• We just launched and are currently in beta. Join us as we build and grow the community.

State Duma toughens penalties for leaking personal data


Automation Guru
O Rep
O Vouches
LEVEL 1 200 XP
Deputies have increased penalties for abuses in collecting and processing personal data. If the actions have led to serious consequences or were committed by an organized group, they face imprisonment for up to 10 years
https://i.ibb.co/HqyVGf7/347326209621785.jpgPhoto: Mikhail Grebenshchikov / RBC
The State Duma has adopted in three readings a bill that provides for punishment in the form of turnover fines for serious leaks of personal data; the document card has been published in the database of the lower house of parliament.
Amendments are made to the article on administrative offenses for violating requirements for the collection of personal data (13.11 of the Code of Administrative Offenses). The law will come into force on March 1, 2025.
"In accordance with the law, consent to the processing of personal data will have to be drawn up separately from other documents, including customer agreements. In addition, it is proposed to prohibit the seller or owner of the aggregator from restricting the consumer's access to information due to refusal to provide personal data, except in cases where such an obligation is provided by law," the Duma press service reported
. Criminal liability is introduced for creating a website or a page on it, knowingly intended for the illegal storage, transfer (distribution, provision, access) of information containing personal data obtained illegally. This is punishable by imprisonment for up to five years.
Illegal use, transfer, collection and storage of personal data obtained through unauthorized access to the means of their processing, storage or other interference in their functioning are punishable by imprisonment for up to four years. If the actions have resulted in serious consequences or are committed by an organized group, then a punishment in the form of imprisonment for up to ten years is introduced. The explanatory note states that now companies that have allowed leaks of clients' personal information are subject to administrative liability with a fine of up to 100 thousand rubles, a repeated leak is punishable by a fine of up to 300 thousand rubles, but "the specified amount of the fine is not proportionate to the possible consequences of the leaks that have occurred." The authors believe that the amendments will provide an incentive for personal information operators to invest in the development of information security and the protection of their users' personal data. Large firms involved in cybersecurity asked deputies to revise the draft so that the analysis of leaks and advertisements for the sale of personal data remains legal. According to industry representatives, the bill "does not provide for exceptions for companies pursuing the legitimate goals of protecting infrastructure from computer attacks." If the amendments do not clearly establish the powers and responsibilities of information security companies, then "some services may go beyond the legal framework," warned Sergey Petrenko, Director of Work with Government Agencies at UserGate. Russia Tops the Rating
https://i.ibb.co/zZfDf86/347304201340600.jpgcountries by the number of advertisements for the sale of company databases on the darknet, Russian advertisements accounted for approximately 10% of their total number in the first half of 2024, Positive Technologies analysts calculated in the summer.
source : https://www.rbc.ru/society/26/11/2024/6745af419a794763ef8e3488



