The State Duma has adopted in three readings a bill that tightens penalties for personal data leaks. Now, companies that do not provide an adequate level of information protection will be fined an amount equal to their turnover. And intruders who sell stolen data face imprisonment.
Turnover fines are introduced for companies that repeatedly allow data leaks. The amount of the fine will vary from 1% to 3% of the company's annual revenue. The minimum amount of the sanction will be 20 million rubles, and the maximum will be 500 million rubles.
However, if the company has invested at least 0.1% of its revenue in information security for three years and complied with data protection requirements, the amount of the fine may be reduced.
For disclosing personal information, employees who allowed the leak may be fined up to 2 million rubles.
In case of non-compliance with the rules for processing biometric data of legal entities, fines of up to 2 million rubles are provided, and for officials - up to 1 million rubles.
Theft and illegal use of personal information is punishable by criminal penalties, up to 10 years in prison.
Earlier www1.ru reported that experts believe that the introduction of large fines may encourage companies to invest in data protection systems and improve digital security. However, for small and medium-sized enterprises, whose turnover is much smaller, such measures may be a serious financial burden.
Recall that since January 2024, personal data of more than 600 million Russian citizens have been found on the Internet. In October, experts recorded 13 cases of unauthorized access to the database, as a result of which more than 9.7 million records were compromised.
Read materials on the topic:
The government may forgive companies for leaking personal data of Russians
"Various ways of penetration": there is a database of hackers about all Russians in the darknet
Russian IP addresses began to disappear for foreign Internet users
