Compensation for damages caused by the violation of information security

The issue of determining and ordering compensation for damage caused by information security violations. It is determined thatfor violation of information security, a person may receive compensation for tangible and non-pecuniary damage caused to him.

Рубрика Государство и право
Вид статья
Язык английский
Дата добавления 20.08.2023
Размер файла 18,5 K

Отправить свою хорошую работу в базу знаний просто. Используйте форму, расположенную ниже

Студенты, аспиранты, молодые ученые, использующие базу знаний в своей учебе и работе, будут вам очень благодарны.

Размещено на http://www.allbest.ru/

Compensation for damages caused by the violation of information security

Davydova Iryna,

Doctor of Law, Professor at the Department of Civil Law of the National University “Odessa Law Academy”

Harhan Serhii,

Master of Law

The article analyzes the issue of determining and ordering compensation for damage caused by information security violations. As a result of the analysis of normative-legal acts and scientific positions in the area concerned, it is established that the primary statutory base on prevention and cessation of offenses in the information sphere is almost formed, in particular, civil-law, disciplinary (including material) administrative and criminal liability for committing offenses and crimes in the information sphere, numerous laws and bylaws in the information sphere have been developed and are in force. However, their practical application is rather weak: there are no specific mechanisms for applying and complying with the law in practice, there are difficulties in imposing penalties for violating it, there is no systematization of law enforcement actions to exercise their responsibilities and rights in the information sphere.

It is determined thatfor violation of information security, a person may receive compensation for tangible and non-pecuniary damage caused to him. The civil legislation of Ukraine also provides for compensation to a person as a result of the violation of his civil right. A separate role is played by administrative and criminal liability in the field of information security violations.

It is concluded that in the current development of information society and digitalization, information security is significant in the field ofprivate law. As a result, violations of information security may result in administrative and criminal liability. The option of civil liability is also necessary, in particular, compensation for tangible and non-pecuniary damage, which requires filing a lawsuit. At the same time, it should be noted that the actual compensation can occur only if the fact of damage is properly proved and the amounts contained in the claim are justified.

Key words: information, security, tangible damage, non-pecuniary damage, losses, compensation.

ВІДШКОДУВАННЯ ШКОДИ, ЗАВДАНОЇ ЗА ПОРУШЕННЯ ІНФОРМАЦІЙНОЇ БЕЗПЕКИ

У статті проаналізовано питання щодо визначення та порядку відшкодування шкоди, завданої за порушення інформаційної безпеки. В результаті аналізу нормативно-правових актів та наукових позицій у сфері, що досліджується, встановлено, що натепер практично сформована основна нормативно-правова база щодо попередження і при-пинення правопорушень в інформаційній сфері, зокрема, передбачається цивільно-правова, дисциплінарна (включаючи матеріальну), адміністративна і кримінальна відповідальність за здійснення правопорушень і злочинів в інформаційній сфері, розроблені і діють численні закони та підзаконні нормативно-правові акти в інформаційній сфері. Разом з тим їх практичне застосування досить слабке, відсутні конкретні механізми застосування і дотримання законодавства на практиці, наявні труднощі щодо накладення стягнень за його порушення, відсутня систематизація дій правоохоронних органів щодо здійснення своїх обов'язків і прав в інформаційній сфері.

Визначено, що за порушення інформаційної безпеки особа може отримати відшкодування за завдану їй матеріаль-ну та моральну шкоду. Також цивільне законодавство України передбачає можливість відшкодування збитків особі у результаті порушення її цивільного права у разі завдання таких. Окрему роль відіграють адміністративна та кримі-нальна відповідальність у сфері порушення інформаційної безпеки.

Зроблено висновок, що в нинішніх умовах розвитку інформаційного суспільства та цифровізації інформаційна без-пека має велике значення у сфері приватного права. Як наслідок, за порушення інформаційної безпеки може наступати адміністративна та кримінальна відповідальність. Важливою є й можливість настання цивільної відповідальності, зокрема, відшкодування матеріальної та моральної шкоди, задля чого необхідно подати відповідну заяву до суду. Разом із тим варто відзначити, що реальне відшкодування може настати лише за умови відповідного доведення факту завдання шкоди та обгрунтованості сум, які містяться в позові.

Ключові слова: інформація, безпека, матеріальна шкода, моральна шкода, збитки, відшкодування шкоди.

Such a category as “damages” sparks the interest of scientists for more than a year, both from the theoretical and practical perspective. In particular, when classifying obligations to compensate for damage, the initial (main) division of obligations should be their division into: the obligation to compensate for damage caused to a participant in civil relations is not the wrongful conduct of another person. The legal relations that arise in this case are the relations of civil law protection; and, the obligation to compensate for the damage caused to a participant in civil relations as a result of an offense (illegal conduct or tort in the true sense of the term). In essence, the legal relationship arising from the tort is non-contractual liability [1, p. 312].

In the context of the digitalization of society and the development of the information sphere, information relations arise, change and cease in the information sphere and are regulated by law. As a reflection of legal norms, they determine their main features. They are characterized by the primacy of legal norms, as information relations are the result of the regulatory action of the relevant information law on public relations. That is why such social relations acquire a legal form, i.e. become legal. At the same time, the information law norm regulates the behavior of the parties to public relations. It provides correspondence of mutual obligations and rights of the subjects - participants of these relations, as well as their legal responsibility for behavior that does not fit into the framework established by law [2, p. 151]. compensation damages information security

According to the Law of Ukraine “On Information”, the term “information” is conveyed as “any information and/or data that may be stored on physical media or displayed in electronic form” [3]. Information has certain properties, in particular, value, reliability, relevance.

From the standpoint of information security, the following properties of information can be distinguished: confidentiality (namely, information cannot be obtained by an unauthorized user); integrity (it means the impossibility of modification by an unauthorized user); availability (the ability to be obtained by an authorized user, if he has the appropriate authority, at any time).

Information security (in the context of direct information protection activities) can be considered a set of measures aimed at ensuring the protection of information from unauthorized access, use, disclosure, destruction, modification, access, verification, recording, or destruction of data.

Information security by scope can be considered in the context of security of the state, organization, and individual. Let's focus on the essence of information security of the organization and the individual.

Thus, information security of the organization is a purposeful activity of its bodies and officials with the use of permitted forces and means to achieve a state of security of the information environment of the organization. Such activities should ensure the proper functioning and dynamic development of the organization.

Instead, the information security of an individual is characterized as a state of his direct protection from negative information effects, as well as effects on his ability to search for, collect, process, and use information. Information security of the individual also provides for the appropriate protection of various social groups and associations of people to which it belongs [4, p. 18].

As of today, the basic legal framework for the prevention and cessation of offenses in the information sphere is almost formed; it provides for civil, disciplinary (including tangible), administrative, and criminal liability for offenses and crimes in the information sphere, bylaws in the information sphere. However, their practical application is rather weak: there are no specific mechanisms for applying and complying with the law in practice, there are difficulties in imposing penalties for violating it, there is no systematization of law enforcement actions to exercise their responsibilities and rights in the information sphere.

The main provisions of information legislation are available in the Constitution of Ukraine [5], laws “On Information” [3], “On Personal Data Protection” [6], where data on individuals (personal data) are considered as information or a set of information on individuals, a person who is identified or can be specifically identified, classified as restricted (confidential).

In our opinion, when determining the specifics of compensation for damage caused by information security violations, it is important to pay attention directly to specific violations.

In particular, potential threats to information relations (relations concerning the collection, processing, and accumulation of information) and ways of their implementation are reflected in the relevant State Standard, according to which threats can be posed by: 1) technical channels, including channels of electromagnetic radiation and interference, radio, chemical and other channels; 2) channels of special influence forming fields and signals in order to destroy the protection system or violate the integrity of information; 3) unauthorized access - by connecting to equipment and communication lines, disguised as a registered user, overcoming protection measures for the use of information or imposing false information, the use of embedded devices or programs and the introduction of computer viruses [7].

It should also be noted that in order to protect the information in the system, the Resolution of the Cabinet of Ministers of Ukraine creates a comprehensive system of information protection, which is designed to protect information from: 1) leakage of technical channels, which include channels of spurious electromagnetic radiation and guidance, formed under the influence of physical processes during the operation of information processing facilities, other technical means, and communications; 2) unauthorized actions with information, including the use of computer viruses; 3) special influence on the means of information processing, which is carried out by the formation of physical fields and signals and can lead to a violation of its integrity and unauthorized blocking [8].

Violations of information security are set out in more detail in the Criminal Code of Ukraine. In particular, criminal liability has been established for: unauthorized interference in the work of electronic computers (computer), automated systems, computer networks or telecommunication networks (Article 361); creation for the purpose of use, distribution or sale of malicious software or hardware, as well as their distribution or sale (Article 361-1); unauthorized sale or dissemination of information with limited access, which is stored in computers (computer), automated systems, computer networks or on such media (Article 361-2); unauthorized actions with information processed in electronic computers (computer), automated systems, computer networks or stored on the media of such information, committed by a person who has the right to access it (Article 362); violation of the rules of operation of electronic computers (computers), automated systems, computer networks or telecommunication networks or the order or rules of protection of information processed in them (Article 363); interfering with the work of electronic computers (computer), automated systems, computer networks or telecommunication networks by mass dissemination of telecommunication messages (Article 363-1) [9].

In addition, analyzing the provisions of the Code of Ukraine on Administrative Offenses, we can also conclude that the following is classified as violations of information security: unreasonable refusal to provide relevant information (Article 212-3, Article 96, Article 91-4); providing information that does not correspond to reality (Article 212-3); untimely provision of information (Articles 91-4, Articles 166-4); intentional concealment of information (Article 53-2, Article 82-3, Article 83-1, Article 91-3, Article 92-1, Article 163-5, Article 186-3); coercion to disseminate or impede the dissemination of certain information, as well as censorship (Articles 212-11); dissemination of information that does not correspond to reality, disgraces the honor and dignity of the person (Article 164-3); disclosure of a secret protected by law by a person who is supposed to protect this secret (Articles 164-3); violation of the procedure for storing information (Articles 212-5, Articles 212-6); intentional destruction of information (Article 921 of the Code of Administrative Offenses, Article 2124); unreasonable assignment of certain types of information to the category of information with limited access (Article 212-2), etc. [10].

Thus, there is a wide range of possible violations of information security. To ensure the rights and freedoms of the subjects of information relations and compensate them for damage caused by information security violations, the Law of Ukraine “On Information” provides as follows: “If the violation of the right to freedom of information compensation by court decision. Subjects of power as plaintiffs in cases of protection of honor, dignity and business reputation have the right to demand in court only the refutation of inaccurate information about themselves and have no right to demand compensation for moral (non-pecuniary) damage. This does not deprive officials of the right to protection of honor, dignity and business reputation in court” [3].

Therefore, for violating information security, a person may receive compensation for tangible and non-pecuniary damage.

Following the provisions of Art. 1166 of the Civil Code of Ukraine “property damage caused by illegal decisions, actions or omissions of personal non-property rights of a natural or legal person, as well as damage caused to property of a natural or legal person, is reimbursed in full by the person who caused it. The person who caused the damage shall be exempt from compensation if he or she proves that the damage was not his or her fault. Damage caused by injury, other damage to health or death of an individual due to force majeure shall be compensated in cases established by law. Damage caused by lawful actions is compensated in cases established by the Code and other law” [11].

The civil legislation of Ukraine also provides for the compensation to a person as a result of violation of his civil rights. Losses in this case are: “1) losses incurred by the person in connection with the destruction or damage of the thing, as well as costs incurred by the person or must be made to restore his violated right (real damage); 2) income that a person could actually receive under normal circumstances, if his right was not violated (lost benefit)” [11]. As a general rule, damages are reimbursed in full, unless the contract or law provides for compensation in a smaller or larger amount.

The legislator also established that a person has the right to compensation for non-pecuniary damage caused as a result of the violation of his rights. This rule also applies to compensation for non-pecuniary damage for information security violations. In particular, under Part 3 of Art. 23 of the Civil Code of Ukraine “non-pecuniary damage is reimbursed in cash, other property or otherwise; the amount of monetary compensation for non-pecuniary damage is determined by the court depending on the nature of the offense, the depth of physical and mental suffering, impairment of the victim or deprivation of his ability to implement them, the degree of guilt of the person who caused moral damage, if the guilt is the basis for compensation, as well as, taking into account other circumstances that are significant” [11].

It is also necessary to keep in mind the Resolution of the Plenum of the Supreme Court of Ukraine, which stipulates that “non-pecuniary damage may consist, in particular: in the humiliation of honor, dignity, prestige or business reputation, moral distress due to damage to health, violation of law property (including intellectual property), rights granted to consumers, other civil rights in connection with illegal detention under investigation and trial, in violation of normal life ties due to the inability to continue active public life, disruption of relations with others, the onset of other negative consequences” [12].

It should be noted that in cases of violation of information security, it is much easier to obtain compensation for tangible damage than compensation for non-pecuniary damage.

It is also essential that the statement of claim for non-pecuniary damage should state: the court must find out what confirms the fact of causing the plaintiff moral or physical suffering or non-pecuniary loss, under what circumstances or by what actions (inaction) they are caused, in what amount or in what material form the plaintiff assesses the damage caused to him and why it turns out, as well as other circumstances relevant to resolving the dispute. The amount of compensation for non-pecuniary damage must be determined by the court depending on the nature and extent of the suffering and taking into account other circumstances. In particular, the state of health of the victim, the severity of forced changes in his life and work relationships, the degree of decline in prestige, business reputation, time and effort required to restore the previous state, etc. are taken into account. In this case, the court must proceed from the principles of reasonableness, balance, and fairness [12].

Summarizing the above, we can conclude that in the current environment of information society, digitalization, etc. information security is important in the field of private law. As a result, violations of information security may result in administrative and criminal liability. However, the option of civil liability is also important, in particular, compensation for tangible and non-pecuniary damage, which requires applying to the court. At the same time, it should be remarked that the actual compensation can occur only if the fact of damage is properly proved and the amounts contained in the claim are justified.

BIBLIOGRAPHY:

1. Ківалова Т. С., Давидова І. В. Відшкодування шкоди, завданої приватноправовими діями. Цивільне законодавство України : навчальний посібник. Одеса : Юридична література, 2013. С. 311-322.

2. Настюк В. Я., Бєлєвцева В. В. Загальноправова характеристика адміністративної відповідальності за інформаційні правопорушення. Інформація і право. 2013. № 1(7). С. 151-157.

3. Про інформацію : Закон України від 02.10.1992 р. № 2657-XII. URL: https://zakon.rada.gov.ua/laws/ show/2657-12

4. Електронне урядування та електронна демократія : навчальний посібник у 15 ч. / за заг. ред. А. І. Семен- ченка, В. М. Дрешпака. Київ, 2017. Частина 13 : Захист інформації в системах електронного урядування. Київ : ФОП Москаленко О. М., 2017. 72 с.

5. Конституція України від 28.06.1996 р. URL: https://zakon.rada.gov.ua/laws/show/254%D0%BA/96-вр

6. Про захист персональних даних : Закон України від 01.06.2010 р. № 2297-VI. URL: https://zakon.rada.gov.ua/ laws/show/2297-17

7. Державний стандарт України «Захист інформації. Технічний захист інформації. Основні положення». ДСТУ 3396.0-96. URL: http://www.dut.edu.ua/ru/lib/1/category/925/view/1043

8. Про затвердження Правил забезпечення захисту інформації в інформаційних, телекомунікаційних та інформаційно-телекомунікаційних системах : Постанова Кабінету Міністрів України від 29 березня 2006 р. № 373. URL: https://zakon.rada.gov.ua/laws/show/373-2006-п

9. Кримінальний кодекс України від 05.04.2001 р. № 2341-III. URL: https://zakon.rada.gov.ua/laws/show/2341-14

10. Кодекс України про адміністративні правопорушення від 07.12.2019 р. № 8073-X . URL: https://zakon.rada. gov.ua/laws/show/80731-10

11. Цивільний кодекс України від 16.01.2003 р. № 435-IV. URL: https://zakon.rada.gov.ua/laws/show/435-15

12. Постанова Пленуму Верховного Суду України «Про судову практику в справах про відшкодування моральної (немайнової) шкоди» від 31.03.1995 р. № 4. URL: https://zakon.rada.gov.ua/laws/show/v0004700-95

Размещено на Allbest.ru

...

Подобные документы

  • General characteristics of the personal security of employees. Bases of fight against a corruption in the tax service of Ukraine. Personal safety of the tax police, concept, content, principles. Legislative regulation of non-state security activity.

    реферат [24,7 K], добавлен 08.10.2012

  • Realization of various collective needs of a society concerns to performance of common causes first of all: the organization of public health services, formation, social security, automobiles and communications, etc.

    реферат [9,4 K], добавлен 19.10.2004

  • Проблеми становлення інформаційного суспільства в Україні. Світова електронна мережа правових документів global legal information network. Види і мета юридичної відповідальності в інформаційному праві. Перспективи розвитку загального законодавства.

    реферат [25,0 K], добавлен 22.05.2009

  • "E-democracy" is a public use of Internet technologies Analysis of the problems dialogue information and of the notional device, uniform and available for specialists, facilities of the electronic constitutional court, on-line participation of citizens.

    реферат [17,1 K], добавлен 14.02.2015

  • The violation of the Minsk agreements achieved in the result of the Minsk process by Russia and latter’s interpretation of the agreements as imposing the obligations of fulfilment exclusively on Ukraine. Steps to implement of the Minsk agreements.

    статья [28,5 K], добавлен 19.09.2017

  • Determination of the notion of the legal territory of estimation. Sensor bases of information for legal estimating activity (estimation). Legal estimating abilities. Motivation of applied psychotechnics for legal estimating, and self-estimating.

    реферат [19,3 K], добавлен 13.02.2015

  • The major constitutional principle, considering the person, his rights and freedoms. Law of the subject of the Russian Federation. Rights and freedoms of a person and a citizen, their protection as the basic contents of activity of the democratic state.

    реферат [15,5 K], добавлен 07.01.2015

  • Citizenship is as the condition of possession the rights in the antique policy. The Roman jurisprudence about the place and role of the person in the society. Guarantees of the rights and duties of the citizens in the constitutions of states of the world.

    реферат [62,5 K], добавлен 14.02.2015

  • The article covers the issue of specific breaches of international law provisions owed to Ukraine by Russia. The article also examines problems in the application of international law by Russia. In the course of the Russian aggression against Ukraine.

    статья [42,0 K], добавлен 19.09.2017

  • The requirements of human rights. The rights to life and liberty. Impact In Terms Of Substantive Law. Procedure or Levels of Damages in the Field Of Health Law. Effects of Traditional Practices on Women and Children. Traditional Childbirth Practices.

    реферат [16,0 K], добавлен 27.01.2012

  • The issue of freedom of the individual and their normative regulation in terms of constitutional democracy in post-Soviet republics. Stages of formation of the rights and freedoms of man and citizen. Socio-economic, ideological and political conditions.

    реферат [24,9 K], добавлен 14.02.2015

  • Monarchy – a government in which the supreme power is lodged in the hands of a person engaged in reigning who reigns over a state or territory, usually for life. The concept and the essence.The succession to the throne as the element of the Monarchy.

    курсовая работа [35,3 K], добавлен 13.08.2011

  • The system of executive authorities. Legislation of Ukraine as sources of social protection. The mechanism and contents of social protection tax. Benefits as the main element of the special legal status of a person. Certain features of protection.

    реферат [18,9 K], добавлен 30.09.2012

  • Concept of development basic law. Protection of freedom through the implementation of the principle of subsidiarity. Analysis of the humanitarian aspects of the legal status of a person. Systematic review of articles of the constitution of Russia.

    реферат [21,2 K], добавлен 14.02.2015

  • The steady legal connection of the person with the state, expressing in aggregate of legal rights and duties. The Maastricht Treaty of 1992. Establishment of the European Economic Community. Increase of the number of rights given to the citizens.

    реферат [22,5 K], добавлен 13.02.2015

  • Legal regulation of rights and freedoms of a person and a citizen, according to article 71 of the Constitution of the Russian Federation. Regulation about the order of granting of gratuitous grants for residing in Republic Severnaya Ossetia - Alaniya.

    реферат [19,8 K], добавлен 13.02.2015

  • The computer systems and unique possibilities for fulfillment before unknown offenses. The main risks and threats to information systems security in the internet. Internet as a port of escape of the confidential information and its damage minimization.

    контрольная работа [19,6 K], добавлен 17.02.2011

  • Information security problems of modern computer companies networks. The levels of network security of the company. Methods of protection organization's computer network from unauthorized access from the Internet. Information Security in the Internet.

    реферат [20,9 K], добавлен 19.12.2013

  • The definition of term "economic security of enterprise" and characteristic of it functional components: technical and technological, intellectual and human resources component, information, financial, environmental, political and legal component.

    презентация [511,3 K], добавлен 09.03.2014

  • The material and technological basis of the information society are all sorts of systems based on computers and computer networks, information technology, telecommunication. The task of Ukraine in area of information and communication technologies.

    реферат [29,5 K], добавлен 10.05.2011

Работы в архивах красиво оформлены согласно требованиям ВУЗов и содержат рисунки, диаграммы, формулы и т.д.
PPT, PPTX и PDF-файлы представлены только в архивах.
Рекомендуем скачать работу.