MOSCOW, December 4The State Duma will most likely consider bills to tighten penalties for personal data leaks in the first reading in the next session, said Alexander Khinshtein, head of the State Duma Committee on Information Policy.
““I’m afraid we won’t make it in time for this session,” Khinshtein answered the question about the timing of consideration of projects.
Earlier, United Russia introduced several bills to the State Duma that would toughen penalties for personal data leaks. In particular, new types of administrative offenses will be introduced and fines will be increased significantly. In some cases, liability will be expressed in tens and hundreds of millions of rubles. For data thieves — up to 10 years in prison, Secretary of the Party General Council, First Deputy Chairman of the Federation Council Andrei Turchak said earlier. He noted that many companies perceive people's personal information as a way to make money and do not protect it properly.
As Turchak noted, the current liability measures for data leakage stimulate few people. As a result, today on the black market the circulation of databases with personal data is estimated at 20 thousand. They contain information about approximately 80% of the Russian population, Turchak added and emphasized that, according to the most conservative estimates, the damage from leaks last year alone amounted to about 8 billion rubles.
Responsibility will grow along with the volume of “leaked” information. The punishment will vary depending on the number of citizens whose rights are violated. Fines will be even harsher if the most sensitive data, for example, medical information, is leaked, Turchak emphasized.
The amount of fines, according to him, for officials will range from 800 thousand to 2 million rubles, for legal entities from 3 to 15 million. For a repeated violation, the organization can already pay hundreds of millions of rubles (depending on the company’s revenue), Turchak also reported.
The head of the Duma Committee on Information Policy, Alexander Khinshtein, noted in his Telegram channel that turnover fines will range from 0.1 to 3% of revenue for a calendar year or for part of the current year, no less than 15 million rubles and no more than 500 million rubles.
In addition, criminal liability is provided for both professional cybercriminals and ordinary employees of companies who decide to make money by leaking information.
«»Penalty in the form of imprisonment of up to 8 years is provided for those who export the data of Russian citizens abroad for their sale or transfer. If the leak caused harm to the life and health of citizens, as well as public safety, or we are talking about organized crime — then this is already 10 years in prison,” Turchak said.
Also, a separate type of criminal liability is provided for those who do business using stolen data. Such violators, according to Turchak, face up to 5 years in prison and a heavy fine.
“»Improving legislation will radically change the situation with personal data leaks. Serious prison terms will scare off many. And it will become cheaper for businesses to invest in digital security than to pay fines,» Turchak emphasized.
Khinshtein specified the correspondence of fines to the number of entities affected by the leak. According to him, if the leak affects from 1 thousand to 10 thousand entities, then the fine for legal entities will be from 3 million to 5 million rubles, if from 10 thousand to 100 thousand entities — from 5 million to 10 million rubles, if more than 100 thousand subjects — from 10 million to 15 million rubles.