Senators Andrei Turchak and Irina Rukavishnikova, together with Deputy Alexander Khinshtein, have presented Prime Minister Mikhail Mishustin with the final version of a bill that establishes fines for violations of personal data protection, according to a report by “RBC” citing a copy of the project.
The document proposes amendments to the Code of Administrative Offenses. Under the proposal, the following penalties will be imposed for violations:
- Legal entities will face fines ranging from 3 to 5 million rubles if the leak affects between 1 and 10 thousand citizens.
- Fines of 5 to 10 million rubles will be imposed if the number of affected citizens is between 10 and 100 thousand.
- If the leak impacts more than 100 thousand people, the proposed fine will be between 10 and 15 million rubles.
For repeated violations, regardless of scale, a fine of 0.1% to 3% of the annual turnover for the previous year, or for part of the current year, will be introduced. The fine must be no less than 15 million rubles and no more than 500 million rubles.
In the case of leaks of biometric data, legal entities will face fines ranging from 15 to 20 million rubles. The project also proposes different fine sizes for leaks of personal data involving citizens and officials.
Currently, the maximum penalty for companies for data leaks is up to 100 thousand rubles, and up to 300 thousand rubles for repeated violations. The amendments are expected to take effect 30 days after the official publication.
The explanatory note accompanying the draft law references data from Kaspersky Laboratory. According to the company’s report, in 2022, attackers published 168 significant databases of Russian companies, containing over 2 billion records. Among these leaks, nearly 300 million user data were compromised, with approximately 48 million lines containing passwords. The majority of user data (64%) was compromised through attacks on large businesses. The delivery sector accounted for 34% of the compromised data, followed by the retail sector with 14%.