MOSCOW, January 23 At a plenary session on Tuesday, the State Duma adopted in the first reading two bills to toughen penalties for personal data leaks.
The bills propose to introduce new types of administrative offenses and increase fines severalfold. In some cases, liability will be expressed in tens and hundreds of millions of rubles, and for data thieves — up to 10 years in prison, the co-author of the initiative said earlier, and Andrei Turchak, secretary of the General Council of United Russia, first deputy chairman of the Federation Council, said earlier.
He noted that many companies perceive people's personal information as a way to make money and do not protect it properly.
“Current measures of liability for data leakage (maximum 100 — 300 thousand rubles for legal entities) stimulate few people. As a result, today on the black market the circulation of databases with personal data is estimated at 20 thousand. They contain information about approximately 80% of the Russian population,” noted Turchak added that, according to the most conservative estimates, the damage from leaks last year alone amounted to about 8 billion rubles.
«»United Russia is introducing amendments to the Administrative and Criminal Codes on behalf of the President. Responsibility will grow along with the volume of «leaked» information. Punishment will vary depending on the number of citizens whose rights are violated. Fines will be even harsher if the most sensitive data, for example, medical information, is leaked,» Turchak emphasized.
The fines for officials will range from 800 thousand to 2 million rubles, for legal entities from 3 to 15 million. “For a repeated violation, the organization can already pay hundreds of millions of rubles (depending on the company’s revenue),” Turchak said.
The head of the Duma Committee on Information Policy, Alexander Khinshtein, previously noted that turnover fines will amount to from 0.1 to 3% of revenue for the calendar year or for part of the current year, at least 15 million rubles and no more than 500 million rubles.
In addition, criminal liability is provided for both professional cybercriminals and ordinary employees of companies who decide to make money by leaking information.
“Punishment in the form of imprisonment of up to 8 years is provided for those who export the data of Russian citizens abroad for their sale or transfer. If the leak caused harm to the life and health of citizens, as well as public safety, or we are talking about organized crime, then this already 10 years in prison,” said Turchak.
Also, a separate type of criminal liability is provided for those who do business using stolen data. Such violators, according to Turchak, face up to 5 years in prison and a heavy fine.
“Improving legislation will radically change the situation with personal data leaks. Serious terms of imprisonment will scare off many. And it will become cheaper for businesses to invest in digital security than to pay fines,” Turchak emphasized.
Khinshtein specified the correspondence of the fines to the number of entities affected by the leak. According to him, if the leak affects from 1 thousand to 10 thousand entities, then the fine for legal entities will be from 3 million to 5 million rubles, if from 10 thousand to 100 thousand entities — from 5 million to 10 million rubles, if more than 100 thousand subjects — from 10 million to 15 million rubles.
Information technologies have entered into life today and affect every person, every family, noted State Duma Chairman Vyacheslav Volodin.
«»At the same time, they have increased and risks: cases where personal data falls into the hands of fraudsters have become more frequent. Citizens are turning to us asking us to solve this problem. I conducted a survey on this topic in my TG channel — the absolute majority spoke in favor of the need to strengthen the punishment for leaking personal data,» Volodin said .