Concise and to the point with ALRUD: HR & DIGITAL (?8)
by Irina Anyukhina
The State Duma will consider a draft law on the possibility for the plaintiff to receive personal data (“PD”) of the defendant
Amendments are planned to be made to the ****Civil Procedure Code**** of the Russian Federation. It is proposed to grant the plaintiff the right to file a ****motion**** to the court for assistance in ****establishing information about the defendant****, which is necessary to file a claim in court, but the plaintiff does not have.
In addition, if the law is adopted, the court will be able to independently determine the ****ist of data**** about the defendant necessary to accept the claim.
More than half of the surveyed small and medium-sized businesses are not ready for tougher sanctions for PD leaks
Less than half of Russian companies (44%) from the ****SMB segment**** have managed to ****review their PD protection measures**** against the background of possible tightening of sanctions for their leaks. 50% of companies have not even studied the amendments in detail, and some do not plan to strengthen protection at all yet.
Some of the respondents (45%) expect to strengthen protective processes ****“within a year”****, another 8% - ****“in the next six months”****. There are also those (4%) who do not plan to review the protection at all yet. At least 32% of SMB respondents are concerned about ****reputational risks**** from sanctions. 68% of respondents are concerned about ****financial losses****, including from the imposition of fines.
It is noteworthy that only 43% of respondents have conducted an audit of PD processing processes over the past 3 years, 11% conducted an audit more than 3 years ago. Almost a quarter (21%) have never conducted an audit at all. 25% of the respondents could not give an answer to this question.
We remind you that the draft laws on ****administrative and criminal liability for PD leaks**** are planned to be finally considered this ****spring session of the State Duma****. Regardless of the adoption of these bills in this session, we recommend that data controllers be prepared to tighten liability for PD leaks. To this end, companies should conduct an ****audit of PD processing processes and an IT security audit****.
A draft law on the right of the Federal Tax Service to transfer information that constitutes a tax secret to interdepartmental commissions has been adopted in the first reading
According to the new law on employment, ****interdepartmental commissions**** on combating ****illegal employment**** will be created in the regions of the Russian Federation. They have the right to receive from various authorities, including the ****tax service****, PD and information constituting a ****tax secret****.
They want to extend the effect of the tax secrecy regime to cases where the tax authorities transfer relevant information and information to interdepartmental commissions of the subjects of the Russian Federation and territorial bodies of the ****Federal Service for Labour and Employment (Rostrud)****.
Following the results of the prosecutor's office's inspection, the DPO of the company was brought to administrative liability
The ****Prosecutor's office**** of the Kirovsky district of Saratov conducted an inspection of compliance with legislation in the field of PD protection in a medical company. During the supervisory activities, together with a specialist of the ****Roskomnadzor Department**** for the Saratov region, a fact of ****illegal dissemination of a database containing PD of clients****, in particular ****phone numbers**** and ****full names****, was revealed.
According to this fact, the district prosecutor's office initiated an administrative offense case under Part 1 of Article 13.11 of the Administrative Code of the Russian Federation ****against a responsible official of a medical company****. According to the results of the consideration of the case, the DPO was sentenced to an ****administrative fine in the amount of RUB 10,000 (approx. USD 112, EUR 103)****.
Question
Can an employer track the ****location**** of employees through their personal smartphones?Can an employer track the location of employees through their ****personal smartphones****?
Answer from Rostrud
The employer has the right to monitor the employee through an ****application in a mobile phone****, if this is related to the ****performance of job duties****. We additionally note the need to obtain the ****consent of employees to track and process PD****.