Strategic needs in protecting personal data and imposing penalties for breaches
The exposure of Russians’ personal data is largely linked to the absence of unified security standards. This view is voiced by German Klimenko, chairman of the board at the Digital Economy Development Fund and former adviser to the Russian president. He argues that a clear strategy for protecting personal information must be developed and that concrete, actionable guidance should be issued to services handling such data.
Clarity is essential in governance. Klimenko emphasizes that every business should meet fire safety-like requirements for data protection and appoint a person responsible for this duty. In the realm of personal data, he says, the focus must be on the conditions that ensure security rather than on expressing anger toward banks. As an example, he suggests that every bank should designate an employee responsible for safeguarding personal data, ensuring a dedicated point of accountability within the organization.
In January, deputies of the State Duma approved in a plenary session a first reading of a bill that targets violations of certain legal requirements related to personal data. The document outlines penalties that could reach up to 3% of a company’s revenue, marking a shift toward stiffer consequences for mishandling information.
According to Anton Nemkin, a former member of the State Duma Committee on Information Policy, Information Technologies and Communications, the exact penalty will be tied to the scale of the breach. If up to 10,000 individuals are affected, penalties may range from 3 to 5 million rubles; for breaches affecting up to 100,000 people, fines could be between 5 and 10 million rubles; and breaches impacting more than 100,000 individuals could attract 10 to 15 million rubles. The draft law, which could be adopted in 2024, also introduces criminal liability for ordinary company employees who seek to profit from leaking information.
The discussion around personal data protection has also included practical guidance for Russians on defending passport data from fraudsters, underscoring the broader concern about safeguarding identity in everyday life.