Home > 2.8 Security > ROMANIA - Law no. 208/2015 on the election of the Senate and the Chamber of Deputies, as well as on the organisation and functioning of the Permanent Electoral Authority
 
 
 
Download file    
 
 
Article 31
 

(1) The Permanent Electoral Authority shall draw up and adopt instructions concerning the security measures related to the administration and use of the Electoral Register, concerning:


a) equipment and computer system access control, in order to prevent access by unauthorised persons to the equipment used for conducting operations in the Electoral Register;
b) data support control, in order to prevent unauthorised reading, copying, amending or erasing of the data support;
c) storage control, in order to prevent unauthorised data input and unauthorised data inspection, modification or erasing;
d) usage control, in order to prevent the use of automated data processing systems by unauthorised persons with the help of data transmission equipment; e) data access control, in order to limit the access of the persons authorised to use the Electoral Register only to the data for which they have been authorised;
f) data input control, in order to ensure a subsequent verification and identification of the data introduced in the Electoral Register, when and by whom such were introduced;
g) data transport and transfer control, in order to prevent unauthorised data reading, copying, modification or erasing during their transmission or during data support transport, through securing technical measures;
h) control of the communications specific to the Electoral Register, in order to ensure the verification and identification of the authorities/bodies that received or can receive personal data, by using communication equipment.


(2) In order to fulfil its powers related to the administration and technical support necessary for the functioning of the Electoral Register, to the coordination and methodological guidance of the persons authorised to operate in the Electoral Register, as well the control of the observance of the legal provisions applicable in this field, the Permanent Electoral Authority shall adopt technical, operative and procedural measures, according to the following principles:


a) confidentiality – providing access to information only for the persons authorised depending on their skills;
b) integrity – ensuring the exact and complete nature of the information, as well as the processing methods;
c) availability – ensuring access to information within the deadline required;
d) identification and authentication – ensuring the identification and authentication of all duly authorised persons, depending on their skills, before any operation;
e) authorisation – authorising the participants for accessing the data in the Electoral Register, depending on their skills.


(3) The Permanent Electoral Authority is authorised to take measures to prevent the loss of information and to ensure their recovery in fortuitous events or in cases of force majeure.


(4) The National Cyber Incident Response Centre – CERT-RO makes free audits of the Electoral Register’s security.