Putin instructed to severely fine businesses for leakage of personal data

Companies that leak personal data of their users will have to pay turnover fines. President Vladimir Putin instructed to toughen the punishment for leaked information following a meeting of the Council for the Development of Civil Society and Human Rights on December 7, 2022, Interfax reports.

In parallel, the government should work on the issue of toughening responsibility for the illegal circulation of personal data and other violations of the law in this area. Proposals must be ready by July 1st.

On December 14, the head of the Ministry of Digital Development, Maksut Shadayev, announced the development of a bill on the introduction of fines of up to 3% of the company’s annual turnover for leaking citizens’ personal data. The ministry believes that the introduction of turnover fines encourages companies to invest more in security.

At the same time, Shadayev allows for “mitigating circumstances”: if the company agrees to compensate for the damage to affected citizens, or if the company “attested and certified its entire infrastructure.”

In May 2022, the head of Roskomnadzor Andrey Lipov reported that Russia was going to introduce criminal liability for the sale of stolen personal data. The draft, which was developed in the Federation Council, provides for fines from 300,000 to 2 million rubles. The initiative also involves imprisonment of up to six, and in some cases up to ten years.

According to Network Freedoms, in 2022, a record number of leaks of personal data of Russians was recorded – 60 cases in less than 12 months. According to experts, this is due to the war in Ukraine. In the past year, leaks occurred in Rostelecom, SDEK, Yandex.Food, Wildberries, Mosgortrans and other companies.