The State Duma Committee on State Building and Legislation has recommended approving new fines for organizations for repeated personal data leaks. According to the proposed amendments, the fine for legal entities will be from 1% to 3% of their annual turnover. For officials, the amount of fines ranges from 800 thousand to 1.2 million rubles.
The amendments also clarify fines for data leaks depending on their scale. For example, if data of up to 10 thousand subjects is affected, the fine for officials may be up to 400 thousand rubles. If data of more than 100 thousand subjects is leaked, the amount of the fine increases to 600 thousand rubles.
The initiative aims to strengthen control over the processing of personal data and reduce the risk of it falling into the hands of fraudsters.
The bill was submitted to the State Duma in December 2023. According to Speaker Vyacheslav Volodin, the need to tighten responsibility for data leaks is due to a significant increase in cases of their use by fraudsters. The problem has become particularly acute against the background of the active development of the digital economy and the increase in the amount of data processed by companies.
Previously, the current legislation provided for less significant fines for personal data leaks. However, experts have repeatedly pointed out that such measures do not have the proper deterrent effect. The new bill aims to change this situation by introducing fines that will be significantly more tangible for violators.
Risks for business and officials
Experts note that the introduction of high fines may encourage companies to invest in data protection systems and increase the level of digital security. However, for small and medium-sized enterprises, whose turnover is significantly lower, such measures may become a serious financial blow.
In addition, changes in the responsibility for officials attract special attention. If the amendments are approved, managers responsible for data processing will be required to significantly strengthen control over its security.
Earlier, "Первый технический" already reported that since the beginning of the year, more than 600 million records with personal data of Russians have leaked into the network. Anton Ivanov, Technical Director of Kaspersky Lab, proposed to start notifying Russians about personal data leaks on "Gosuslugi".
Read materials on the topic:
"Various ways of penetration": there is a database of hackers about all Russians in the darknet
