 March 2024).
We recommend that companies monitor the availability and correct content of local policies in relation to the processing of personal data of employees, since local policies may be pivotal and crucial in the case of decisions on bringing employees to disciplinary liability.
Microsoft may delay blocking of cloud services in Russia
As we reported, the ****12th sanctions package**** of the European Union, introduced on 19 December 2023, included ****restrictions**** on the ****supply of various software**** to Russia. Until 20 March 2024, a ****transitional period**** was established to stop the existing export of such goods. The media reported on the ****possible postponement**** of the suspension of access to**** Microsoft cloud services**** in Russia.
At the same time, subscriptions to products such as Teams, OneDrive, Azure, Office 365, and all web services (including free ones) will definitely be blocked. Keys on MS Visio and Office will also be blocked, and Security Updates (WSUS) will not be delivered.
We remind you that the potential postponement ****does not cancel the restrictions imposed****, but will provide the necessary time to create data backups and configure an ****alternative IT infrastructure****.
The Council of Federation proposed to oblige companies to have a reserve to pay compensation for PD leaks
The main idea of the initiative is for companies that process PD to have ****financial security**** to compensate for harm to PD subjects. This may be a ****policy**** from an insurance company, a ****bank guarantee****, or a document confirming the availability of a ****reserve fund**** within the company.
There is no final decision yet on whether the measure will be implemented in the legislation and apply to all PD controllers or only to those who have more than a ****certain number of PD records**** in the information system. Besides, there is no consensus in the Council of Federation on what will be an ****insured event**** and what will be the ****limits of the insurance amount**** for payments to affected citizens; it is assumed that the amount of payment will depend on the ****level of PD**** – the more ****sensitive**** the leaked information, the greater the insurance amount.
Question
Is the employee’s identification number his PD?
Answer of the Ministry of Digital Development, Communications and Mass Media
Given that the identification number cannot be assigned to another employee, it allows to identify a specific employee, and, therefore, is a PD.
Answer of Roskomnadzor
The employee’s identification number compiles his PD only in combination with other information (for example, with the employee’s full name).
Link to article