Page 1

NATIONAL CENTER FOR DATA PROTECTION
WITH PERSONAL CHARACTER OF THE REPUBLIC OF MOLDOVA
MD-2004, mun. Chisinau, str. Serghei Lazo, 48, tel: (+ 373-22) 820801, 811807, fax: 820807 , www.datepersonale.md

ORDER no.
may 2013

mun. Chisinau

Regarding the approval of the Instructions
on the processing of personal data
in the police sector

pursuant to art.20 par. (1) lit. c) of Law no. 133 of July 8, 2011 on protection
personal data, Chapter II, art. 3 lit. e2) of the Regulation of the Center
National Agency for the Protection of Personal Data, structure, staff - limit and
of the financing of the National Center for Character Data Protection
Personally, approved by Law no. 182-XVI of July 10, 2008,
ORDER:

1. The Instructions on the processing of personal data are approved in
police sector (attached).
2. It is recommended that the General Prosecutor's Office take into account the Instructions in
within the adaptation of the procedures for the processing of personal data by
authorities engaged in the police sector, in accordance with the principles laid down by
legislation governing the field of personal data protection.
3. The Legal and Public Relations Department, jointly with the Records and Control Department,
will ensure the placement of the Instructions on the processing of personal data in
the police sector on the official website of the National Center for Data Protection
with Personal Character of the Republic of Moldova ( www.datepersonale.md) ... ......

Vitalie PANIŞ
Director

Page 2

attached
by order of the director of the Center
National Data Protection Agency
Personal Character of the Republic of Moldova
no. ____ of __ May 2013

INSTRUCTIONS
on the processing of personal data in the police sector
preamble
National Center for Personal Data Protection of the Republic
Moldova (Center), aware of the progress of information technologies and the transition to
automated methods for processing personal data;
in order to prevent unauthorized data processing operations with
personal data stored in automated records systems in terms of appearance
consulting, extracting and using them excessively for the stated purposes;
taking into account the security incidents identified by the Center, such as:
attachment of personal files to the materials of the criminal or contravention files
extracts from the State Register of the population or copies of identity cards
to be accompanied by them in which data of character are recorded
personnel that are not required for these processes ( personal data that
targets children, eye color, blood type, height, information on
family status, information about participation in elections, nationality, etc. );
non-compliance with the confidentiality and security regime of data processing
personally by unauthorized disclosure of the contents of the interceptions
telephone conversations made during the criminal investigation; unauthorized access
in the security perimeter of the conditioning criminal investigation bodies
subsequently unauthorized access to personal data; consultation
information stored in the main state information resources in the absence of
legal grounds for carrying out such operations, etc.,
taking into account the fact:
- that the exchange of personal data within the cooperation of the bodies
police officers, in accordance with the principle of availability of information, should
supported by clear rules that increase mutual trust between authorities
ensure the protection of relevant information and respect for rights
fundamental rights of individuals;
that it is necessary to specify the objectives of data protection
personnel in police activities and established rules that would ensure that
any information collected is processed lawfully and in accordance with
fundamental principles regarding data quality;
that any action to disclose personal data, including which
does not refer to the activity in criminal, contraventional and, as the case may be, civil matters,
1

Page 3

must respect the fundamental rights and freedoms of the persons concerned,
including the right to the protection of personal data;
considering the importance and role of prosecutors in the justice system
including the fact that the quality of the prosecutor's office's activities directly reflects the level
democracy in a rule of law and ensuring a fair and just process
functioning of the criminal justice system can be achieved only on condition
the fulfillment by all competent actors of the attributions correctly, consistently
and quickly, respecting and protecting human dignity and human rights;
appreciating that the General Prosecutor's Office has the role of guarantor in what
concerning the transposition into practice of the mandatory nature of procedural law
by controlling the compliance of the procedural actions with the provisions of the Code of
criminal procedure, other normative acts, as well as international acts,
including by the method of issuing methodological and regulatory instructions in
issues related to the enforcement aspects of the legislation and the efficiency of the activity of
combating and preventing crime, has developed these Instructions on the processing of personal data in
the police sector.

I.

GENERAL DISPOSITIONS

1.
Instructions on the processing of personal data in the sector
(Instructions) were drawn up without reaching the sphere of competence of
To the General Prosecutor's Office, taking into account the provisions of the Defense Convention
human rights and fundamental freedoms; Convention for protection
persons regarding the automated processing of personal data;
Havana rules adopted by the Eighth Congress of the United Nations on
crime prevention and treatment of criminals; Recommendation 1604 (2003) a
Parliamentary Assembly of the Council of Europe on the role of the prosecution in society
democratically governed on the principle of the rule of law; Code of Procedure
criminal law of the Republic of Moldova; The Contravention Code of the Republic of Moldova; Laws
on the protection of personal data; Law on the Prosecutor's Office; rEQUIREMENTS
compared to ensuring the security of personal data when processing them in
within the personal data information systems, approved by the Decision
Government no. 1123 of December 14, 2010; Regulation of the Register of evidence a
personal data operators, approved by Government Decision no. 296
of May 15, 2012; Regulation of the General Prosecutor's Office, approved by order
To the General Prosecutor no. 52/3 of June 21, 2010; The Prosecutor's Code of Ethics,
approved by the Decision of the Superior Council of Prosecutors no. 12-3d228 / 11 of 04
October 2011.
The instructions may serve as guidelines for the purpose of bringing
2.
personal data processing operations carried out by prosecutors and
the entities involved in the police activity in accordance with the principles established by
2

Page 4

Convention for the Protection of Individuals with regard to Automatic Data Processing
personal data, the Law on personal data protection and good
practices in the field.
3.
Notions used in the text:
- personal data : any information relating to a natural person
identified or identifiable ( subject of personal data ). The person
identifiable is the person who can be identified, directly or indirectly, by reference to
an identification number or one or more elements specific to his identity
physical, physiological, mental, economic, cultural or social. For example: name,
first name, year of birth, domicile, state identification number (IDNP), pictures
photo and video - represents personal data that refers to an individual
directly identified. In the process of conducting criminal proceedings, from the individual may be
collected other personal data, such as the signature applied to the preparation
documents / projects, papillary fingerprints, etc. At the same time, the statements made by the participants
at trial and recorded in the minutes of the hearing also represent data with
personal data concerning the interviewed persons or identified third parties or
identifiable persons involved in the commission of a prejudicial act.
- special categories of personal data : data revealing the origin
racial or ethnic identity of the person, his or her political, religious or philosophical beliefs,
social affiliation, data on health or sexual life, as well as those
regarding criminal convictions, coercive procedural measures or sanctions
contraventions. For example: information contained in: medical certificates / reports
of forensic expertise, in the criminal record, in the annex to the identity card
( Stamps "Referendum 2010" election "because in certain circumstances can the
speed reflects certain political beliefs ) etc. Also information
relating to persons in hospitals, nursing homes or detained on the basis of a
arrest warrant until the pronouncement of the court sentence, referring to the persons
sentenced to imprisonment, to those who execute a contravention sanction in the form
detainees, located in penitentiary institutions, represent special categories of data with
personal character.
- processing of personal data : any operation or series of
operations performed on personal data by means
automated or non-automated, such as: collection, registration, organization,
storage, preservation, restoration, adaptation or modification, extraction, consultation,
use, disclosure by transmission, dissemination or in any other way, joining or
combining, blocking, deleting or destroying.
- operator : natural person or legal person governed by public or legal law
private, including the public authority, any other institution or organization that, in a way
individually or together with others, establishes the purposes and means of processing a
personal data expressly provided for by the legislation in force. Of
example: in all cases when the General Prosecutor's Office will regulate by an act
departmental normative purposes and procedures for collection, storage and processing in
3

Page 5

continuation of some personal data in automated record-keeping systems,
manual or mixed, will be constituted as operator of these data.
- person authorized by the operator : natural person or person
public law or private law, including public authority and subdivisions
territorial authorities, which process personal data in the name and on behalf of
operator, based on instructions received from the operator. For example: prosecutors' offices
territorial / specialized are empowered persons when processing data with
personal in accordance with the instructions approved by the General Prosecutor's Office.
- personal data record system : any structured series of
personal data accessible according to specific criteria, whether it is
centralized, decentralized or distributed according to functional or geographical criteria. Into the
quality of personal data record system is inclusive but not
it is limited to the databases, information and computer systems in which they are
stored and processed automatically or manually personal data. E.g:
classic models of personal data recording systems represent:
Register of prosecutor's office employees or corporate telephone numbers
of the employees of the Prosecutor's Office, the Register of visitors; Register of
petition records and other addresses, personalized information on
specialized training of prosecutor's office employees or other subjects involved in the process
instructional, etc., other structured series of personal data, such as: images
video collected through a video surveillance system installed on site or on
the perimeter of the prosecutor's office, etc .;
- data depersonalization : modification of personal data so that
details of personal or material circumstances no longer allow for assignment
to an identified or identifiable natural person;
- police activity : the totality of actions / inactions undertaken by
law enforcement ( police ) in order to prevent / combat / investigate
prejudicial acts ( offenses and contraventions ) and maintaining public order.

II. ORGANIZATIONAL AND TECHNICAL PROCEDURES NECESSARY TO BE
RESPECTED
4.
Entities involved in the process of criminal activity or
The offenses are to be attributed, depending on their role, the quality
by the operator or a person authorized by the operator, in accordance with the notions established
of art. 3 of the Law on personal data protection and point 3 of the present
Instructions. This will allow for a clear delineation of competencies and allocation
adequate rights and obligations in the context of data processing operations with
personal character.
All persons involved in the process of carrying out the specified activities
5.
in point 4, which processes personal data, including prosecutors,
shall be subject to a declaration of confidentiality, which may be included as appropriate
4

Page 6

in employment contracts, having the quality of a contractual clause, or in job descriptions, with
the express mention of the civil, contraventional or criminal liability for
violation of it.
6.
The data security policy is to be developed and implemented with
personal in accordance with the provisions of the Security Requirements
personal data when processing them in information systems
of personal data, approved by Government Decision no. 1123 of 14
December 2010 (Requirements), which would cover issues including: procedures and
measures related to the implementation of the security policy, with the application of practical solutions with a
proportional level of detail and complexity; identification and authentication
invested users with access rights to data information systems with
personal character; ways to react to security incidents; protection of
information and communication technology; ensuring the integrity of the information that
contains personal data; management of access to character data
processed personnel; audit in information systems and data recording with
personal, etc .
7.
The institutional security policy is to contain regulations that would
ensure the protection of personal data processed in computer systems
records held, in particular by the following methods:
- preventing unauthorized connections to communication networks and
interception by means of technical means of personal data transmitted by
these networks, especially in the process of disclosing by transmission of character data
personnel between the competent entities with different competencies in the development process
personal data processing activities within the prevention actions
and investigating crimes, enforcing convictions and others
actions within the criminal or contravention procedure;
the exclusion of unauthorized access to personal data processed in
within the records systems by the method of implementing the identification procedures and
user authentication; by allocating obligations and investing with a minimum of
rights and competencies of those involved in the management of
record of personal data; by ensuring the integrity of resources
informational ( data and programs );
- prevention of special technical and program actions that may condition
destruction, modification of personal data or malfunctions
the technical and program complex, the software intended for the processing of character data
personally, by the method of using special technical and program means of protection,
including licensed programs, antivirus programs, system organization
software security control and periodic backups;
- prevention of intentional and / or unintentional actions of users
internal and / or external, as well as other employees, which condition the destruction,
modification of personal data processed in the record systems or
defects in the work of the technical and program complex;

5

Page 7

- preventing the leakage of information containing personal data,
transmitted through the connecting channels through the use of encryption methods ( encryption ) of
this information;
- establishing the exact order and procedures for accessing the information it contains
personal data, processed within the information and record systems
established for both internal and external users;
- organizing the generation of security audit records in the systems
information and personal data to be possible
accumulation of evidence in cases of investigation of possible operations of
unauthorized access / attempted access, modification, extraction, blocking,
deletion or destruction of personal data processed in these systems
evidence.
In case of disclosure of the electronic format of personal data
8.
contained in criminal, misdemeanor and / or civil cases, in the accounting lists with
employee data and other documents aimed at employees, through communication networks
or on another digital storage and storage medium, its encryption is to be ensured
information or examination of the possibility of using a bilateral channel connection
secure VPN. Wireless access to personal data tracking systems
to be allowed and authorized only in the case of the use of cryptographic means
information protection. Each case of requesting disclosure by data transmission
personal information will be examined separately, based on the possibilities
provided by the consignee and the operator, as well as in accordance with the measures
organizational and technical measures implemented by the parties. Where the networks
poses risks to the confidentiality and security of data with
personal transmission, traditional methods of transmission will be used ( postal delivery
with recommended opinion, personal handover, etc. ).
9.
Disclosure by transmission of personal data through networks
communications that do not correspond to the Requirements, ( for example: sending information
via personal emails such as @ gmail.com, @ mail.ru, @ yahoo.com,
and so on ) is to be banned.
10. The disclosure of character data operations shall be prohibited
personnel between the prosecutor's office or the authorities carrying out activities in the police sector
of the Republic of Moldova to entities located geographically on the left bank of the Dniester and which
refuses to legally submit to the legislation of the Republic of Moldova, considering that
at the moment there is no possibility of exercising effective control over this part
territorially, including in the part related to the conformity of the processing of character data
personally to the provisions of the Law on the protection of personal data. E.g:
on January 4, 2013, as a result of examining the complaint of a group of people, the Center a
issued the decision on the suspension of data processing operations
personally, by which he asked the Ministry of Internal Affairs to suspend any
disclosure operations to unconstitutional authorities in administrative districts
located on the left bank of the Dniester, of personal data, processed as an operator
or recipient, until the moment of mandatory registration by these entities in
in accordance with the provisions of art. 23 and 34 paragraph (4) of the Law on data protection with
6

Page 8

personal character and the implementation of the Data Security Requirements with
personal character in their processing within the data information systems with
personal character, approved by Government Decision no. 1123 of December 14, 2010.
Subsequently, this decision served as a basis for the issuance by the Central Court of
a judgment by which the court found a violation of the right to privacy and a
legislation on the protection of personal data by the method of data transmission
with personal character to the authorities and entities on the left bank of the Dniester of the Republic
Moldova, which acts outside the national legal field, obliging the Ministry
Internal Affairs to pay moral and material damages in the amount of over 180 thousand lei.
Moreover, by the Decision of the Superior Council of Magistracy of April 10, 2012, with
on the approach of the Minister of Justice, regarding the opinion on the addressing of the
Minister, on the issue of addressing legal issues, it was found that
quoted: “... any act issued by the self-proclaimed authorities of this part of the Republic
Moldova, contradict from the outset of the Constitution, the fact referring equally
and on any judgments, decisions, sentences pronounced by the courts established in
the region given illegally. Thus, the Council considers any collaborations to be unacceptable,
legal cooperation and proposals for legal solutions with the structures in the region
Transnistrian. ”.
11. Procedure for disclosure by transmission of stored personal data
on paper, including in the case of overseas investigations
Of the Republic of Moldova, is to be regulated by an institutional normative act, taking
the need to ensure an adequate level of data protection with regard to
personal, including through diplomatic channels. Cross - border transmission of
personal data is to be carried out in strict accordance with the provisions
art. 32 of the Law on the protection of personal data, especially in cases where
the international treaty under which the transmission is made does not contain guarantees
on the protection of the rights of the subject of personal data.
12. The volume and category of personal data collected for the purpose
prevention and investigation of crimes, enforcement of convictions
and other actions in criminal or misdemeanor proceedings need to be limited
to what is strictly necessary to achieve the stated goals.
13. General Prosecutor's Office ( as the case may be, territorial / specialized prosecutor's offices ),
is to explicitly regulate, in accordance with the provisions of art. 15 and 212 Code of
criminal procedure, the procedure for accessing the materials of the files of witnesses, suspects,
defendants, victims, injured parties, civil and civilly liable parties, a
defenders or authorized persons, in order not to admit the disclosure
unauthorized use of personal data, including shall prohibit the performance
unauthorized photo and video recordings in the security perimeter of the prosecutor's office,
as well as the use of hidden technical means, taking into account the need
ensuring the confidentiality and security of the processing of personal data
personnel, provided by art.29 and 30 of the Law on data protection of character
as well as point 26 of the Requirements. For example : actions such as registration
video, in the process of getting acquainted with the materials of the criminal case no. 2010038002 and
control material no. 18 pr / 13, with the subsequent disclosure of the videos in
7

Page 9

Area
Internet
on
http://curajtv.play.md/
and
http://www.youtube.com/watch?v=QnFGqTumx8Q ), are to be excluded per se .
14. If, the lawyer or the authorized person requests to take
acquainted with the materials of the case, they are to be informed in writing about
the obligations incumbent on them in accordance with the provisions of art. 15 Code of Criminal Procedure,
art. 29 and 30 of the Law on the protection of personal data, including about
1
the liability provided by art. 74
Contravention code and / or art. 315 Penal Code.
15. Prosecutor's Office and other entities engaged in activities in the police sector
is to review the terms of the contracts concluded with the State Enterprise Center
State Information Resources "Registry", in order to fully cover the
the provisions established by art. 4 para. (1) lit. a), b,) c,) d) and e) of the Law on protection
personal data. To this end, authorized persons are to have access
only to those categories and volume of personal data stored in the resources
main state information, which are directly related to the purpose for which they are
accessed or collected. Thus, individualized access to each category will
excludes the possibility of processing an excessive volume of data targeting subjects or in
purposes other than those initially provided. For example: it was found that in 80% of cases
prosecuting officers or prosecutors consult the State Register of the Population in
the purpose of identifying the place of residence of witnesses and other participants in the trial
to quote them at hearings. In this case the other data that are currently accessible
( name, surname of children, parents, spouses, blood type, height, color
eyes, properties, etc. ), are not necessary for the purpose originally proposed.
16. Prosecutors, prior to the initiation of authorization procedures by judges
instruction of special investigative measures, is to give an appreciation
the proportionality of the interference allowed in the person's private life in relation to the purpose
pursued and to decide, on its own responsibility, whether it is necessary to restrict certain rights
and freedoms of the person, in particular the right to privacy. In the process of
decision on the initiation of authorization procedures or in the process of
authorization to carry out a special investigation activity, the representatives of the authority
ability and competencies are to take into account the provisions of art. 4 para. (1) of the Law
on the protection of personal data which states that personal data
personnel subject to processing must be adequate, relevant and not excessive in scope
regarding the purpose for which they are collected and / or further processed. This is it
principle of personal data protection, corroborated with the provisions of art. 15 i
1
132 para. (3) Code of Criminal Procedure, to be applied each time it is
decided the appropriateness of applying a special investigative measure. For example : it is
relevant to the situation frequently reported to the Center by mobile operators,
when in a criminal case initiated for the theft of a mobile phone, they are charged
requests personal data concerning subscribers who have called or have been called
from this phone, using the IMEI code, information, which can be recorded in dozens
or even hundreds of pages, the actual being used by the applicants and only the information on
subscribers who called or were called most often, limited to
a few people, who after the hearing can help identify the suspect. In these
situations, the volume of personal data processed "bundled" is excessive, and
8

Page 10

interference with the privacy of persons in relation to the stated purpose, apparently, is
unjustified.
17. Personal data stored in the State Register of Population and others
The main state information resources are to be consulted only if
this action is legally motivated and substantiated, and the extraction
personal records in the automated system (s), to be performed only in cases
exceptional, following that the extracted file will not be stored for a period exceeding
achieving the proposed goals. Next, to achieve the purpose for which they were
extracted, personal files are to be destroyed based on a decision taken in this regard.
In the same vein, the confidentiality regime should be regulated separately
and security of personal data recorded in the extracted personal files.
They are to be kept for the period necessary for the criminal investigation
separately in another file and not be attached to the materials of the criminal case, as well as to
not be notified to the parties, except the person concerned. It is explained that the extraction
the names of persons who are not participants in the criminal proceedings for use
the photographs recorded in these documents for carrying out the procedural action provided
of art.111 paragraph (6) Code of Criminal Procedure - presentation for recognition, is
inadmissible and flagrantly violates the principles provided by art. 4 paragraph (1) letter b) of the Law
1
regarding the protection of personal data, including the provisions of art.74
paragraph (4) Cod
contraven ional.
18. The categories of personal data that are to be reviewed are to be reviewed
collected and included in the procedural documents drawn up by prosecutors or officers
of criminal investigation, so that they are not excessive in relation to the provisions of art. 15
Code of Criminal Procedure. For example : in the minutes of the hearing of witnesses
only their name, surname and address must be indicated, arising from the provisions of art.
105 Code of Criminal Procedure. At the same time, the minutes are to be drawn up
compliance with the provisions of art. 260 Code of Criminal Procedure, in which they are expressly stipulated
the elements that must include the minutes. Thus, the collection of data categories
of a personal nature which are not to be found in the provisions of the above-mentioned article,
shall be prohibited or motivated in writing in the minutes in accordance with
the provisions of art. 15 para. (3) Code of Criminal Procedure.
19. Actions are to be taken to exclude cases of use,
by prosecutors or representatives of authorities operating in the sector
police, the service situation and public resources to check if they are
or not in the eyes of other law enforcement agencies. For example : The center found several
cases when mid-level decision makers requested from SE "CRIS" Registry "
information from the audit of information systems on entities and users
authorized to carry out the operations of consultation and retrieval of personal data
subordinate police officers, including prosecutors. The purpose for which
this information was requested in one of the cases - “the need arising within the
criminal prosecution of a case initiated under art.284 of the Criminal Code ( creation and management
a criminal organization ) ”was not a real one. In the end, he wanted to know if
information concerning the prosecutor and employees of the Ministry of Internal Affairs who
investigated this crime was consulted by other entities under the pretext of planning
9

Page 11

the possible danger of making it available to suspects. In this
In this case, however, the information could only be requested by the General Prosecutor's Office within a
criminal proceedings, which would refer concretely to acts of preparation or attempt to commit a
offenses against the prosecutor conducting the criminal investigation or
police officers involved in criminal investigation and prosecution procedures
the offense provided by art.284 Criminal Code.
20. It is explained that in accordance with the provisions of art.157 Code of Procedure
documents in any form ( written, audio, video, electronic, etc. ) that come
from natural or legal persons if they are exposed or certified in them
circumstances relevant to the case, ( including information stored in the audit
information systems and records ), may be requested by an approach of
the criminal investigation body within the criminal investigation or in the trial of the case.
In this case, however, the provisions of art. 214 of the Code of Criminal Procedure are to be observed,
which stipulates that during the criminal proceedings they may not be administered, used and disseminated
without the need for official information with limited accessibility. People whose organ
criminal investigation or the court requires them to communicate or present information
officials with limited accessibility ( including personal data controllers ) have
the right to be convinced that this data is being collected for criminal proceedings
respectively, and otherwise refuse to communicate or submit data. Persons
to which the criminal investigation body or the court requests them to communicate or present
Official information with limited accessibility have the right to receive in advance from
the person requesting information a written explanation that would confirm the need
providing the said data.
21. It should be taken into account that in accordance with the provisions of art.8 para
Law on access to information, personal data are part of the category
official information with limited accessibility, access to which is achieved in
in accordance with the provisions of the legislation on personal data protection.
22. Certain personal data processed in information systems
and evidence (fingerprints, handwritten signature, etc. ) can be collected i
used in a criminal or misdemeanor trial as evidence required for
comparative research only in compliance with the provisions of art. 157-156, 260-261 Code
criminal procedure and art. 4 of the Law on the protection of personal data,
by issuing reasoned orders and drawing up the corresponding minutes.
For example : The Center found in specific cases that the solicitation actions “at
package ”, through a simple approach of the criminal investigation body, of the fingerprints
collected by HE „CRIS„ Registru ”in the process of perfecting biometric entries,
contravene the procedural-criminal norms and the principles of data protection with character
personal.
III. The rights of personal data subjects
23. If personal data are collected directly from
the subject of these data, in accordance with the provisions of art.15 Code of Criminal Procedure i
art.12 of the Law on the protection of personal data, the person needs to be
10

Page 12

provided the following information, unless he already holds the information
respectively:
- the identity of the operator or, where appropriate, of the person authorized by
operator ( name, legal address, IDNO, registration number in the Register of
records of personal data controllers );
- regarding the concrete purpose of the processing of the personal data collected;
- regarding the recipients or categories of recipients of personal data;
the existence of the rights to information and access to the data collected; intervention on
data ( especially to rectify, update, block or delete personal data
whose processing is contrary to law due to the incomplete or inaccurate nature of

their opposition), as well as the conditions under which these rights may be exercised;
whether the answers to the questions used to collect the data are mandatory or
including the possible consequences of refusing to answer questions through
which collects the information.
24. The subjects of personal data are to be ensured the right to
access and the possibility to get acquainted with the documents drawn up for the purpose of verification
the correctness of their elaboration, the contestation against the non-inclusion or the incorrect inclusion of
data, as well as against other errors committed when entering data about oneself. Into the
In this sense, the persons responsible for the processing of personal data will
ensure the person's access only to personal data that directly concern him,
being excluded the possibility of consulting personal data concerning others
subjects, contained in the procedural documents ( case materials ), except in cases in
which the applicant pursues a legitimate interest which does not prejudice his interests
the fundamental rights and freedoms of the subject of personal data, or in
the cases expressly provided by art. 293 para. (1) Code of Criminal Procedure.
25. The right to information is to be ensured by the data controller with
personal character ( prosecutors or authorities engaged in activities in the sector
police ) to all persons subject to the special investigative measures provided by
2
art. 132 para. (1) lit. b), c) e), g) and n) Code of Criminal Procedure, including collateral, with
unless it is impossible to inform the data subjects or
would involve disproportionate efforts. Currently, despite the severity of the interference,
the persons with whom they contact the subject subject to the special investigative measure and who,
it is also the subject of the personal data collected
and processed without his consent by the entities carrying out the special activity
investigation - are not informed about this. Thus, the person is deprived of
the possibility of exercising his rights as a subject of character data
personal. For example: if the home of the person suspected of committing a
prejudicial facts is subject to the special investigative measure - surveillance and
audio-video recording, subjects who contacted / communicated through the network
or have entered the home of the nominee, are to be informed
5
mandatory within the terms and conditions provided by art. 132
Code of Criminal Procedure.
In this sense, some findings of the European Court of Rights are relevant
The man in the Amann v. Switzerland case, which ruled that it should be regulated in
11

Page 13

detail the case of "fortuitously" supervised persons as "necessary participants" in a
telephone conversation recorded by the authorities based on the respective legal provisions.
26. In case of placing personal data, processed in the systems of
internal records, through the official website of the prosecutor's office or law enforcement agencies
prosecution, the necessary technical solutions for exclusion are to be instituted
unrestricted access to them, ensuring the technical program measures,
specialized in information security, protection measures for confirmation
unequivocal identity of the subject of personal data, who realizes
the right of access or rectification, by excluding unauthorized access to these data. Of
example : in the case of the establishment of the column entitled “Interpellations and questions of deputies” on
the official page of the General Prosecutor's Office http://www.procuratura.md/md/ID/, this
constituted as an important tool for informing the general public and insurance
decisional transparency in the activity of the prosecution bodies. However, in the first
period of operation of the nominated heading, the information was disclosed with
violation of the principles of personal data protection, without being
depersonalized, which determined the intervention of the Center.
27. In case of realization by the subject of personal data of the right
intervention, inaccurate data is to be updated by rectification or deletion, as
base serving only legal sources ( identity documents, marital status, information resources
main state etc. ), the modification will be performed in all systems
managed information and records.
28. Disclosure by transmission, dissemination or otherwise of data with
personal data processed for the purpose of the administration of justice is to be prohibited, with
except in cases where the subject of personal data has given his consent,
when the information is depersonalized or when the law or the international treaty provides
expressly the right of the recipient or the third party in this regard. In this case, the special law
or the international treaty must contain guarantees of protection
the rights of the subject of personal data.
29. Application of exceptions and restrictions of performance by data subjects with
personal rights of his rights, shall be made in strict accordance with
5
the provisions of art. 15 of the Law on the protection of personal data i 132
Code of
criminal procedure.
IV. Storage, storage and destruction of personal data processed
in the case of police activity
30. Storage
and retention of personal data recorded in
the procedural documents as well as in the control materials, are to be performed in strict
in accordance with the provisions of art.211-214 Code of Criminal Procedure, Prosecutor's Office
General, territorial / specialized prosecutor's offices and criminal investigation bodies
giving them the right to decide on their finality taking into account
the provisions of art. 4 para. (1) lit. e) and art. 11 of the Law on the protection of personal data
personal.

12

Page 14

31. Access to the spaces where the information and information systems are located
evidence of personal data is to be restricted, being allowed only
persons who have the necessary authorization according to the institutional security policy
approved.
32. Storing and maintaining the electronic format of personal data,
structured in record systems, in computers that are connected to the internet, are not
equipped with special technical and program protection means i have not installed
licensed programs, antivirus programs, software security control systems, de
ensuring the regular performance of backups and audits is to be banned.
33. Introduction to the perimeter of institutional security and use
personal computers or information carriers for service purposes follow
to be banned. For example: in cases where the employee is fired and the information
accumulated remains stored on the internal magnetic carrier of the device, it will have
in the personal computer structured series of personal data collected in
the process of exercising the activities related to the criminal, administrative or other procedures
gender, and in case of failure the person performing the repair of these machines can, without
efforts to copy the information stored in the computer, both of which
as serious security incidents. In this context, the application of the principles of protection
personal data need to be regulated by orders and provisions
superiors, with the periodic inspection of the rooms and the equipment of the employees.
Furthermore, access to the equipped computers is to be protected / restricted by
creating user profiles and entrusting administrator rights only
the person responsible for implementing the security policy designated in
within the institution.
34. Storage of personal data on magnetic, optical, laser, de
paper or other information medium, on which it is created, fixed, transmitted,
receives, stores or otherwise uses the document and allows
its reproduction is to be ensured by placing them in safes or
lockable and sealed metal cabinets. Access to safes and metal cabinets
to be monitored by keeping a register. Removal, without
authorization of personal data carriers within the security perimeter of
operator is to be banned.

13


