Roskomnadzor, the Russian federal service for supervision of communications, information technology, and mass media, has refuted claims that operators processing large volumes of sensitive information will be required to obtain a special license. This announcement contradicts previous reports that such a condition would be included in the bill on fines for leakage of personal data.
The department clarified that the official proposals outlined in the bill do not mandate licensing or the introduction of additional permits. Instead, they aim to enhance the protection of personal data held by operators and ensure the privacy of citizens.
Nevertheless, companies handling more than 1 million records are still expected to meet certain requirements. These entities must be registered as Russian legal entities and employ at least five individuals with higher education in the field of information security. Additionally, the operators are obligated to allocate a minimum of 100 million rubles to the budget, ensuring they can compensate customers for any damages resulting from data leaks.
Furthermore, operators processing large volumes of sensitive information are obliged to exclusively use Russian databases. They must also provide confirmation that they comply with all regulations governing the handling of personal information and ensuring information security.
A spokesperson from Roskomnadzor emphasized that these amendments are necessary to elevate the level of information protection surrounding sensitive data. The leaking of such data poses heightened risks to society, particularly when dealing with substantial quantities.