Misdemeanors are punishable: sanctions for data leaks

Solve china dataset issues with shared expertise and innovation.
Post Reply
nusaiba125
Posts: 689
Joined: Sat Dec 21, 2024 3:37 am

Misdemeanors are punishable: sanctions for data leaks

Post by nusaiba125 »

rchive

Moreover, in recent years in Russia there have been many cases of loss and leakage of personal data that occurred due to unreliable contractors .

Of course, the companies that transferred their clients' data to third-party services and platforms violated the provisions of the Federal Law "On Personal Data": client data was stored and processed not on the territory of the Russian Federation, but abroad, and when the services left Russia, they simply closed access for their clients. They were not responsible under Russian law, because these are foreign services whose work does not fall under our laws.

Another reason for personal data leaks is that small companies arrogantly believe that hackers are not interested in them , and therefore do not pay due attention to security issues. However, they may also have clients whose data hackers need. And if you cannot get through to a large bank directly, then through a service that works with the bank's personal data, this is, unfortunately, much easier to do.


Personal data leakage is an administrative offence, so the amount of the fine directly depends on the severity of the offence: the larger the violation, the higher the fine.

There is also a dependence on who is accused: for south africa consumer email list individuals the fines are the lowest, for officials they are higher, for legal entities - the highest. For example, for processing personal data without written consent, an individual will pay up to 15 thousand rubles, an official - up to 300, and a legal entity - up to 700.

In general, the minimum fine for companies is 30 thousand rubles, the maximum is 18 million for a repeated violation. These figures are valid for 2024.

There is currently a new bill in the State Duma that proposes to further increase liability for violations in the area of ​​personal data processing. In particular, to increase fines for "unlawful transfer of personal data": for a repeated violation in this area, a fine of up to 3% of the company's total revenue for the year preceding the incident is proposed, but no less than 15 and no more than 500 million rubles.

Of course, this is only a draft law for now. But year after year we see a trend towards tightening legislation in this area. Therefore, it is not worth counting on softer fines.

Against this background, high-quality cybersecurity is becoming not a luxury available to the “mastodons” of the market, but a necessity for all companies.
Top
Post Reply

Return to “China Dataset”