Kristina Mkrtchyan Lawyer announced that turnover penalties should be introduced for personal data leaks 11/02/2024, 19:59

Kristina Mkrtchyan, consultant in intellectual property practices of the law firm EBR and teacher of the Moscow Digital School educational platform, talked about the feasibility of introducing turnover penalties for personal data leaks in Russia at the moment and considered possible alternative approaches.

Legislation regulating the protection of personal data in Russia is under active development. One of the most important steps taken in this direction was the adoption by the State Duma of a stricter bill in the first reading. responsibility for personal data leaks.

This bill is expected to be approved by the end of 2024.

However, since the first reading, business representatives and expert associations have expressed concerns about the size of the penalties foreseen in the document. In response to these concerns, the Ministry of Economic Development in October 2024 supplied Proposals include significant reductions in penalties and the introduction of mitigating conditions for companies.

The question remains whether it is advisable to impose turnover penalties for personal data leaks. At first glance, drastic measures may seem necessary to protect the rights of citizens and increase the liability of companies. However, it is important to note that excessive fines can create a burden on businesses, especially small and medium-sized businesses, and ultimately have a negative impact on the economy as a whole.

The problem of personal data leakage is becoming increasingly urgent. According to FACCT’s analytical data, the number of incidents increased by 37% in the first three quarters of 2024 compared to the same period in 2023. exceeding 200 significant cases. Gard’s research shows that Russians are becoming less tolerant of data leaks. While 51 percent of the victims accepted the situation a year ago, this year the proportion of those who did not take any action after the leak decreased Up to 37%. Citizens are increasingly filing complaints both with leaking companies and with supervisory authorities and the courts.

But history knows examples where large companies perceived standard penalties as the “cost of doing business.” For example Intel always mercenary Due to unfair competition, we pay fines as regularly as we pay bills. However, when the European Commission fined the company 1.06 billion euros (4.15% of annual turnover), silence suddenly reigned in the company offices.

We need to deal with leaks. But how?

The modern business world lives in an era where reputation is more valuable than money. Of course, the fact of data leakage significantly affects brand loyalty: in 2024, 69% of respondents said they would no longer use the services of a company that allows it. leak Personal data according to data of the Guard company. At the same time, the imposition of a large turnover penalty (0.1-3% of annual income) can trigger a domino effect: a decline in stock prices, investor exit and a decrease in credit ratings. Public companies are particularly susceptible to such “shocks,” where any regulatory issues immediately impact market value. Restoring the trust of investors and partners after serious breaches requires long-term work and significant resources.

How to find the optimal solution in this case? A possible solution would be to implement a smarter penalty calculation system. Such measures may include:

  1. “Smart” penalties that take into account not only turnover but also business margins. For example, for retail trade with a margin of 5-7%, the penalty may be lower as a percentage of turnover than for IT companies with a margin of 30-40%. The system can reduce the load during crisis periods by taking into account the seasonality of the business and the economic cycle.
  2. A system of discounts for voluntary elimination of violations (as in the traffic police penalty system). Similar to the 50% discount for timely payment of traffic fines, companies can receive a significant discount on the fine (e.g. 40-60%) if the violation is noticed immediately and eliminated within a certain period of time. Additional reductions may be granted in the implementation of preventive measures to prevent recurrence of violations.
  3. The possibility of “covering” part of the sentence through socially useful projects. Part of the penalty can be replaced by targeted investments in socially significant projects in the region where the company operates. The company may have the right to allocate a portion of the penalty to employee training programs or improving corporate compliance practices.
  4. Preventive control instead of punitive measures. The regulator may provide companies with the opportunity to voluntarily audit their business processes with temporary immunity from fines. The development of industry checklists for self-regulation and regular consultations with supervisory authorities will help prevent violations.

Therefore, to effectively combat personal data leaks, it is necessary to strike a balance between strict liability measures and reasonable approaches that will help protect businesses and protect the rights of citizens.

What are you thinking?



Source: Gazeta

Popular

More from author

Russian Foreign Ministry announces possible seizure of Western assets 01:19

Russia has the opportunity to retaliate by seizing assets of Western countries under its jurisdiction that could be used to create industrial potential and...

Almost half of Muscovites believe in astrology and Mercury retrograde 01:01

One in ten Muscovites (11%) try not to shop during Mercury retrograde. Their periods are observed by 20% of the capital's residents. Every twentieth...

Pentagon could not confirm that drones in New Jersey belonged to foreigners 00:57

The US Department of Defense has no evidence that the drones flying over New Jersey are of foreign origin. Sabrina Singh reported this, citing...

Chekhov Moscow Art Theater will present a performance based on Vampilov’s play 01:00

Moscow Art Theater (MHT) named after AP. Chekhov will present Andrei Kalinin's play "The Eldest Son", adapted from the play of the same name...