Privacy of organizations

Privacy of organizations

The Law on Privacy of Organisations

Approved on May 16, 1995

Chapter One. General Provisions

Article 1. The purpose of the law

The purpose of this law is to define the concept of privacy of organisations and to regulate matters pertaining to protection of this privacy.

Article 2. Legislation on privacy of organisations

Legislation on privacy of organisations shall consist of the Civil Code, this law and other legal acts.

Article 3. Concept of organisations and their privacy

1. In this law, organisations and their privacy means the following:

2) "Privacy of organisations" means information, documents or physical items that are defined as confidential in order to protect human rights, reputation, esteem or legitimate interests of an organisation.

2. Confidential information, technological solutions and equipment that are related to unique of activities of an organisation or protected by the organisation in order to protect its markets or advantages in the course of fair competitions, and that may damage legitimate interests of the organisation, may comprise privacy of organisations.

Chapter Two. Establishing privacy and protecting it

Article 4. Establishing privacy of organisations

1. Privacy described in provision 2, paragraph 1 of Article 3 of this law shall be established by the State Ikh Khural.

2. Privacy described in paragraph 2 of Article 3 of this law shall be established by the organisation itself.

3. Privacy of organisations may not be established in a way that prevents relevant authorities or officials from exercising their powers and functions.

Article 5. Protecting privacy of organisations

1. Privacy of an organisation shall be protected by the organisation itself. Organisations shall develop and follow their internal procedures to protect their privacy in compliance with laws.

2. Persons in charge of confidential matters or those that had access to them in the course of their duties or professional activities shall have the duty to maintain strict confidentiality.

3. Organisations shall protect privacy of individuals, to which they had access in the course of their activities, in the same way as they protect their own privacy.

Chapter Three. Miscellaneous

Article 6. Information prohibited from being kept confidential

Organisations may not keep confidential the following information:

1) Information that discloses the current or potential impact of activities, production, services and equipment used on human health and environment.

2) Information that discloses effects of all poisonous or radioactive substances that are administered by the organisation and may present danger to human health and environment if their storage procedures are breached.

3) Information on crimes and other information provided in the laws.

Article 7. Accessing privacy of organisations

1. Organisations that are specifically authorised so by law and their employees shall have access to confidential information of organisations in accordance with their full rights for inspection and their official duties.

2. Persons that accessed or are otherwise aware of confidential information of organisations, shall use this information only for reasons provided for in the law and shall be prohibited from disclosing it to others.

3. Authorities and officials may disclose confidential information of organisations that was kept confidential illegally, in the course of inspections and in conformance with their full rights. They also may disclose some confidential information related to delinquencies and incompliance to public in case this does not damage legitimate interests of others.

Article 8. Court appeals

If an organisation considers that persons specified in paragraph 2 of Article 5 of this law unlawfully disclosed their confidential information, the organisation may appeal to court.

Article 9. Amenability

If persons in charge of, or having access to, confidential information of organisations disclose this information, they shall be penalised in accordance with their employment contract or internal regulations of the organisation; if they disclose information that is defined confidential by law, and this case is not criminally punished, they shall be imposed an administrative penalty by the judge of a fine of togrog 20000 to 50000.