ST 183 of the Criminal Code of the Russian Federation.
1. Collecting information constituting commercial, tax or banking secrets by stealing documents, bribery or threats, as well as in any other illegal way -
shall be punishable by a fine in the amount of up to five hundred thousand rubles, or in the amount of the wages or other income of the convicted person for a period of up to one year, or by correctional labor for a term of up to one year, or by forced labor for a term of up to two years, or by imprisonment for the same term.
2. Illegal disclosure or use of information constituting commercial, tax or banking secrets, without the consent of their owner, by a person to whom it was entrusted or became known through service or work -
shall be punishable by a fine in the amount of up to one million rubles or in the amount of the wages or other income of the convicted person for a period of up to two years, with deprivation of the right to hold certain positions or engage in certain activities for a term of up to three years, or by corrective labor for a term of up to two years, or by forced labor. for a term of up to three years, or imprisonment for the same term.
3. The same acts that caused major damage or were committed out of selfish interest, -
shall be punishable by a fine in the amount of up to one million five hundred thousand rubles, or in the amount of the wages or other income of the convicted person for a period of up to three years, with deprivation of the right to hold certain positions or engage in certain activities for a term of up to three years, or by forced labor for a term of up to five years, or imprisonment for the same period.
4. Acts provided for in parts two or three of this article, which entailed grave consequences, -
shall be punishable by forced labor for a term of up to five years or imprisonment for a term of up to seven years.
Commentary to Art. 183 Criminal Code
1. The legal regime of a trade secret is determined by the Civil Code of the Russian Federation and the Federal Law of July 29, 2004 N 98-FZ “On Trade Secrets”. A trade secret is a regime of confidentiality of information that allows its owner, under existing or possible circumstances, to increase income, avoid unjustified expenses, maintain a position in the market for goods, works, services, or obtain other commercial benefits.
2. Tax secret consists of any information about the taxpayer received by the tax authority, internal affairs bodies, the body of the state extra-budgetary fund and the customs authority, with the exception of a number of specially specified information (Article 102 of the Tax Code of the Russian Federation).
3. Banking secrecy consists of information about transactions, accounts and deposits of clients and correspondents (Article 857 of the Civil Code of the Russian Federation, Article 26 of the Federal Law of December 2, 1990 N 395-1 “On Banks and Banking Activities”). The credit institution itself, at its own discretion, can neither expand nor narrow the list of information classified as bank secrecy, nor the circle of persons entitled to receive this information. In relation to banks and other credit organizations, one should distinguish between the commercial secret of the credit institutions themselves as a commercial organization and banking secrets.
4. In part 1 of Art. 183 of the Criminal Code provides for liability for collecting relevant information through theft of documents, bribery, threats, as well as other illegal means. This information must have some tangible form. In addition to documents (named by the law itself), these can be drawings, industrial designs, inventions, etc. Other illegal means include illegal access to computer information, illegal wiretapping of telephone conversations, illegal access to correspondence, etc.
5. Collection of the information in question through unlawful access to legally protected computer information, if this entailed the destruction, blocking, modification or copying of computer information, should be qualified under the totality of Part 1 of Art. 183 and art. 272 of the Criminal Code.
6. If the method of collecting information was bribery of officials or persons performing managerial functions in a commercial or other organization, then liability should arise under Part 1 of Art. 183 and art. 291 or part 1 or 2 of Art. 204 CC.
7. Disclosure - an action or inaction as a result of which information constituting a commercial, banking or tax secret, in any possible form (oral, written, other form, including using technical means), becomes known to third parties without the consent of the owner of such information or contrary to an employment or civil contract.
8. According to Part 2 of Art. 183 of the Criminal Code, liability arises for persons to whom this information was entrusted or became known through service or work.
The person to whom this information was entrusted should be considered the one who, by virtue of his position, has this information and uses it in the performance of his professional activities. A person to whom this information became known through service or work may be considered an employee to whom this information is not provided for use, but who became familiar with it in the performance of his professional duties.
Officials (prosecutor, investigator, tax inspector, etc.), private notary, private auditor who disclosed or used such information are liable for aggregation of crimes - under Part 2 of Art. 183 and under Art. 286 or 202 of the Criminal Code.
What are commercial, tax and banking secrets?
Article 183 of the Criminal Code of the Russian Federation simultaneously protects three types of secrets: commercial, banking and tax.
Trade secrets are confidential data thanks to which entrepreneurs and organizations successfully conduct business and interact with counterparties. For example, information about contractors, know-how, and the value of the company’s property.
Tax secret is information about citizens and enterprises received by the Federal Tax Service and extra-budgetary funds in connection with taxpayers’ obligations to pay taxes and insurance contributions. For example, personal data, transaction information.
Banking secrecy is data that citizens and companies provided to a credit institution when opening an account, making a deposit, or applying for a loan. For example, bank card numbers and PIN codes for them, terms of the loan agreement.
Within organizations, in banks, the Federal Tax Service and other government agencies that receive insider information from citizens and organizations, documentation is being developed to protect all types of secrets. Employees sign a confidentiality agreement.
Conditions on disciplinary and financial liability are included on the basis of the Labor Code of the Russian Federation in the employment contract and job descriptions. After dismissal, the former employee is obliged to continue to keep confidential information that was communicated to him in connection with the performance of his official duties.
Not all information is classified as commercial, tax or banking secret. If you are accused of disseminating confidential data, it is advisable to immediately contact our lawyers. They will tell you how to prove the absence of a violation.
Second commentary to Art. 183 of the Criminal Code of the Russian Federation
1. Part 1 and part 2 of the article provide for independent elements of crimes, which are combined by the subject of the criminal offense - information constituting commercial, tax or banking secrets.
2. The concept of a trade secret is given in Art. 3 Federal Law of July 29, 2004 No. 98-FZ “On Trade Secrets”: “a regime of confidentiality of information that allows its owner, under existing or possible circumstances, to increase income, avoid unjustified expenses, maintain a position in the market for goods, works, services, or obtain other commercial benefit." Tax secrecy is formed by any information received by the tax authority, internal affairs bodies, investigative bodies, state extra-budgetary fund bodies and customs bodies about the taxpayer, payer of insurance premiums, with the exception of information specifically specified in tax legislation (Article 102 of the Tax Code). Banking secrecy includes the secrecy of a bank account and bank deposit, account transactions and information about the client (Article 857 of the Civil Code, Article 26 of the Federal Law of December 2, 1990 No. 395-1 “On Banks and Banking Activities”).
3. The objective side consists of collecting the above information by:
1) theft of documents;
2) bribery;
3) threats;
4) in any other illegal way.
4. The composition is formal.
5. The subjective side is expressed in direct intent.
6. Subject - a person who has reached the age of 16 years and is not legally allowed to possess a secret.
7. In part 2 of Art. 183 of the Criminal Code provides for liability for the illegal disclosure or use of information constituting a commercial, tax or banking secret, without the consent of its owner, by a person to whom it was entrusted or became known through service or work.
Both the disclosure and use of information are illegal if the owner of the secret did not consent to it and there were no grounds specified in the law and other regulations for the transfer of confidential information to authorized persons or bodies.
8. The subjective side is characterized by direct intent.
9. Subject - a person legally allowed to possess commercial, tax or banking secrets (heads of a commercial or other organization, bankers, employees of tax authorities, law enforcement, customs and other authorities).
10. In part 3 of Art. 183 of the Criminal Code provides qualifying criteria for Part 2 of the article; in part 4 of the article - a special qualifying feature for the crimes specified in parts 2 and 3 of art. 183 of the Criminal Code.
Full-time “disclosers”: five court cases under Article 183 in Russian companies
“Illegal receipt and disclosure of information constituting commercial, tax or banking secrets” - this is the name of Art. 183 of the Criminal Code of the Russian Federation, according to which organizations can hold unfortunate workers accountable. SearchInform analysts studied open materials of criminal cases over the past year. Selected examples show that companies are most often able to prove a data leak in court. But behind the leak there is always an attempt to implement a fraudulent scheme.
Memorable gift
Before leaving the Yekaterinburg company that produces sweet gifts, the head of the sales department decided to make a “present” to her new employer. The employee sent to her personal mail, as well as to the e-mail of the company where she was going to work, a database of contractors, names of goods, purchase prices and the financial result of her previous employer.
At her new job, she received the position of development manager. At the general meeting, the employee announced that she had a new client base that needed to be processed and supply agreements concluded with new partners.
The manager did not have time to lure all the clients: the former employer discovered the data leak and went to court. Among other evidence, there was a signed employment contract, which prohibited the employee from disclosing confidential information about the company for another five years after dismissal.
The employee was sentenced to 1 year and 6 months of correctional labor with the withholding of 20% of earnings to the state income.
“Punch the number!”
Source
A contact center operator from a Saransk telecom company processed subscriber requests, blocked and replaced SIM cards, and also advised clients. And for a modest 4,200 rubles, she agreed to “punch through” information about four subscribers - text messages, full name, passport details, account information. The non-disclosure agreement that the employee signed when applying for a job did not stop her. She copied the necessary information from the company’s internal system and sent it to the customer on Viber.
As a result, the court imposed a suspended sentence of imprisonment for a period of 1 year and 2 months. He also deprived her of the right to engage in activities related to the processing of personal data for 2.5 years.
Broken deal
The supervisor of the Novosibirsk branch of a telecom company and an employee who recently left the company decided to make money by selling personal data. The accomplices came to the office to “get information.” To ease the vigilance of his colleagues, the supervisor, in front of witnesses, began calling clients, offering them new company services. Meanwhile, the former employee, through a username and password, who asked one of the employees he knew, entered the corporate system, copied data on 506,185 subscribers, including information about contracts and invoices, archived it and sent it to personal email.
An external transaction could have taken place, but the DLP system timely recorded the transfer of confidential information to a third-party e-mail. Having completed the internal investigation, the company went to court. As a result, the defendants were sentenced to 1.5 years and 1 year 3 months probation.
Cash manager
A leading customer service specialist at one of the banks in Kazan also decided to carry out the fraud “on the side.” On duty, he accessed data protected by the Bank Secrecy Act. Through a work account, the employee collected detailed information about 110 clients - complete personal data, the number of open accounts with details and cash balances. The manager passed on the collected information to third parties who used other people’s data for dubious transactions. Thus, through some of the accounts, third-party legal entities cashed out money.
After an internal audit, it turned out that many of the bank’s clients, whose personal data was illegally used by the employee, had not been interested in the state of their accounts for a long time, and some had even forgotten about them. This allowed the ex-employee to remain in the shadows for some time.
As a result, the court imposed a fine of 500 thousand rubles on the defendant and deprived him of the right to work in banks for 2 years and 6 months.
Shadow accountant
A similar case was considered by the court in Surgut. The account manager took advantage of her official access to the banking system with great authority. She opened deposits, made statements, connected services and processed clients’ personal data. When hired, the woman was informed that she was personally responsible for the disclosure and illegal use of information constituting bank secrecy.
Having discovered that there had been no movement on some “heavy” accounts for a long time, the manager decided to take a gamble. She transferred money from six clients (amounts from 100 to 499 thousand rubles) to her card. Each transaction was processed through a payment order certified by the general manager, whose trust the employee took advantage of.
The court sentenced the defendant to suspended imprisonment for 2.5 years. The manager must also compensate the bank for the damage caused.
Alexey Parfentyev, head of the analytics department at SearchInform, sees key similarities in all the stories:
– Confidentiality of information in Russia is protected by several laws: on personal data (152-FZ), on trade secrets (98-FZ), on insider information (224-FZ), etc. Recently, the number of cases of violations of these laws has been increasing. This is due to the availability of large amounts of data for employees, as well as the digitalization of document flow.
All of the above cases concern data leakage, but they are based on fraud, which cannot be protected from either federal laws or classical technical means, such as blocking and restricting access to information at the local network level. A simple technical approach does not apply to fraud protection because it is a human threat, not a technical one. Both customers and developers of information security tools understand this. Companies are looking for much more advanced information security systems; at the same time, risk analysis systems that help predict employee behavior are also gaining popularity.