The lower house of the Russian parliament passed a draft law last Thursday, Nov. 21, increasing the fines of up to $300,000 for personal data storage breach.
After months of preliminary discussions on proposed updates of the Russian Federal Law on Personal Data (No. 152-FZ), the draft law is on its third final reading.
Bill authors Victor Pinksy and Daniil Bessarabov urged that personal data of Russians should be prioritized. Under the draft law, an operator must provide recording, systemization, storage, updating, and retrieval of citizens’ data using secure databases. Anyone who violates the law is subject to the $300,000 fine or 18 million rubles.
Operators who collect personal information of Russian citizens are the targets of this new law, with an initial fine of 2 million rubles for first breach requirements and 18 million rubles for repeated violations.
Major Data Breach
The Russian government became stricter with data storage breaches after the major data leak of the intelligence agency. About 7.5 terabytes of data from SyTech were leaked, containing several ongoing projects, social media users, and operations.
A group of hackers called ‘0v1ru$’ were able to steal the information and posted Comfy Guy mem on the SyTech website. According to reports, the hackers were able to enter in an active directory server of SyTech before getting into the entire network.
What’s worst is, the hackers posted screenshots of the company’s servers on social media accounts then shared the information to another hacking group, Digital Revolution. In addition, the culprit also posted the names of the projects as well as the names of the SyTech employees.
April this year, the American social media platform Facebook was fined 3,000 rubles for violating the data privacy law. The company store Facebook users’ information on servers located inside Russia. The complaint was raised by Russia’s Federal Service for Supervision of Communications, Information Technology and Mass Media.
In the same month, another social media platform was also penalized. Twitter got the same sum for not complying with the law and failing to act on its promise to do something about the information of Russian users.
Aside from the data storage, the Federal Law on Personal Data also issues fines to operators who distribute extremist contents. Aside from terrorism, content creators who showcase malicious activities can get fines ranging from 150,000 to 300,000 rubles and website owners from 600,000 to 800,000 rubles.