Cybersecurity companies have complained about a bill that would criminalize data breaches. More than 15 market participants sent a letter to the State Duma committees on information technology and government construction and legislation, stating that the project does not provide for exceptions for organizations involved in the legitimate protection of infrastructure from attacks and research of leaks. Kommersant writes about this.
Author:
https://rb.ru/author/pardaeva/
Subscribe to RB.RU on Telegram
According to market representatives, tougher penalties may reduce the amount of resources associated with illegal data trafficking, but will not eliminate the problem completely. Attackers will not lose access to tools to penetrate the company’s systems, the letter says. The companies proposed including exceptions in the bill that would allow specialists to continue investigating breaches and analyzing stolen data to combat criminals.
Kaspersky Lab Chief Expert Sergey Golovanov highlighted that monitoring the dark web and notifying affected customers are important elements of data protection. He proposed introducing a permit mechanism for organizations engaging in such activities. Positive Technologies pointed out the need to establish in law the criteria and conditions under which access to leaked databases will be considered legal.
PassLeak CEO Anton Lopanitsyn warned that banning leak monitoring for small and medium-sized businesses will increase the risks of cyberattacks. Sergei Petrenko, director of government affairs at UserGate, added that the amendments should clearly define the powers and responsibilities of companies in the field of information security. Without this, some of the services will go beyond the legal framework, he explained.
Alexey Korobchenko, head of the information security department at the company Security Code, noted that the adoption of the law in its current form may force some companies to restrict areas related to the investigation of leaks on hacker forums.
At the end of December 2023, fines for illegal collection and processing of personal data were increased in Russia. Fines for individuals were increased to 10-15 thousand rubles, for officials – to 100-300 thousand rubles, for legal entities – to 300-700 thousand rubles. In case of repeated violations, the fines increase exponentially. Previously, the fine for officials was 20-40 thousand rubles, for legal entities – 30-50 thousand rubles.
According to DLBI, in October 2024, there were 286 million phone numbers and 96 million email addresses on the Internet. This figure is double that of the same period last year.
Author:
Karina Pardaeva
Source: RB
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
