Risk Management in Personal Data Processing Within University-Corporate Partnership Interactions

Authors

  • Kruglov D. V Department of Economics and Management of Socio-Economic Systems, Saint-Petersburg University of Management Technologies and Economics Author
  • Lyashenko V. Е Saint-Petersburg University of Management Technologies and Economics Author

DOI:

https://doi.org/10.21467/proceedings.7.6.41

Keywords:

personal data, data exchange, risk management

Abstract

The exchange of personal data between universities and their corporate partners has become an integral component of educational, research, and business processes. However, such data exchange is associated with risks that may result in losses, necessitating effective risk management strategies. This paper examines current issues related to personal data processing within universities and their interactions with corporate partners. Using NetworkX and Matplotlib, a model illustrating the interaction of personal data processing entities both within the university and in cooperation with business partners has been developed. The study highlights that an increase in the number of participants involved in personal data flows leads to heightened risks in data storage, processing, and transmission. Through an analysis of security threats and academic research, the most common risks in this domain have been identified. The paper concludes that effective risk management in personal data processing is a critical function ensuring the secure and efficient development of business processes between universities and corporate partners. A comprehensive risk management approach will mitigate threats and establish a reliable ecosystem for secure data exchange.

References

[1] Federal Law No. 152-FZ of July 27, 2006 on Personal Data // Collected Legislation of the Russian Federation, http://pravo.gov.ru, last accessed 2025/01/31.

[2] Decree of the Government of the Russian Federation No. 1119 of November 1, 2012 on Approval of Requirements for the Protection of Personal Data during Their Processing in Information Systems of Personal Data, https://base.garant.ru/70252506/?ysclid=m6kh4497mv58560587, last accessed 2025/01/31.

[3] Order of Resources and Technology No. 18 of February 24, 2021 on Approval of Requirements for the Content of Consent to the Processing of Personal Data Permitted by the Data Subject for Distribution, http://pravo.gov.ru, last accessed 2025/01/31.

[4] Order of the Federal Service for Technical and Export Control of Russia (FSTEC) No. 21 of February 18, 2013 on Approval of the Composition and Content of Organizational and Technical Measures to Ensure the Security of Personal Data during Their Processing in Personal Data Information Systems, https://fstec.ru/, last accessed 2025/01/31.

[5] Batlynova, A.N. Personal Data. Administrative Law. No. 4. P. 25. (2020).

[6] Nugaeva, R.F., Pavlov S.Yu. Personal Data as an Object of Administrative Legal Regulation. International Journal of Humanities and Natural Sciences. No. 12-1(75). P. 217-220. (2022).

[7] Minbaleev, A.V. Problems of Legal Support for Cybersecurity in the Dissemination of Personal Data on the Internet under the Updated Legislation. Bulletin of the Ural Federal District. Information Security. No. 2(40). P. 65-71 (2020).

[8] Pikov, V.A., Vergasova A.E. Implementation Method of the Requirements of Federal Law No. 152-FZ of July 27, 2006 on Personal Data in the Russian Segment of the Information and Telecommunication Network “Internet”. Bulletin of the Russian New University. Series: Complex Systems: Models, Analysis, and Management. No. 4. P. 139-154. (2018).

[9] Isaev, A.S. Automation of the Threat Model Formation Process for the Security of Personal Data during Their Processing in Personal Data Information Systems Based on the Theory of Expert System Development. Scientific and Technical Bulletin of the Volga Region. No. 2. P. 133-135 (2014).

[10] Gazizov, T.T., Mytnik A.A., Butakov A.N. A Typical Threat Model for the Security of Personal Data in Information Systems for Automating the Educational Process. Reports of Tomsk State University of Control Systems and Radioelectronics. No. 2(32). P. 47-50 (2014).

[11] Averchenkov V.I. , Rytov M.Yu., Shkaberyn V.A., Golembiovskaya O.M. Automation of Personal Data Protection in a University. Proceedings of the International Association of Slavic Universities. No. 1. P. 126-134 (2011).

[12] Burykova, E.V. Personal Data Protection System in a Higher Education Institution. Intelligence. Innovation. Investment. No. 7. P. 69-74 (2017).

[13] Skvortsova, D.A., Vikhman V.V. Development of a Comprehensive Methodology for the Protection of Personal Data Processed in a University. News of Science and Education. Vol. 6. No. 6. P. 13-15 (2017).

[14] Filimonov, A.V. Development of Requirements for a Personal Data Protection System. Information and Computing Technologies and Their Applications: Proceedings of the XXIV International Scientific and Technical Conference, Penza, August 27–28th. P. 123-125 (2020).

[15] Yanbaev, S.G., Larinbaeva. Measures and Restrictions on Access to Information and Personal Data in the Russian Federation. International Journal of Humanities and Natural Sciences. No. 2-3(89). P. 181-185. (2024).

Downloads

Published

2025-11-21

Issue

Vol. 7 No. 6 (2025): Proceedings of the 3rd International Conference on Artificial Intelligence, Machine Learning and Cybersecurity

Section

Articles

License

Copyright (c) 2025 Kruglov D. V, Lyashenko V. Е

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

How to Cite

[1]
Kruglov D. V and Lyashenko V. Е, “Risk Management in Personal Data Processing Within University-Corporate Partnership Interactions”, AIJR Proc., vol. 7, no. 6, pp. 361–369, Nov. 2025, doi: 10.21467/proceedings.7.6.41.