The State Duma proposed mitigating the liability of operators for leaks of personal data. The publication writes that such proposals are submitted by the public organization “Business Russia”. “Kommersant”.
Social activists propose reducing fines from 500 million rubles to 50 million rubles. They also want to share responsibility between the company that carried out the leak and the data protection solution provider. However, cybersecurity market participants object to this, believing that the data operator is responsible for the use of their products.
Experts and lawmakers also believe that reducing penalties would reduce the effectiveness of the measures.
According to the current version of the bill, the basic fines for legal entities will be 3-5 million rubles if the leak affects the data of up to 10 thousand organizations, and 5-10 million rubles if the data volume is up to 100 thousand. assets, with a volume of more than 100 thousand issues – 10-15 million rubles.
The maximum fine for repeated leaks is set at 0.1-3% of annual revenue, but will not exceed 500 million rubles.
Delovaya Rossiya’s proposals also provide mitigating conditions for operators, such as approving investments in cybersecurity at 0.1% of annual revenue for three years or more before the incident. The current version of the bill does not contain such mitigating conditions, although they were discussed during its preparation.
Previously Zuckerberg for the first time in 11 years published Twitter post.