The minimum turnover fine for companies for repeated leaks of personal data will increase from 0.1% to 1% of annual revenue, follows from the new version of the bill adopted by the State Duma in first reading on the 23rd. of January. The amendments are being prepared for second reading, Forbes reports.
Author:
https://rb.ru/author/bmuzichenko/
Subscribe to RB.RU on Telegram
According to the publication, the new version of the document introduces extenuating circumstances: the company must invest at least 0.1% of its annual revenue in cybersecurity activities for at least three years. At the same time, investments are not enough: it is also necessary to have a license from the FSB to develop systems using cryptography or to attract an organization with such a license.
There is also responsibility for the processing of biometric data, including vectors (personal data obtained after mathematical transformation of biometric data) for companies that have not received accreditation from the Ministry of Digital Development. The amount of the fine in this case will be from 500 thousand to 1 million rubles.
At the same time, in the new version of the bill, compared to the previous one, fines for officials have been reduced from 3 to 5 million rubles to 1.1 to 1.2 million rubles. And the scope of the bill includes officials of state or municipal agencies and nonprofit organizations.
The Ministry of Digital Development told Forbes that the final version of the modifications on data breach fines is still being discussed. A source familiar with the text of the bill noted that the new version of the document has not yet been agreed upon with the executive branch and the government.
The Big Data Association (BDA, which includes MTS, Beeline, Megafon, Yandex, Rostelecom, Sber and VTB) told the publication that they have not yet received this version of the bill. The association’s main comments on this matter are the same: fines must be economically justified and imposed only if the crime is part of a crime that meets the criteria of accuracy, unambiguity and formal certainty of legal norms.
In September, Kommersant, citing Andrei Svintsov, deputy chairman of the Duma Committee on Information, Communications and IT Policy, wrote that the bill is planned to be approved before the end of 2024. The amendments were submitted to the Duma Status in December 2023 and adopted in first reading in January 2024.
Author:
Bogdan Muzychenko
Source: RB
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
