Mincifers determined the rules of working with depersonalized personal data
The Mincifers have prepared the rules for the depersonalization of personal data, which should begin to act since September this year to fill the state -owned Lake Gossista. Data operators are offered five depersonalization methods, they will be carried out only through the software of the Ministry of Construction. The government expects the collection of information to “fill the data market”, but business is afraid of responsibility for the security of information.
“Kommersant” got acquainted with the Rules of working with depersonalized personal data developed by the Minzifra (draft government decree), which will apply to both business and government agencies. The rules were prepared for the amendments adopted last summer to the Federal Law “On Personal Data”, which established the mechanism for the formation of databases with impersonal information and their storage in the stateist. The mechanism should earn in September 2025. Gorodes and companies-data operators will load the Data STI to the DATA-STIST system, however, information exchange and depersonalization methods were not previously installed. In the government, the formation of the data market is supervised by the Department of Deputy Prime Minister Dmitry Grigorenko.
According to Kommersant’s interlocutor, who is familiar with the work on creating anonymous personal data system, in 2025, the first companies that will begin to submit information to the system will be communications operators.
According to one of the normative acts (“Kommersant”), the regulator approved the following methods of depersonalization of personal data: the method of introducing identifiers – replacing some of the information identifiers with the creation of the “table of compliance with the source data”, a change in the composition or semantics of data, including by deleting part of the information; decomposition method – dividing the array of personal data into several parts and separate storage; Also, the method of rearranging individual records, recording groups in the massifting array and the transformation method – data aggregation through their generalization, for example, in terms of qualitative values.
Also, according to documents, the business will be notified of the need to submit information to the system, but it will only be able to depersonate the data using special software (software), it will be provided with the Ministry of Cyphra for free. Operators will have to ensure “separate storage” of personal and impersonal data and will be responsible for their safety and exclusion from the data, access to which is limited by law. The operator of the system will become the mincifers, and representatives of organizations, companies and state bodies on request can get access to data. At the same time, even in the text of the amendments adopted in the summer, it was fixed that the transfer of data from the business to the stateist is voluntary.
In the apparatus of Deputy Prime Minister Dmitry Grigorenko, Kommersant reported that the exchange of depersonalized data sets between business and the state is “one of the options for saturating the data market”. Impersonal information is necessary for teaching AI, studying the situation in different areas – from the social sphere to the environmental and security of citizens. “Data compositions can be formed with an emergency of a natural and technogenic nature, with a state of emergency or quarantine due to infectious diseases,” the department said.
The mincifers also noted that « thanks to impersonal data, the state will be able to make more effective decisions. » “PRO for depersonalization will be provided to data operators for free and guarantees the correct application of depersonalization methods, taking into account the parameters specified in the requirements of the Ministry of Construction.” “We positively note the focus on the security of these citizens and restrictions on the use of such data only in certain cases, such as preventing and eliminating the consequences of emergencies,” said Karen Ghazaryan, director of analytics of ANO Digital Economy. The big four operators abandoned the comment.
Large business, for its part, is interested in working with an array of depersonalized data, but doubts safe work through the only approved software. In the Association of Big Data (ABD; Yandex, VK, Rostelecom, etc.), they say that “non -alternative use by organizations that work with protected secrets deprives them of the ability to control the risks and threats of security; It is necessary to unequivocally resolve the issue of liability for violation of the protection of Data sets transferred to the system. ” Now, according to the law, the operator is responsible for the lack of secrets in depersonalized personal data, and remind in the ABD. In the case of external in liability, they should bear the certifying given by the body, developer and authorized body, are confident there.
