Compensation for damages caused by the violation of information security
Determination for compensation for damage caused for information security violations. The possibility of compensation for losses to a person as a result of violation of his civil right in the event of such tasks. Digitalization of Information Security.
| Рубрика | Политология |
| Вид | статья |
| Язык | английский |
| Дата добавления | 18.11.2022 |
| Размер файла | 19,2 K |
Отправить свою хорошую работу в базу знаний просто. Используйте форму, расположенную ниже
Студенты, аспиранты, молодые ученые, использующие базу знаний в своей учебе и работе, будут вам очень благодарны.
Размещено на http://www.allbest.ru/
Compensation for damages caused by the violation of information security
Davydova Iryna,
Doctor of Law, Professor at the Department of Civil Law
of the National University “Odessa Law Academy”
Harhan Serhii,
Master of Law
The article analyzes the issue of determining and ordering compensation for damage caused by information security violations. As a result of the analysis of normative-legal acts and scientific positions in the area concerned, it is established that the primary statutory base on prevention and cessation of offenses in the information sphere is almost formed, in particular, civil-law, disciplinary (including material) administrative and criminal liability for committing offenses and crimes in the information sphere, numerous laws and bylaws in the information sphere have been developed and are in force. However, their practical application is rather weak: there are no specific mechanisms for applying and complying with the law in practice, there are difficulties in imposing penalties for violating it, there is no systematization of law enforcement actions to exercise their responsibilities and rights in the information sphere.
It is determined thatfor violation of information security, a person may receive compensation for tangible and non-pecuniary damage caused to him. The civil legislation of Ukraine also provides for compensation to a person as a result of the violation of his civil right. A separate role is played by administrative and criminal liability in the field of information security violations.
It is concluded that in the current development of information society and digitalization, information security is significant in the field ofprivate law. As a result, violations of information security may result in administrative and criminal liability. The option of civil liability is also necessary, in particular, compensation for tangible and non-pecuniary damage, which requires filing a lawsuit. At the same time, it should be noted that the actual compensation can occur only if the fact of damage is properly proved and the amounts contained in the claim are justified. compensation damage information security
Key words: information, security, tangible damage, non-pecuniary damage, losses, compensation.
ВІДШКОДУВАННЯ ШКОДИ, ЗАВДАНОЇ ЗА ПОРУШЕННЯ ІНФОРМАЦІЙНОЇ БЕЗПЕКИ
У статті проаналізовано питання щодо визначення та порядку відшкодування шкоди, завданої за порушення інформаційної безпеки. В результаті аналізу нормативно-правових актів та наукових позицій у сфері, що досліджується, встановлено, що натепер практично сформована основна нормативно-правова база щодо попередження і припинення правопорушень в інформаційній сфері, зокрема, передбачається цивільно-правова, дисциплінарна (включаючи матеріальну), адміністративна і кримінальна відповідальність за здійснення правопорушень і злочинів в інформаційній сфері, розроблені і діють численні закони та підзаконні нормативно-правові акти в інформаційній сфері. Разом з тим їх практичне застосування досить слабке, відсутні конкретні механізми застосування і дотримання законодавства на практиці, наявні труднощі щодо накладення стягнень за його порушення, відсутня систематизація дій правоохоронних органів щодо здійснення своїх обов'язків і прав в інформаційній сфері.
Визначено, що за порушення інформаційної безпеки особа може отримати відшкодування за завдану їй матеріальну та моральну шкоду. Також цивільне законодавство України передбачає можливість відшкодування збитків особі у результаті порушення її цивільного права у разі завдання таких. Окрему роль відіграють адміністративна та кримінальна відповідальність у сфері порушення інформаційної безпеки.
Зроблено висновок, що в нинішніх умовах розвитку інформаційного суспільства та цифровізації інформаційна безпека має велике значення у сфері приватного права. Як наслідок, за порушення інформаційної безпеки може наступати адміністративна та кримінальна відповідальність. Важливою є й можливість настання цивільної відповідальності, зокрема, відшкодування матеріальної та моральної шкоди, задля чого необхідно подати відповідну заяву до суду. Разом із тим варто відзначити, що реальне відшкодування може настати лише за умови відповідного доведення факту завдання шкоди та обґрунтованості сум, які містяться в позові.
Ключові слова: інформація, безпека, матеріальна шкода, моральна шкода, збитки, відшкодування шкоди.
Such a category as “damages” sparks the interest of scientists for more than a year, both from the theoretical and practical perspective. In particular, when classifying obligations to compensate for damage, the initial (main) division of obligations should be their division into: the obligation to compensate for damage caused to a participant in civil relations is not the wrongful conduct of another person. The legal relations that arise in this case are the relations of civil law protection; and, the obligation to compensate for the damage caused to a participant in civil relations as a result of an offense (illegal conduct or tort in the true sense of the term). In essence, the legal relationship arising from the tort is non-contractual liability [1, p. 312].
In the context of the digitalization of society and the development of the information sphere, information relations arise, change and cease in the information sphere and are regulated by law. As a reflection of legal norms, they determine their main features. They are characterized by the primacy of legal norms, as information relations are the result of the regulatory action of the relevant information law on public relations. That is why such social relations acquire a legal form, i.e. become legal. At the same time, the information law norm regulates the behavior of the parties to public relations. It provides correspondence of mutual obligations and rights of the subjects - participants of these relations, as well as their legal responsibility for behavior that does not fit into the framework established by law [2, p. 151].
According to the Law of Ukraine “On Information”, the term “information” is conveyed as “any information and/or data that may be stored on physical media or displayed in electronic form” [3]. Information has certain properties, in particular, value, reliability, relevance.
From the standpoint of information security, the following properties of information can be distinguished: confidentiality (namely, information cannot be obtained by an unauthorized user); integrity (it means the impossibility of modification by an unauthorized user); availability (the ability to be obtained by an authorized user, if he has the appropriate authority, at any time).
Information security (in the context of direct information protection activities) can be considered a set of measures aimed at ensuring the protection of information from unauthorized access, use, disclosure, destruction, modification, access, verification, recording, or destruction of data.
Information security by scope can be considered in the context of security of the state, organization, and individual. Let's focus on the essence of information security of the organization and the individual.
Thus, information security of the organization is a purposeful activity of its bodies and officials with the use of permitted forces and means to achieve a state of security of the information environment of the organization. Such activities should ensure the proper functioning and dynamic development of the organization.
Instead, the information security of an individual is characterized as a state of his direct protection from negative information effects, as well as effects on his ability to search for, collect, process, and use information. Information security of the individual also provides for the appropriate protection of various social groups and associations of people to which it belongs [4, p. 18].
As of today, the basic legal framework for the prevention and cessation of offenses in the information sphere is almost formed; it provides for civil, disciplinary (including tangible), administrative, and criminal liability for offenses and crimes in the information sphere, bylaws in the information sphere. However, their practical application is rather weak: there are no specific mechanisms for applying and complying with the law in practice, there are difficulties in imposing penalties for violating it, there is no systematization of law enforcement actions to exercise their responsibilities and rights in the information sphere.
The main provisions of information legislation are available in the Constitution of Ukraine [5], laws “On Information” [3], “On Personal Data Protection” [6], where data on individuals (personal data) are considered as information or a set of information on individuals, a person who is identified or can be specifically identified, classified as restricted (confidential).
In our opinion, when determining the specifics of compensation for damage caused by information security violations, it is important to pay attention directly to specific violations.
In particular, potential threats to information relations (relations concerning the collection, processing, and accumulation of information) and ways of their implementation are reflected in the relevant State Standard, according to which threats can be posed by: 1) technical channels, including channels of electromagnetic radiation and interference, radio, chemical and other channels; 2) channels of special influence forming fields and signals in order to destroy the protection system or violate the integrity of information; 3) unauthorized access - by connecting to equipment and communication lines, disguised as a registered user, overcoming protection measures for the use of information or imposing false information, the use of embedded devices or programs and the introduction of computer viruses [7].
It should also be noted that in order to protect the information in the system, the Resolution of the Cabinet of Ministers of Ukraine creates a comprehensive system of information protection, which is designed to protect information from: 1) leakage of technical channels, which include channels of spurious electromagnetic radiation and guidance, formed under the influence of physical processes during the operation of information processing facilities, other technical means, and communications; 2) unauthorized actions with information, including the use of computer viruses; 3) special influence on the means of information processing, which is carried out by the formation of physical fields and signals and can lead to a violation of its integrity and unauthorized blocking [8].
Violations of information security are set out in more detail in the Criminal Code of Ukraine. In particular, criminal liability has been established for: unauthorized interference in the work of electronic computers (computer), automated systems, computer networks or telecommunication networks (Article 361); creation for the purpose of use, distribution or sale of malicious software or hardware, as well as their distribution or sale (Article 361-1); unauthorized sale or dissemination of information with limited access, which is stored in computers (computer), automated systems, computer networks or on such media (Article 361-2); unauthorized actions with information processed in electronic computers (computer), automated systems, computer networks or stored on the media of such information, committed by a person who has the right to access it (Article 362); violation of the rules of operation of electronic computers (computers), automated systems, computer networks or telecommunication networks or the order or rules of protection of information processed in them (Article 363); interfering with the work of electronic computers (computer), automated systems, computer networks or telecommunication networks by mass dissemination of telecommunication messages (Article 363-1) [9].
In addition, analyzing the provisions of the Code of Ukraine on Administrative Offenses, we can also conclude that the following is classified as violations of information security: unreasonable refusal to provide relevant information (Article 212-3, Article 96, Article 91-4); providing information that does not correspond to reality (Article 212-3); untimely provision of information (Articles 91-4, Articles 166-4); intentional concealment of information (Article 53-2, Article 82-3, Article 83-1, Article 91-3, Article 92-1, Article 163-5, Article 186-3); coercion to disseminate or impede the dissemination of certain information, as well as censorship (Articles 212-11); dissemination of information that does not correspond to reality, disgraces the honor and dignity of the person (Article 164-3); disclosure of a secret protected by law by a person who is supposed to protect this secret (Articles 164-3); violation of the procedure for storing information (Articles 212-5, Articles 212-6); intentional destruction of information (Article 921 of the Code of Administrative Offenses, Article 2124); unreasonable assignment of certain types of information to the category of information with limited access (Article 212-2), etc. [10].
Thus, there is a wide range of possible violations of information security. To ensure the rights and freedoms of the subjects of information relations and compensate them for damage caused by information security violations, the Law of Ukraine “On Information” provides as follows: “If the violation of the right to freedom of information compensation by court decision. Subjects of power as plaintiffs in cases of protection of honor, dignity and business reputation have the right to demand in court only the refutation of inaccurate information about themselves and have no right to demand compensation for moral (non-pecuniary) damage. This does not deprive officials of the right to protection of honor, dignity and business reputation in court” [3].
Therefore, for violating information security, a person may receive compensation for tangible and non-pecuniary damage.
Following the provisions of Art. 1166 of the Civil Code of Ukraine “property damage caused by illegal decisions, actions or omissions of personal non-property rights of a natural or legal person, as well as damage caused to property of a natural or legal person, is reimbursed in full by the person who caused it. The person who caused the damage shall be exempt from compensation if he or she proves that the damage was not his or her fault. Damage caused by injury, other damage to health or death of an individual due to force majeure shall be compensated in cases established by law. Damage caused by lawful actions is compensated in cases established by the Code and other law” [11].
The civil legislation of Ukraine also provides for the compensation to a person as a result of violation of his civil rights. Losses in this case are: “1) losses incurred by the person in connection with the destruction or damage of the thing, as well as costs incurred by the person or must be made to restore his violated right (real damage); 2) income that a person could actually receive under normal circumstances, if his right was not violated (lost benefit)” [11]. As a general rule, damages are reimbursed in full, unless the contract or law provides for compensation in a smaller or larger amount.
The legislator also established that a person has the right to compensation for non-pecuniary damage caused as a result of the violation of his rights. This rule also applies to compensation for non-pecuniary damage for information security violations. In particular, under Part 3 of Art. 23 of the Civil Code of Ukraine “non-pecuniary damage is reimbursed in cash, other property or otherwise; the amount of monetary compensation for non-pecuniary damage is determined by the court depending on the nature of the offense, the depth of physical and mental suffering, impairment of the victim or deprivation of his ability to implement them, the degree of guilt of the person who caused moral damage, if the guilt is the basis for compensation, as well as, taking into account other circumstances that are significant” [11].
It is also necessary to keep in mind the Resolution of the Plenum of the Supreme Court of Ukraine, which stipulates that “non-pecuniary damage may consist, in particular: in the humiliation of honor, dignity, prestige or business reputation, moral distress due to damage to health, violation of law property (including intellectual property), rights granted to consumers, other civil rights in connection with illegal detention under investigation and trial, in violation of normal life ties due to the inability to continue active public life, disruption of relations with others, the onset of other negative consequences” [12].
It should be noted that in cases of violation of information security, it is much easier to obtain compensation for tangible damage than compensation for non-pecuniary damage.
It is also essential that the statement of claim for non-pecuniary damage should state: the court must find out what confirms the fact of causing the plaintiff moral or physical suffering or non-pecuniary loss, under what circumstances or by what actions (inaction) they are caused, in what amount or in what material form the plaintiff assesses the damage caused to him and why it turns out, as well as other circumstances relevant to resolving the dispute. The amount of compensation for non-pecuniary damage must be determined by the court depending on the nature and extent of the suffering and taking into account other circumstances. In particular, the state of health of the victim, the severity of forced changes in his life and work relationships, the degree of decline in prestige, business reputation, time and effort required to restore the previous state, etc. are taken into account. In this case, the court must proceed from the principles of reasonableness, balance, and fairness [12].
Summarizing the above, we can conclude that in the current environment of information society, digitalization, etc. information security is important in the field of private law. As a result, violations of information security may result in administrative and criminal liability. However, the option of civil liability is also important, in particular, compensation for tangible and non-pecuniary damage, which requires applying to the court. At the same time, it should be remarked that the actual compensation can occur only if the fact of damage is properly proved and the amounts contained in the claim are justified.
BIBLIOGRAPHY:
1. Ківалова Т С., Давидова І. В. Відшкодування шкоди, завданої приватноправовими діями. Цивільне законодавство України : навчальний посібник. Одеса : Юридична література, 2013. С. 311-322.
2. Настюк В. Я., Бєлєвцева В. В. Загальноправова характеристика адміністративної відповідальності за інформаційні правопорушення. Інформація і право. 2013. № 1(7). С. 151-157.
3. Про інформацію : Закон України від 02.10.1992 р. № 2657-XII. URL: https://zakon.rada.gov.ua/laws/ show/2657-12
4. Електронне урядування та електронна демократія : навчальний посібник у 15 ч. / за заг. ред. А. І. Семен- ченка, В. М. Дрешпака. Київ, 2017. Частина 13 : Захист інформації в системах електронного урядування. Київ : ФОП Москаленко О. М., 2017. 72 с.
5. Конституція України від 28.06.1996 р. URL: https://zakon.rada.gov.ua/laws/show/254%D0%BA/96-вр
6. Про захист персональних даних : Закон України від 01.06.2010 р. № 2297-VI. URL: https://zakon.rada.gov.ua/ laws/show/2297-17
7. Державний стандарт України «Захист інформації. Технічний захист інформації. Основні положення». ДСТУ 3396.0-96. URL: http://www.dut.edu.ua/ru/lib/1/category/925/view/1043
8. Про затвердження Правил забезпечення захисту інформації в інформаційних, телекомунікаційних та інформаційно-телекомунікаційних системах : Постанова Кабінету Міністрів України від 29 березня 2006 р. № 373. URL: https://zakon.rada.gov.ua/laws/show/373-2006-п
9. Кримінальний кодекс України від 05.04.2001 р. № 2341-III. URL: https://zakon.rada.gov.ua/laws/show/2341-14
10. Кодекс України про адміністративні правопорушення від 07.12.2019 р. № 8073-X . URL: https://zakon.rada. gov.ua/laws/show/80731-10
11. Цивільний кодекс України від 16.01.2003 р. № 435-IV URL: https://zakon.rada.gov.ua/laws/show/435-15
12. Постанова Пленуму Верховного Суду України «Про судову практику в справах про відшкодування моральної (немайнової) шкоди» від 31.03.1995 р. № 4. URL: https://zakon.rada.gov.ua/laws/show/v0004700-95
Размещено на Allbest.ru
...Подобные документы
Presidential candidates. Learning the information of the Electoral College, to understanding the process by which the President is officially elected. The formal ceremony of presidential inauguration, including the information about its time, place.
курсовая работа [34,7 K], добавлен 09.04.2011Functions of democracy as forms of political organization. Its differences from dictatorship and stages of historical development. Signs and methods of stabilizing of civil society. Essence of social order and duty, examples of public establishments.
контрольная работа [24,4 K], добавлен 11.08.2011The situation of women affected by armed conflict and political violence. The complexity of the human rights in them. Influence of gender element in the destruction of the family and society as a result of hostilities. Analysis of the Rwandan Genocide.
реферат [10,9 K], добавлен 03.09.2015The computer systems and unique possibilities for fulfillment before unknown offenses. The main risks and threats to information systems security in the internet. Internet as a port of escape of the confidential information and its damage minimization.
контрольная работа [19,6 K], добавлен 17.02.2011Information security problems of modern computer companies networks. The levels of network security of the company. Methods of protection organization's computer network from unauthorized access from the Internet. Information Security in the Internet.
реферат [20,9 K], добавлен 19.12.2013The definition of term "economic security of enterprise" and characteristic of it functional components: technical and technological, intellectual and human resources component, information, financial, environmental, political and legal component.
презентация [511,3 K], добавлен 09.03.2014General characteristics of the personal security of employees. Bases of fight against a corruption in the tax service of Ukraine. Personal safety of the tax police, concept, content, principles. Legislative regulation of non-state security activity.
реферат [24,7 K], добавлен 08.10.2012The material and technological basis of the information society are all sorts of systems based on computers and computer networks, information technology, telecommunication. The task of Ukraine in area of information and communication technologies.
реферат [29,5 K], добавлен 10.05.2011NANO Security - сплоченная команда молодых специалистов: программистов, аналитиков, тестировщиков, менеджеров. Предметная область, назначение разработки, требования к программному изделию, системы управления обучением. Обзор языков программирования.
отчет по практике [1,1 M], добавлен 22.07.2012The need for human society in the social security. Guarantee of social security in old age, in case of an illness full or partial disability, loss of the supporter, and also in other cases provided by the law. Role of social provision in social work.
презентация [824,4 K], добавлен 16.10.2013The essence of the problem of personal security tax police officer. Precautions when making an attack on a person or employee of the tax police. The acquisition and improvement of the service experience, combat, operational training for its skillful use.
реферат [23,4 K], добавлен 08.10.2012Overview history of company and structure of organization. Characterization of complex tasks and necessity of automation. Database specifications and system security. The calculation of economic efficiency of the project. Safety measures during work.
дипломная работа [1009,6 K], добавлен 09.03.2015Signal is a carrier of new information for the observer. Concept and classification detector signals, their variety and functional features. The detection abilities of different detector’s types, methodology and milestones of their determination.
контрольная работа [1,1 M], добавлен 27.04.2014Practical acquaintance with the capabilities and configuration of firewalls, their basic principles and types. Block specific IP-address. Files and Folders Integrity Protection firewalls. Development of information security of corporate policy system.
лабораторная работа [3,2 M], добавлен 09.04.2016Ability of the company to reveal and consider further action of competitive forces and their dynamics. Analysis of environment and the target market. Functional divisions and different levels in which еhe external information gets into the organization.
статья [10,7 K], добавлен 23.09.2011A database is a store where information is kept in an organized way. Data structures consist of pointers, strings, arrays, stacks, static and dynamic data structures. A list is a set of data items stored in some order. Methods of construction of a trees.
топик [19,0 K], добавлен 29.06.2009Information access and exchange. Cognitively Salient Relations for Multilingual Lexicography. Work in Cognitive Sciences. Transcription and Normalization. Mapping to Relation Types. Clustering by Property Types. Information about synonyms and antonyms.
реферат [24,6 K], добавлен 28.03.2011IS management standards development. The national peculiarities of the IS management standards. The most integrated existent IS management solution. General description of the ISS model. Application of semi-Markov processes in ISS state description.
дипломная работа [2,2 M], добавлен 28.10.2011Процесс принятия управленческих решений. Формирование целей, критериев и ограничений. Swot-анализ деятельности ООО "ОП AN-Security". Построение дерева решений. Задачи и методы многокритериальной оптимизации. Оценка решений с точки зрения траты денег.
курсовая работа [90,5 K], добавлен 12.06.2013Сrime of ciber is an activity done using computers and internet. History of cyber crime. Categories and types of cyber crime. Advantages of cyber security. The characteristic of safety tips to cyber crime. Application of cyber security in personal compute
презентация [203,5 K], добавлен 08.12.2014
