Not all CT pancake week, or CT does not walk by itself

The categorization of information in the Russian Federation today is quite extensive. There are more than 50 types of secrets alone. Today we will consider one of them, but, in our opinion, very important in the context of corporate protection against internal threats to information security - a trade secret (hereinafter referred to as KT).

Based on the Federal Law (hereinafter the Federal Law), we will analyze and logically decompose the goals, objectives and features of the introduction of the CT regime, as well as a combination of the CT law with other regulatory acts. The analysis will be carried out in the context of corporate protection against internal threats to information security. For the convenience of perception of information, we “marinated” all this in infographics, the full version of which is presented at the end of the article.

Why is CT just so important from the point of view of building an integrated system of corporate protection against internal threats to information security? There are several reasons for answering this question. Firstly, the procedures associated with the introduction of the CT mode, quite transparently complement the audit of information security and information assets of the organization, which in turn provides a competent, effective configuration of the DLP (Data Leak Prevention) system. Secondly, you can designate the following bunch:
')
No mode - no CT.
No CT - no defense in court.
No DLP - CT mode is ineffective.

We decipher this link. If we want to defend our legitimate rights and interests in court with maximum effect in the event of confidential information that constitutes a CT leak, then we introduce the appropriate regime provided for by the Federal Law. We want to minimize risks as much as possible, and also to have sufficient evidence in court in the event of a leak, we introduce a DLP system that will ensure the collection and fixation of these materials.

Thus, on the one hand, we take care not to “step on our necks”, for example, not to violate the rights of workers, on the other - how the law helps us, for example, in court when stealing confidential information, and with what tools we we will prove it.

So, the Federal Law of July 29, 2004 No. 98- (as amended on March 12, 2014) “On Commercial Secrets” (hereinafter the Federal Law).

At the beginning of the journey, everything is “gloomy” (this is about infographics, including :), but we will consistently move forward and in the final everything will be clear: why, how and why? as they say "without a single cloud in the sky." Immediately, we note that this article does not aim at describing the details of the documentary processes for introducing the CT regime. Documentary templates are publicly available, easy to understand and are not of interest in this context of consideration of the problem.



The main purpose of the Federal Law is to regulate relations on the establishment, change and termination of the CT regime aimed at protecting information constituting a commercial secret.

The Federal Law formulates the conceptual apparatus. Consider the basic concepts that we need when considering the features of the introduction of the CT mode.

“.. A trade secret is the mode of confidentiality of information, which allows its owner to increase incomes under existing or possible circumstances, avoid unnecessary expenses, maintain a position in the market for goods, works, services, or obtain other commercial benefits ..”

Now consider what information may contain commercial secrets in terms of the Federal Law.

".. Information constituting a commercial secret - information of any nature (production, technical, economic, organizational and others), including the results of intellectual activity in the scientific and technical sphere, as well as information about the ways of carrying out professional activity that have real or potential commercial value due to their unknownness to third parties, to whom third parties do not have free access on a legal basis and for which the owner of such information has entered n trade secret mode .. "

Next we will move on the constituent elements of the law, grouped by us in meaning.

The Federal Law defines the subjects of legal relations:

“...
• owner of information constituting a trade secret - a person who owns information constituting a trade secret, on a legal basis, has restricted access to this information and established in relation to its mode of trade secret;
• counterparty - a party to a civil contract by which the owner of the information constituting a commercial secret has transmitted this information;
.. "

The Federal Law defines the methods for transmitting information related to CT:

“...
• Information constituting a trade secret received from its owner on the basis of a contract or other legal basis is considered legally obtained.
• Information constituting a trade secret owned by another person is considered illegally obtained if it was obtained by deliberately overcoming the measures taken to protect the confidentiality of this information taken by the owner of the information constituting a trade secret, and if the person receiving this information knew or had sufficient reason to believe that this information constitutes a commercial secret owned by another person and that the person transmitting this information is not is the transmission of this information legally.
.. "

Also, the Federal Law defines the right of the information owner to assign information to CT. In other words, the information owner independently determines which information to refer to CT.

FZ defines actions with information related to CT:

“...
• access to information constituting a commercial secret - acquaintance of certain persons with information constituting a commercial secret, with the consent of its owner or on other legal basis, provided that the confidentiality of this information is preserved;
• transfer of information constituting a commercial secret - the transfer of information constituting a trade secret and recorded on a tangible medium, its owner to the counterparty on the basis of the contract in the amount and conditions stipulated by the contract, including the condition that the counterparty takes measures to protect its confidentiality;
• provision of information constituting a commercial secret - the transfer of information constituting a commercial secret and recorded on a tangible medium, its owner to public authorities, other government bodies, local governments in order to fulfill their functions; the owner of information constituting a commercial secret, upon the motivated request of a state authority, other state body, local self-government body, provides them free of charge the information constituting a commercial secret. A motivated claim must be signed by an authorized officer, contain an indication of the purpose and legal basis for requesting information constituting a commercial secret, and the deadline for providing this information, unless otherwise established by federal laws.
• disclosure of information constituting a commercial secret - an act or inaction, as a result of which information constituting a commercial secret, in any possible form (oral, written, other form, including using technical means) becomes known to third parties without the consent of information, or contrary to the employment or civil law contract.
.. "

The Federal Law defines the rights of the information owner:



The owner of information constituting a commercial secret has the right to:

“...
1) to establish, modify, cancel in writing the regime of a trade secret in accordance with this Federal Law and civil-law contract;
2) use information constituting a commercial secret for their own needs in a manner not contradicting the legislation of the Russian Federation;
3) to allow or prohibit access to information constituting a commercial secret, to determine the procedure and conditions for access to this information;
4) to demand from legal entities, individuals who have access to information constituting a commercial secret, public authorities, other state bodies, local self-government bodies who have been provided with information constituting a commercial secret, compliance with the obligations to protect its confidentiality;
5) to require from persons who have obtained access to information constituting a commercial secret, as a result of actions taken by accident or by mistake, the protection of the confidentiality of this information;
6) to protect, in the manner prescribed by law, their rights in case of disclosure, unlawful receipt or unlawful use by third parties of information constituting a commercial secret, including claiming compensation for damages caused in connection with the violation of his rights.
.. "

The Federal Law defines the measures for the protection of information privacy:



Labor Protection:



In addition to the duties of the employer and the employee, this item of the Federal Law also reflects some of their rights and requirements:

“...
1. An employee has the right to appeal in court against the unlawful establishment of a trade secret regime in respect of information to which he has access in connection with the performance of his job duties.
2. An employee’s access to information constituting a commercial secret shall be carried out with his consent, if this is not provided for by his job duties.
3. Damage caused by an employee or a person terminating his employment relationship with an employer is not reimbursed if the disclosure of information constituting a commercial secret occurred as a result of the employer's failure to comply with measures to ensure commercial secrecy, third-party actions or irresistible force.
4. The employment contract with the head of the organization should provide for his obligations to protect the confidentiality of information constituting a commercial secret, the owner of which is the organization and its contractors, and the responsibility to protect the confidentiality of this information.
5. The head of the organization shall reimburse the organization for the losses caused by his guilty actions in connection with the violation of the legislation of the Russian Federation on trade secrets. In this case, losses are determined in accordance with civil law.
.. "

The owner of information constituting a commercial secret has the right to apply, if necessary, means and methods for technically protecting the confidentiality of this information, other measures that do not contradict the legislation of the Russian Federation.

In order to increase the effectiveness of the application of this regime in an organization, it is necessary to take into account legal restrictions on the assignment of information to CT.



This list consists of 11 items. Reflect them for the protocol :-):

“...
1) contained in the constituent documents of a legal entity, documents confirming the fact of making entries about legal entities and individual entrepreneurs in the relevant state registers;
2) contained in documents giving the right to conduct business activities;
3) on the composition of the property of a state or municipal unitary enterprise, state institution and their use of funds from the corresponding budgets;
4) environmental pollution, state of fire safety, sanitary-epidemiological and radiation environment, food safety and other factors that have a negative impact on the safe operation of production facilities, the safety of every citizen and the safety of the population as a whole;
5) on the number, on the composition of workers, on the wage system, on working conditions, including on occupational safety, on indicators of industrial injuries and occupational morbidity, and on the availability of vacancies;
6) on the debt of employers for the payment of wages and other social benefits;
7) violations of the legislation of the Russian Federation and the facts of bringing to responsibility for the commission of these violations;
8) on the conditions of tenders or auctions for the privatization of state or municipal property;
9) on the size and structure of incomes of non-profit organizations, on the size and composition of their property, on their expenses, on the number and remuneration of their employees, on the use of free labor of citizens in the activities of a non-profit organization;
10) on the list of persons entitled to act without a power of attorney on behalf of a legal entity;
11) mandatory disclosure of which or the inadmissibility of restricting access to which is established by other federal laws.
.. "

And in the conclusion of the Federal Law the responsibility for violation of the law is determined in accordance with the legislation of the Russian Federation.



In particular:

1. Administrative responsibility:

• Code of Administrative Offenses, article 13.12, p. 6 (violation of information protection rules)
• CAO article 13.14 (disclosure of information with limited access)
• KoAP Article 7.12 (violation of copyright and related rights, inventive and patent rights)

2. Civil liability:

• Civil Code of the Russian Federation, article 1253 (particularities of responsibility of the information mediator)
• Civil Code of the Russian Federation Article 1301 (liability for violation of the exclusive right to work)
• of the Civil Code of the Russian Federation, article 1472 (liability for violation of the exclusive right to a secret of production)

3. Criminal liability:

• of the Criminal Code of Art. 183 (illegal receipt and disclosure of information constituting commercial, tax or bank secrecy)
• Criminal Code of the Russian Federation, Art. 147 (violation of inventive and patent rights)

4. Disciplinary liability:

• of the Labor Code of the Russian Federation, Article 81 (termination of an employment contract at the initiative of the employer)
• TK RF Art. 243 (cases of full liability)

Next, we consider how the Federal Law “On Trade Secrets” is associated and correlated with other legislation. Let's call this section “Legislative Hub”:



1. “The Civil Code of the Russian Federation (Part Four)” dated December 18, 2006 N 230-FZ (as amended on 07/03/2016, as amended of December 13, 2016) (as amended and added, entered into force on January 1 .2017).
Chapter 75. The right to a secret production (know-how).
Article 1465. The secret of production (know-how).

The definition of information constituting a trade secret, formulated by the Federal Law, overlaps with the concept of production secrets reflected in the Civil Code of the Russian Federation:

The secret of production (know-how) is information of any nature (production, technical, economic, organizational and others) about the results of intellectual activity in the scientific and technical sphere and about the ways of carrying out professional activities that have real or potential commercial value due to their unknown to third parties, if such information from third parties does not have free access on a legal basis and the holder of such information takes reasonable steps to comply with their confidences ntsialnosti, including by introducing a regime of trade secrets.

Thus, the very concept of information constituting a commercial secret is much broader and includes not only information about the results of intellectual activity in the scientific and technical sphere and the methods of carrying out professional activity.

2. Federal Law of 27.07.2006 N 149-FZ (as amended on 06.06.2017) “On Information, Information Technologies and on the Protection of Information”.

The Federal Law “On Information, Information Technologies and Information Protection” clearly divides information into publicly accessible and restricted access regulated by relevant federal laws. In particular, Clause 2, Article 5 of this Federal Law states that “Information, depending on the category of access to it, is divided into publicly available information, as well as information, access to which is restricted by federal laws (information of limited access)”.

Article 8 of this law reflects the right of access to information, but at the same time “sends” us to other Federal Laws, where a broader list of such information is given. In our case, we considered this classification above when we talked about CT.

3. Presidential Decree No. 188 of March 6, 1997, “On Approving the List of Confidential Information” (with amendments and additions) defines this list, highlighting in it the CT scan:

“...
• Information about the facts, events and circumstances of a citizen’s private life, allowing him to identify his identity (personal data), with the exception of information that is subject to distribution in the media in cases established by federal laws.
• Information constituting a secret of the investigation and legal proceedings, information about persons in respect of whom in accordance with federal laws of April 20, 1995 N 45- “On state protection of judges, law enforcement and supervisory officials” and of August 20, 2004 . N 119- « , », , , , .
• , ( ).
• , , (, , , , , , ).

• , , ( ).

• , .
• , , , , , 2 2007 . N 229- « ».
..»

4. « ( )» 31.07.1998 N 146- (. 28.12.2016) ( . ., . 01.07.2017).
102. .



, .

«… , , , , , :
1) , – ( ). ( ) , , , , , ;
2) ;
3) ( ) ;
4) () (), , () ( , );
5) , , ;
6) , 27 2010 N 210- « »;
7) , , ;
8) ( , - ) , , , ;
9) , - «» 1.1 ;
10) , - «» 1.1 , ( ) (), , , , ;
11) () , - «» 1.1 ;
12)
13) ..»
..»

« » (. 08.05.2015).
3. , .
16. .

«… , , , (), , , , — ..»

, , DLP , , .