Compensation for damages caused by the violation of information security
Systematization of the actions of law enforcement agencies regarding in the information sphere. Mechanisms of compensation for losses as a result of violation of private right. Justification of the fact of the assignment of material and moral damage.
Рубрика | Государство и право |
Вид | статья |
Язык | английский |
Дата добавления | 05.01.2023 |
Размер файла | 20,0 K |
Отправить свою хорошую работу в базу знаний просто. Используйте форму, расположенную ниже
Студенты, аспиранты, молодые ученые, использующие базу знаний в своей учебе и работе, будут вам очень благодарны.
Размещено на http://allbest.ru
Compensation for damages caused by the violation of information security
Davydova Iryna Davydova Iryna, Doctor of Law, Professor at the Department of Civil Law of the National University “Odessa Law Academy”, Harhan Serhii Harhan Serhii, Master of Law
Abstract
The article analyzes the issue of determining and ordering compensation for damage caused by information security violations. As a result of the analysis of normative-legal acts and scientific positions in the area concerned, it is established that the primary statutory base on prevention and cessation of offenses in the information sphere is almost formed, in particular, civil-law, disciplinary (including material) administrative and criminal liability for committing offenses and crimes in the information sphere, numerous laws and bylaws in the information sphere have been developed and are in force. However, their practical application is rather weak: there are no specific mechanisms for applying and complying with the law in practice, there are difficulties in imposing penalties for violating it, there is no systematization of law enforcement actions to exercise their responsibilities and rights in the information sphere. It is determined that for violation of information security, a person may receive compensation for tangible and non-pecuniary damage caused to him. The civil legislation of Ukraine also provides for compensation to a person as a result of the violation of his civil right. A separate role is played by administrative and criminal liability in the field of information security violations. It is concluded that in the current development of information society and digitalization, information security is significant in the field of private law. As a result, violations of information security may result in administrative and criminal liability. The option of civil liability is also necessary, in particular, compensation for tangible and non-pecuniary damage, which requires filing a lawsuit. At the same time, it should be noted that the actual compensation can occur only if the fact of damage is properly proved and the amounts contained in the claim are justified.
Key words: information, security, tangible damage, non-pecuniary damage, losses, compensation.
Анотація
Відшкодування шкоди, завданої за порушення інформаційної безпеки
У статті проаналізовано питання щодо визначення та порядку відшкодування шкоди, завданої за порушення інформаційної безпеки. В результаті аналізу нормативно-правових актів та наукових позицій у сфері, що досліджується, встановлено, що натепер практично сформована основна нормативно-правова база щодо попередження і припинення правопорушень в інформаційній сфері, зокрема, передбачається цивільно-правова, дисциплінарна (включаючи матеріальну), адміністративна і кримінальна відповідальність за здійснення правопорушень і злочинів в інформаційній сфері, розроблені і діють численні закони та підзаконні нормативно-правові акти в інформаційній сфері.
Разом з тим їх практичне застосування досить слабке, відсутні конкретні механізми застосування і дотримання законодавства на практиці, наявні труднощі щодо накладення стягнень за його порушення, відсутня систематизація дій правоохоронних органів щодо здійснення своїх обов'язків і прав в інформаційній сфері.
Визначено, що за порушення інформаційної безпеки особа може отримати відшкодування за завдану їй матеріальну та моральну шкоду. Також цивільне законодавство України передбачає можливість відшкодування збитків особі у результаті порушення її цивільного права у разі завдання таких.
Окрему роль відіграють адміністративна та кримінальна відповідальність у сфері порушення інформаційної безпеки.
Зроблено висновок, що в нинішніх умовах розвитку інформаційного суспільства та цифровізації інформаційна безпека має велике значення у сфері приватного права. Як наслідок, за порушення інформаційної безпеки може наступати адміністративна та кримінальна відповідальність.
Важливою є й можливість настання цивільної відповідальності, зокрема, відшкодування матеріальної та моральної шкоди, задля чого необхідно подати відповідну заяву до суду. Разом із тим варто відзначити, що реальне відшкодування може настати лише за умови відповідного доведення факту завдання шкоди та обгрунтованості сум, які містяться в позові.
Ключові слова: інформація, безпека, матеріальна шкода, моральна шкода, збитки, відшкодування шкоди.
Such a category as “damages” sparks the interest of scientists for more than a year, both from the theoretical and practical perspective. In particular, when classifying obligations to compensate for damage, the initial (main) division of obligations should be their division into: the obligation to compensate for damage caused to a participant in civil relations is not the wrongful conduct of another person. The legal relations that arise in this case are the relations of civil law protection; and, the obligation to compensate for the damage caused to a participant in civil relations as a result of an offense (illegal conduct or tort in the true sense of the term). In essence, the legal relationship arising from the tort is non-contractual liability [1, p. 312].
In the context of the digitalization of society and the development of the information sphere, information relations arise, change and cease in the information sphere and are regulated by law. As a reflection of legal norms, they determine their main features. They are characterized by the primacy of legal norms, as information relations are the result of the regulatory action of the relevant information law on public relations. That is why such social relations acquire a legal form, i.e. become legal. At the same time, the information law norm regulates the behavior of the parties to public relations. It provides correspondence of mutual obligations and rights of the subjects - participants of these relations, as well as their legal responsibility for behavior that does not fit into the framework established by law [2, p. 151].
According to the Law of Ukraine “On Information”, the term “information” is conveyed as “any information and/or data that may be stored on physical media or displayed in electronic form” [3]. Information has certain properties, in particular, value, reliability, relevance.
From the standpoint of information security, the following properties of information can be distinguished: confidentiality (namely, information cannot be obtained by an unauthorized user); integrity (it means the impossibility of modification by an unauthorized user); availability (the ability to be obtained by an authorized user, if he has the appropriate authority, at any time).
Information security (in the context of direct information protection activities) can be considered a set of measures aimed at ensuring the protection of information from unauthorized access, use, disclosure, destruction, modification, access, verification, recording, or destruction of data.
Information security by scope can be considered in the context of security of the state, organization, and individual. Let's focus on the essence of information security of the organization and the individual.
Thus, information security of the organization is a purposeful activity of its bodies and officials with the use of permitted forces and means to achieve a state of security of the information environment of the organization. Such activities should ensure the proper functioning and dynamic development of the organization. law moral damage private right
Instead, the information security of an individual is characterized as a state of his direct protection from negative information effects, as well as effects on his ability to search for, collect, process, and use information. Information security of the individual also provides for the appropriate protection of various social groups and associations of people to which it belongs [4, p. 18].
As of today, the basic legal framework for the prevention and cessation of offenses in the information sphere is almost formed; it provides for civil, disciplinary (including tangible), administrative, and criminal liability for offenses and crimes in the information sphere, bylaws in the information sphere. However, their practical application is rather weak: there are no specific mechanisms for applying and complying with the law in practice, there are difficulties in imposing penalties for violating it, there is no systematization of law enforcement actions to exercise their responsibilities and rights in the information sphere.
The main provisions of information legislation are available in the Constitution of Ukraine [5], laws “On Information” [3], “On Personal Data Protection” [6], where data on individuals (personal data) are considered as information or a set of information on individuals, a person who is identified or can be specifically identified, classified as restricted (confidential).
In our opinion, when determining the specifics of compensation for damage caused by information security violations, it is important to pay attention directly to specific violations.
In particular, potential threats to information relations (relations concerning the collection, processing, and accumulation of information) and ways of their implementation are reflected in the relevant State Standard, according to which threats can be posed by: 1) technical channels, including channels of electromagnetic radiation and interference, radio, chemical and other channels; 2) channels of special influence forming fields and signals in order to destroy the protection system or violate the integrity of information; 3) unauthorized access - by connecting to equipment and communication lines, disguised as a registered user, overcoming protection measures for the use of information or imposing false information, the use of embedded devices or programs and the introduction of computer viruses [7].
It should also be noted that in order to protect the information in the system, the Resolution of the Cabinet of Ministers of Ukraine creates a comprehensive system of information protection, which is designed to protect information from: 1) leakage of technical channels, which include channels of spurious electromagnetic radiation and guidance, formed under the influence of physical processes during the operation of information processing facilities, other technical means, and communications; 2) unauthorized actions with information, including the use of computer viruses; 3) special influence on the means of information processing, which is carried out by the formation of physical fields and signals and can lead to a violation of its integrity and unauthorized blocking [8].
Violations of information security are set out in more detail in the Criminal Code of Ukraine. In particular, criminal liability has been established for: unauthorized interference in the work of electronic computers (computer), automated systems, computer networks or telecommunication networks (Article 361); creation for the purpose of use, distribution or sale of malicious software or hardware, as well as their distribution or sale (Article 361-1); unauthorized sale or dissemination of information with limited access, which is stored in computers (computer), automated systems, computer networks or on such media (Article 361-2); unauthorized actions with information processed in electronic computers (computer), automated systems, computer networks or stored on the media of such information, committed by a person who has the right to access it (Article 362); violation of the rules of operation of electronic computers (computers), automated systems, computer networks or telecommunication networks or the order or rules of protection of information processed in them (Article 363); interfering with the work of electronic computers (computer), automated systems, computer networks or telecommunication networks by mass dissemination of telecommunication messages (Article 363-1) [9].
In addition, analyzing the provisions of the Code of Ukraine on Administrative Offenses, we can also conclude that the following is classified as violations of information security: unreasonable refusal to provide relevant information (Article 212-3,
Article 96, Article 91-4); providing information that does not correspond to reality (Article 212-3); untimely provision of information (Articles 91-4, Articles 166-4); intentional concealment of information (Article 53-2, Article 82-3, Article 83-1, Article 91-3, Article 92-1, Article 163-5, Article 186-3); coercion to disseminate or impede the dissemination of certain information, as well as censorship (Articles 212-11); dissemination of information that does not correspond to reality, disgraces the honor and dignity of the person (Article 164-3); disclosure of a secret protected by law by a person who is supposed to protect this secret (Articles 164-3); violation of the procedure for storing information (Articles 212-5, Articles 212-6); intentional destruction of information (Article 921 of the Code of Administrative Offenses, Article 2124); unreasonable assignment of certain types of information to the category of information with limited access (Article 212-2), etc. [10].
Thus, there is a wide range of possible violations of information security. To ensure the rights and freedoms of the subjects of information relations and compensate them for damage caused by information security violations, the Law of Ukraine “On Information” provides as follows: “If the violation of the right to freedom of information compensation by court decision. Subjects of power as plaintiffs in cases of protection of honor, dignity and business reputation have the right to demand in court only the refutation of inaccurate information about themselves and have no right to demand compensation for moral (non-pecuniary) damage. This does not deprive officials of the right to protection of honor, dignity and business reputation in court” [3].
Therefore, for violating information security, a person may receive compensation for tangible and non-pecuniary damage.
Following the provisions of Art. 1166 of the Civil Code of Ukraine “property damage caused by illegal decisions, actions or omissions of personal non-property rights of a natural or legal person, as well as damage caused to property of a natural or legal person, is reimbursed in full by the person who caused it. The person who caused the damage shall be exempt from compensation if he or she proves that the damage was not his or her fault. Damage caused by injury, other damage to health or death of an individual due to force majeure shall be compensated in cases established by law. Damage caused by lawful actions is compensated in cases established by the Code and other law” [11].
The civil legislation of Ukraine also provides for the compensation to a person as a result of violation of his civil rights. Losses in this case are: “1) losses incurred by the person in connection with the destruction or damage of the thing, as well as costs incurred by the person or must be made to restore his violated right (real damage); 2) income that a person could actually receive under normal circumstances, if his right was not violated (lost benefit)” [11]. As a general rule, damages are reimbursed in full, unless the contract or law provides for compensation in a smaller or larger amount.
The legislator also established that a person has the right to compensation for non-pecuniary damage caused as a result of the violation of his rights. This rule also applies to compensation for non-pecuniary damage for information security violations. In particular, under Part 3 of Art. 23 of the Civil Code of Ukraine “non-pecuniary damage is reimbursed in cash, other property or otherwise; the amount of monetary compensation for non-pecuniary damage is determined by the court depending on the nature of the offense, the depth of physical and mental suffering, impairment of the victim or deprivation of his ability to implement them, the degree of guilt of the person who caused moral damage, if the guilt is the basis for compensation, as well as, taking into account other circumstances that are significant” [11].
It is also necessary to keep in mind the Resolution of the Plenum of the Supreme Court of Ukraine, which stipulates that “non-pecuniary damage may consist, in particular: in the humiliation of honor, dignity, prestige or business reputation, moral distress due to damage to health, violation of law property (including intellectual property), rights granted to consumers, other civil rights in connection with illegal detention under investigation and trial, in violation of normal life ties due to the inability to continue active public life, disruption of relations with others, the onset of other negative consequences” [12].
It should be noted that in cases of violation of information security, it is much easier to obtain compensation for tangible damage than compensation for non-pecuniary damage.
It is also essential that the statement of claim for non-pecuniary damage should state: the court must find out what confirms the fact of causing the plaintiff moral or physical suffering or non-pecuniary loss, under what circumstances or by what actions (inaction) they are caused, in what amount or in what material form the plaintiff assesses the damage caused to him and why it turns out, as well as other circumstances relevant to resolving the dispute.
The amount of compensation for non-pecuniary damage must be determined by the court depending on the nature and extent of the suffering and taking into account other circumstances. In particular, the state of health of the victim, the severity of forced changes in his life and work relationships, the degree of decline in prestige, business reputation, time and effort required to restore the previous state, etc. are taken into account. In this case, the court must proceed from the principles of reasonableness, balance, and fairness [12].
Summarizing the above, we can conclude that in the current environment of information society, digitalization, etc. information security is important in the field of private law. As a result, violations of information security may result in administrative and criminal liability. However, the option of civil liability is also important, in particular, compensation for tangible and non-pecuniary damage, which requires applying to the court. At the same time, it should be remarked that the actual compensation can occur only if the fact of damage is properly proved and the amounts contained in the claim are justified.
Bibliography
1. Ківалова Т. С., Давидова І. В. Відшкодування шкоди, завданої приватноправовими діями. Цивільне законодавство України : навчальний посібник. Одеса : Юридична література, 2013. С. 311-322.
2. Настюк В. Я., Бєлєвцева В. В. Загальноправова характеристика адміністративної відповідальності за інформаційні правопорушення. Інформація і право. 2013. № 1(7). С. 151-157.
3. Про інформацію : Закон України від 02.10.1992 р. № 2657-XII. URL: https://zakon.rada.gov.ua/laws/ show/2657-12
4. Електронне урядування та електронна демократія : навчальний посібник у 15 ч. / за заг. ред. А. І. Семен- ченка, В. М. Дрешпака. Київ, 2017. Частина 13: Захист інформації в системах електронного урядування. Київ : ФОП Москаленко О. М., 2017. 72 с.
5. Конституція України від 28.06.1996 р. URL: https://zakoarada.gov.uaЛaws/show/254%D0%BA/96-вр
6. Про захист персональних даних : Закон України від 01.06.2010 р. № 2297-VI. URL: https://zakon.rada.gov.ua/ laws/show/2297-17
7. Державний стандарт України «Захист інформації. Технічний захист інформації. Основні положення». ДСТУ 3396.0-96. URL: http://www.dut.edu.Ua/ru/lib/1/category/925/view/1043
8. Про затвердження Правил забезпечення захисту інформації в інформаційних, телекомунікаційних та інформаційно-телекомунікаційних системах : Постанова Кабінету Міністрів України від 29 березня 2006 р. № 373. иКЬ: https://zakon.rada.gov.ua/laws/show/373-2006-n
9. Кримінальний кодекс України від 05.04.2001 р. № 2341-Ш. URL: https://zakon.rada.gov.ua/laws/show/2341-14
10. Кодекс України про адміністративні правопорушення від 07.12.2019 р. № 8073-Х . иКЬ: https://zakon.rada. gov.ua/laws/show/80731-10
11. Цивільний кодекс України від 16.01.2003 р. № 435-ІУ иКЬ: https://zakon.rada.gov.ua/laws/show/435-15
12. Постанова Пленуму Верховного Суду України «Про судову практику в справах про відшкодування моральної (немайнової) шкоди» від 31.03.1995 р. № 4. URL: https://zakon.rada.gov.ua/laws/show/v0004700-95
Размещено на Allbest.ru
...Подобные документы
The violation of the Minsk agreements achieved in the result of the Minsk process by Russia and latter’s interpretation of the agreements as imposing the obligations of fulfilment exclusively on Ukraine. Steps to implement of the Minsk agreements.
статья [28,5 K], добавлен 19.09.2017General characteristics of the personal security of employees. Bases of fight against a corruption in the tax service of Ukraine. Personal safety of the tax police, concept, content, principles. Legislative regulation of non-state security activity.
реферат [24,7 K], добавлен 08.10.2012The concept of special tools and equipment. Implementation of technical means in the work of the Interior. Organizational-methodical and tactical basics of using technology in law enforcement agencies. Methods of the active defense, personal protection.
реферат [35,6 K], добавлен 08.10.2012The nature and justification of fundamental legal changes in modern society due to the globalization of cultures and civilizations. Directions and features of Ukrainian law, the requirements for the cost of litigation and particularly its improvement.
реферат [18,4 K], добавлен 14.02.2015Проблеми становлення інформаційного суспільства в Україні. Світова електронна мережа правових документів global legal information network. Види і мета юридичної відповідальності в інформаційному праві. Перспективи розвитку загального законодавства.
реферат [25,0 K], добавлен 22.05.2009"E-democracy" is a public use of Internet technologies Analysis of the problems dialogue information and of the notional device, uniform and available for specialists, facilities of the electronic constitutional court, on-line participation of citizens.
реферат [17,1 K], добавлен 14.02.2015Legislation regulating the application of administrative law enforcement termination. Types of special rules of administrative. Improving the practice of special means of administrative cease-duty law enforcement. Special means of administrative.
реферат [16,0 K], добавлен 08.10.2012Determination of the notion of the legal territory of estimation. Sensor bases of information for legal estimating activity (estimation). Legal estimating abilities. Motivation of applied psychotechnics for legal estimating, and self-estimating.
реферат [19,3 K], добавлен 13.02.2015The requirements of human rights. The rights to life and liberty. Impact In Terms Of Substantive Law. Procedure or Levels of Damages in the Field Of Health Law. Effects of Traditional Practices on Women and Children. Traditional Childbirth Practices.
реферат [16,0 K], добавлен 27.01.2012The notion of substance, the principles and characteristics of their treatment, as well as a reflection of these processes in the legislation of the state. Methods of dealing with illegal distribution of substances, the their effects on the human psyche.
презентация [3,0 M], добавлен 07.11.2014The concept and characteristics of the transaction. System of the rules operating social relations in the field of civil movement. Classification of transactions of various types. The validity of the transaction is recognized for it as a legal fact.
реферат [19,5 K], добавлен 24.03.2009Realization of various collective needs of a society concerns to performance of common causes first of all: the organization of public health services, formation, social security, automobiles and communications, etc.
реферат [9,4 K], добавлен 19.10.2004History of antitrust law. The Department of Justice building in Washington, D.C. as home to the United States antitrust enforcers. Federal and state government, private suits. Several examples of antitrust law: AT&T, Alcoa, Kodak and Standard Oil.
реферат [22,9 K], добавлен 26.06.2012Consideration of sovereignty as a basic constitutional principles of state law (for example, the countries - members of the Commonwealth of Independent States). Legislative support in Ukraine national development in the socio-cultural (spiritual) sphere.
реферат [20,1 K], добавлен 13.02.2015Medicine in Ukraine. Health care reform: what doctors and patients should expect from. National strategy of health care reform. Changing the distribution of funds. Decentralization. The introduction of health insurance. Public-private partnership (PPP).
эссе [23,1 K], добавлен 21.09.2015The foundations of the constitutional system of the Russian Federation. The civil society as the embodiment of balance of private and public interests. Legal and functional character of the civil society. Institutional structure of constitutional system.
реферат [19,5 K], добавлен 07.01.2015The computer systems and unique possibilities for fulfillment before unknown offenses. The main risks and threats to information systems security in the internet. Internet as a port of escape of the confidential information and its damage minimization.
контрольная работа [19,6 K], добавлен 17.02.2011The material and technological basis of the information society are all sorts of systems based on computers and computer networks, information technology, telecommunication. The task of Ukraine in area of information and communication technologies.
реферат [29,5 K], добавлен 10.05.2011Information security problems of modern computer companies networks. The levels of network security of the company. Methods of protection organization's computer network from unauthorized access from the Internet. Information Security in the Internet.
реферат [20,9 K], добавлен 19.12.2013Ability of the company to reveal and consider further action of competitive forces and their dynamics. Analysis of environment and the target market. Functional divisions and different levels in which еhe external information gets into the organization.
статья [10,7 K], добавлен 23.09.2011