Alexander Khonin, head of the consulting and audit department

tanjimajuha20 · Post by **tanjimajuha20** » Wed Jan 22, 2025 7:10 am

Communications Alexander Khinshtein, during the autumn session of parliament the committee worked on 36 bills. Of these, work on six was completed. The State Duma adopted four bills in three final readings. All of them have already been signed by the president and have become federal laws. In total, the committee passed 11 laws in 2023. All of them have become federal. Among the most significant laws, Alexander Khinshtein named the introduction of long-awaited liability for leaks of personal data.

"This is one of the most acute and hot topics. Unfortunately, the number of leaks is not decreasing. For now, administrative liability remains absolutely ridiculous, does not correspond to the severity of the crime, does not serve as a preventive factor, and does not motivate market participants to invest in information security. According to our plan, administrative liability will be serious. In the event of repeated leaks, turnover fines will be introduced. The maximum fine will be 500 million rubles. We also propose introducing criminal liability," noted Alexander Khinshtein.

He also recalled the introduction estonia whatsapp number database of criminal liability for the transfer of communication devices to places of detention: "Previously, the maximum penalty for such a violation was 5,000 rubles, regardless of the number of such violations. Now, for the first time, there will be a fine of 50,000 rubles. For a repeat violation, up to two years of imprisonment. A quarter of crimes are committed through fraudulent calls. But their number has already decreased after the introduction of large fines."

at the information security system integrator Angara Security, believes that introducing criminal liability for repeated leaks of personal data is an excessive measure: "In Russia, in principle, measures of punishment for leaks have not been developed, namely, all the factors under which such leaks can occur are not taken into account. Therefore, first of all, it is necessary to build mechanisms for turnover fines. With the right approaches, this measure will be effective and will bear fruit."

Dmitry Kovalev, Head of the Information Security Department at Syssoft, reflected on how the situation with personal data leaks will develop in the future: "Tightening of legislation, in particular the level of responsibility and the amount of fines, should draw the attention of companies to the need to minimize the risks of leaks. There will be no fewer cyberattacks in 2024. However, the steps that companies will have to take to comply with the requirements of regulators and the state will help reduce the likelihood of leaks and strengthen information security."

Leading information security consultant at Innostage, a company specializing in solving cybersecurity problems, Tatyana Nikonorova is confident that the number of leaks will decrease significantly in the future: "Currently, everyone has paid attention to leaks of personal data: business, the state, and users. The problem of leaks has become obvious. The market is actively looking for a solution that would suit, on the one hand, business in terms of costs for the protection structure, and on the other, the state and users in terms of its provision. But no matter what form the bill is ultimately adopted, it will in any case lay the foundation for building adequate data protection systems motivated to ensure it, and not to pay a nominal fine. As a result, the number of leaks will decrease significantly."

Alexander Khonin believes that it is too early to make any predictions: "It is difficult to predict now whether there will be fewer cases of personal data leaks due to the tightening of legislation. The criteria and conditions of turnover fines under which they will be applied are not yet fully clear. On the one hand, tightening of legislation should lead to increased responsibility in the area of processing and protecting personal data. On the other hand, there may be the opposite effect, when such leaks are "hushed up", which is happening, including at present."

Alexander Khinshtein explained the main vector of the committee's work in terms of personal data leaks in 2024: "According to our plan, the basis for inspections should be the very fact of information received about a leak. So far, unfortunately, Roskomnadzor's inspection of personal data leaks occurs according to a very complex scheme. There must be either a decision of the Russian government or an order from the prosecutor's office. And even understanding and knowing that there is a leak, Roskomnadzor cannot simply come and check. It turns out to be an absurd situation. On the one hand, we say that we need to restore order, introduce fines, and tighten penalties. On the other hand, even based on established and identified facts of leaks, the regulator cannot come and objectively sort everything out. If the person responsible for the leak does not want to let the regulator in, the regulator has the right not to let him in. Our bill provides that the very presence of information about a leak will be the basis for unscheduled inspections."