the Ministry of justice of Russia considers it necessary to increase the maximum fine for legal persons, prevent the leak of personal data, in 10 times – from 50 thousand to half a million rubles. This is with reference to the new draft Cao writes “Kommersant”.
While similar penalties for individual entrepreneurs it is planned to increase from 20 to 300 thousand rubles, for officials – from 10 to 100 thousand, and for other citizens – from 2 to 20 thousand. Earlier it was reported that similar amendments to the Cao also develops and by the Duma Committee on information policy, information technologies and communications. For the first time the issue of increasing fines for data breaches of up to 300,000 roubles, the state Duma was discussed in 2015.
On the idea of the Ministry of justice increased penalties should make the company bigger than it is now, to treat the protection of user data. In 2019, the year the number of leaks of personal data in Russia grew by 40% compared to 2018 (InfoWatch data). Amid mass transition to remote work during the epidemic of the coronavirus situation has only worsened – according to the founder of DeviceLock Ashot Oganesyan, hackers now are 50% more likely trying to get other people’s data than before isolation.
while some experts interviewed by the publication, consider increase in penalties for order without transition “premature and abusive” in relation to the business, while others call the proposed measures are insufficient. As the Chairman of the Commission on legal empowerment of the digital economy of the Moscow branch of Association of lawyers of Russia Alexander Zhuravlev, the cost of many databases when they are sold on the darknet now greatly exceeds the proposed maximum fines. For example, for a database of 150,000 records hackers can request up to 10.5 million rubles.
the Expert recalled that in Europe, companies can be fined for data loss in the amount of 4% of annual turnover, but really appointed by the fines sometimes exceed 20 million euros. According to the head of egunder “Information security” IT-CROC Andrey Zaikin, it would be logical to make the penalties for leaking data comparable with the existing penalties for storing data of Russians outside Russia. The latter can range from 6 to 18 million rubles.