Workshops‎ > ‎cs-ga-2010‎ > ‎

Alexandra A. Savelieva, Sergey M. Avdoshin



Biography: Alexandra A. Savelieva



Alexandra Savelieva is a post-graduate student at Higher School of Economics. Under the supervision of Dr. Prof. Avdoshin she has been engaged in research work in cryptography and cryptanalysis since her 3rd year in Russian State Technological University where she obtained a BSc in Computer Science degree with honors in 2006. Alexandra was recognized for outstanding research results by The Ministry of Education and Science of the Russian Federation (Diploma for the best students’ research in 2006). She continued her education at Higher School of Economics and received a MSc in Business Informatics, honors, in 2008. For her strong academic achievements, she was a President’s scholar in 2006/2008 and Russian Government scholar in 2007/2008, 2008/2010. Alexandra has received support from a government grant for her PhD research project.

As of September 2008, Alexandra took a part-time job of a lecturer at Higher School of Economics. She is actively participating in the life of research communities in Russia by reporting the research results at professional conferences and workshops on Information Security and Software Engineering. Alexandra has over 30 publications on solving linear systems over residue rings, cryptanalysis methods, practical application of cryptography in software products, and efficiency of investments in information security systems.  




Abstract:


Personal Data Protection in Russia: Trends of the Last Decade
Alexandra A. Savelieva, Sergey M. Avdoshin, PhD


In this paper, we are analyzing the effect that the Federal Law on Personal Data has had on different areas of life in the Russian Federation.

 

Index Terms — PII, Federal Law on Personal Data, international security agreements.

 

The society in Russia has been very agitated by the implementation of Federal Law of the Russian On Personal Data. In the below sections we will outline the areas which directly or indirectly have been affected by the law.

 

Business: Obligations and Threats

o After years of ad-hoc implementation and usage of information systems, companies finally need to rethink their strategy in IT and security.

o CIO and CSO get the ground to justify investments in their projects.

BUT:

o A new type of attack can be launched by unfair competitors commonly referred to as ‘Personal Data DoS attack’

o Companies that sell personal data for money via web sites registered outside of Russia remain our of control

o Recruiting services, shopping sites and any other  business that is using customer personalized profile are in danger when it comes to compliance with the Law

 

IT Industry: Challenges and Opportunities

o Evergrowing demand for consulting services has created a new market niche for IT companies capable of providing appropriate services

BUT:

o This leads companies to a temptation of selling unnecessary services and tools with excessive level of protection to unaware customer

 

Banking Industry: Contradictions and Workarounds

o “The more data you process, the higher level of protection you should provide,” says the Law, and Security is not free. With the data storage costs decreasing day by day, this becomes a serious argument for organizations to review their information content.

BUT:

o Credit history becomes a problem for the banks as an operation that contradicts fundamental principles of Personal data handling

 

Individuals: Paradox of Generation Y

o The interest to the problem of personal data is rapidly growing in Russia; and in the same time popularity of social networks exceeds all possible limits

BUT:

o In the rest of the world, the situation is the opposite: satiated with MySpace and FaceBook, people are also losing interest to personal data protection, as evidenced by the search engine statistics.

 

Questions of terminology, multiple legal action, software certification, outsourcing, manual data processing and many other interesting examples remained outside of scope of this short abstract. Nevertheless, the importance of this law as a powerful stimulus for the development of information security culture in Russia in accordance with international standards of privacy cannot be doubted.