Biography: Sergey M. Avdoshin Prof. Avdoshin is corresponding member of World Academy of Sciences for Complex Security and Associate Academician of World Informatization Academy. Biography: Alexandra A. Savelieva Alexandra
Savelieva is a post-graduate student at Higher School of Economics.
Under the supervision of Dr. Prof. Avdoshin she has been engaged in
research work in cryptography and cryptanalysis since her 3rd year in
Russian State Technological University where she obtained a BSc in
Computer Science degree with honors in
2006. Alexandra was recognized for outstanding research results by
The Ministry of Education and Science of the Russian Federation
(Diploma for the best students’ research in 2006). She continued
her education at Higher School of Economics and received a MSc in
Business Informatics, honors, in 2008. For her strong academic
achievements, she was a President’s scholar in 2006/2008 and
Russian Government scholar in 2007/2008, 2008/2010. Alexandra has
received support from a government grant for her PhD research
project. As of September 2008, Alexandra took a part-time job of a lecturer at Higher School of Economics. She is actively participating in the life of research communities in Russia by reporting the research results at professional conferences and workshops on Information Security and Software Engineering. Alexandra has over 30 publications on solving linear systems over residue rings, cryptanalysis methods, practical application of cryptography in software products, and efficiency of investments in information security systems. Personal Data Protection in Russia: Trends of the Last Decade Alexandra A. Savelieva, Sergey M. Avdoshin, PhD In this paper, we are analyzing the effect that the Federal Law on Personal Data has had on different areas of life in the Russian Federation.
Index Terms — PII, Federal Law on Personal Data, international security agreements.
The society in Russia has been very agitated by the implementation of Federal Law of the Russian On Personal Data. In the below sections we will outline the areas which directly or indirectly have been affected by the law.
Business: Obligations and Threats o After years of ad-hoc implementation and usage of information systems, companies finally need to rethink their strategy in IT and security. o CIO and CSO get the ground to justify investments in their projects. BUT: o A new type of attack can be launched by unfair competitors commonly referred to as ‘Personal Data DoS attack’ o Companies that sell personal data for money via web sites registered outside of Russia remain our of control o Recruiting services, shopping sites and any other business that is using customer personalized profile are in danger when it comes to compliance with the Law
IT Industry: Challenges and Opportunities o Evergrowing demand for consulting services has created a new market niche for IT companies capable of providing appropriate services BUT: o This leads companies to a temptation of selling unnecessary services and tools with excessive level of protection to unaware customer
Banking Industry: Contradictions and Workarounds o “The more data you process, the higher level of protection you should provide,” says the Law, and Security is not free. With the data storage costs decreasing day by day, this becomes a serious argument for organizations to review their information content. BUT: o Credit history becomes a problem for the banks as an operation that contradicts fundamental principles of Personal data handling
Individuals: Paradox of Generation Y o The interest to the problem of personal data is rapidly growing in Russia; and in the same time popularity of social networks exceeds all possible limits BUT: o In the rest of the world, the situation is the opposite: satiated with MySpace and FaceBook, people are also losing interest to personal data protection, as evidenced by the search engine statistics.
Questions of terminology, multiple legal action, software certification, outsourcing, manual data processing and many other interesting examples remained outside of scope of this short abstract. Nevertheless, the importance of this law as a powerful stimulus for the development of information security culture in Russia in accordance with international standards of privacy cannot be doubted. Presentation: |