It is registered
Ministry of Justice
Russian Federation
On October 26, 2023 No. 75742
of September 25, 2023 No. 6540-U
About the list of the safety hazards urgent in case of processing of biometric personal data, vectors of single biometric system, check and information transfer about degree of compliance of vectors of single biometric system to the provided biometric personal data of physical person in case of interaction of information systems of the organizations of the financial market with single biometric system
Based on Item 1 of part 4 of article 7 of the Federal Law of December 29, 2022 No. 572-FZ "About implementation of identification and (or) authentication of physical persons with use of biometric personal data, about modification of separate legal acts of the Russian Federation and recognition voided separate provisions of legal acts of the Russian Federation":
1. This Instruction determines the list of the safety hazards urgent in case of processing of biometric personal data, vectors of single biometric system, check and information transfer about degree of compliance of vectors of single biometric system to the provided biometric personal data of physical person in case of interaction of information systems of the organizations of the financial market specified regarding 1 article 3 of the Federal Law of December 29, 2022 to No. 572-FZ "About implementation of identification and (or) authentication of physical persons with use of biometric personal data, about modification of separate legal acts of the Russian Federation and recognition voided separate provisions of legal acts of the Russian Federation" (further respectively - the organizations of the financial market, the Federal Law of December 29, 2022 No. 572-FZ), with single biometric system taking into account assessment of possible harm, carried out in accordance with the legislation of the Russian Federation about personal data:
1.1. The safety hazards urgent in case of collection of biometric personal data and their transfer for the purpose of placement or updating of biometric personal data in single biometric system:
at head office, branches or internal structural divisions of the organizations of the financial market which are banks with the universal license or banks with the basic license specified in Item 5.6 of article 7 of the Federal Law of August 7, 2001 to No. 115-FZ "About counteraction of legalization (washing) of income gained in the criminal way and to terrorism financing" (further - banks), with use of stationary computer aids and ATMs and by transfer of collected biometric personal data between head office, branches or internal structural divisions of banks - integrity violation threat (substitutions, removals), violations of confidentiality (compromise), violation of reliability of biometric personal data (introduction of dummy biometric personal data), including by realization of purposeful actions with use of opportunities, specified in Item 12 of Structure and content of organizational and technical measures for safety of personal data in case of their processing in information systems of personal data with use of the means of cryptographic information security necessary for accomplishment of the requirements to personal data protection established by the Government of the Russian Federation for each of the levels of security approved by the order of Federal Security Service of the Russian Federation of July 10, 2014 No. 378 <1> (further - Structure and content of organizational and technical measures);
--------------------------------
<1> Registration No. 33620 is registered by the Ministry of Justice of the Russian Federation on August 18, 2014.
employees of banks with use of tablets and by transfer of collected biometric personal data between tablets and information infrastructure of internal structural divisions of banks - the integrity violation threat (substitutions, removals), violations of confidentiality (compromise), violation of reliability of biometric personal data (introduction of dummy biometric personal data), including by realization of purposeful actions with use of the opportunities specified in Item 10 of Structure and content of organizational and technical measures in case of application of means (systems) of information security from unauthorized access which underwent assessment of conformity in the form of obligatory certification is not lower than 4 levels of credibility according to the order of the Federal Service for Technical and Export Control of June 2, 2020 No. 76 <2>, or with use of opportunities, specified in Item 11 of Structure and content of organizational and technical measures.
--------------------------------
<2> Registration No. 59772, with the changes made by the order of FSTEC of Russia of April 18, 2022 No. 68 is registered by the Ministry of Justice of the Russian Federation on September 11, 2020 (registration No. 69318) is registered by the Ministry of Justice of the Russian Federation on July 20, 2022.
1.2. The safety hazards urgent in case of interaction of banks with single biometric system for the purpose of placement or updating of biometric personal data in single biometric system:
integrity violation threat (substitutions, removals), violations of reliability of biometric personal data (introduction of dummy biometric personal data), including by realization of purposeful actions with use of the opportunities specified in Item 13 of Structure and content of organizational and technical measures;
threat of violation of confidentiality (compromise) of biometric personal data, including by realization of purposeful actions with use of the opportunities specified in Item 12 of Structure and content of organizational and technical measures.
1.3. The safety hazards urgent in case of processing (except for collection) biometric personal data, during the checking and information transfer about degree of compliance of the provided biometric personal data of physical person to the vectors of single biometric system containing in single biometric system (further - information on compliance degree), in case of interaction of information systems of the organizations of the financial market with single biometric system for the purpose of identification of physical person according to part 1 of article 9 of the Federal Law of December 29, 2022 No. 572-FZ and authentications of physical person according to part 1 of article 10 of the Federal Law of December 29, 2022 No. 572-FZ:
1.3.1. When processing biometric personal data with use of the structure of physical person, terminals of the information systems providing functioning of check-points and their transfer to single biometric system - integrity violation threat (substitutions, removals), violations of confidentiality (compromise) of biometric personal data, including by realization of purposeful actions with use of the opportunities specified in Item 10 of Structure and content of organizational and technical measures.
Disclaimer! This text was translated by AI translator and is not a valid juridical document. No warranty. No claim. More info
Database include more 50000 documents. You can find needed documents using search system. For effective work you can mix any on documents parameters: country, documents type, date range, teams or tags.
More about search system
If you cannot find the required document, or you do not know where to begin, go to Help section.
In this section, we’ve tried to describe in detail the features and capabilities of the system, as well as the most effective techniques for working with the database.
You also may open the section Frequently asked questions. This section provides answers to questions set by users.