A bill introducing negotiable fines for leaking personal information is expected to be adopted before the end of the year. At the same time, the entry into force of the document may be postponed depending on the readiness of companies for regulation, Kommersant reported, citing Andrey Svintsov, deputy chairman of the State Duma Committee on Information Policy, Communications and IT.
Author:
https://rb.ru/author/bmuzichenko/
Subscribe to RB.RU on Telegram
There is a risk that companies that work with personal data will start to incur “large financial losses,” which will affect the cost of their products and services, and the burden will ultimately fall on the consumer, the official stressed.
Companies will be forced to separate the segment that works with personal information into a separate division with minimal revenue, for which fines for turnover will not be critical, Svintsov said. Kommersant explained that there is still no clear definition of what is considered turnover in this case: the revenue of a holding company, an individual brand or a data operator company.
Opinion of experts and companies.
Most likely, the law will provide for the liability of a group of persons – this will allow involving all companies included in the group, so the “artificial division of business” will not help to avoid calculating a fine in proportion to the income of all companies in the group, suggested Artem, a lawyer at the compliance firm Comply Safyannikov.
The bill passed in the first reading needs to be finalized: clarifying the elements of the crime and adding mitigating circumstances that encourage measures to improve security, according to the Big Data Association (which includes Yandex, VK, Rostelecom, Megafon and other companies).
-
In July, Russian Railways, Aeroflot, Avtodor, the Russian Union of Travel Industry and others criticized the draft law on fines for personal data leaks.
-
According to RBC sources, companies are concerned that the current version of the document will allow organizations that seek to protect customers’ personal information but are subject to hacker attacks or software failures to be held accountable.
-
Authorities have been discussing the issue of corporate liability for personal data leaks since February 2022, amid an increase in their number. According to FACCT (formerly Group-IB), in the first six months of 2024, 150 databases of Russian organizations became publicly available.
Author:
Bogdan Muzychenko
Source: RB
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
