Personal Data Storage Regulations
Personal data operators may be required to report leaks
The State Building and Law Committee approved a first reading amendment to the Personal Data Act, which obliges data operators to report their leaks to the authorities
Photo: Yuri Smithuk/TASS
The State Building and Law Committee of the State approved the first reading of the amendment to the Personal Data Act, which had been introduced by a group of senators to Gosduma in 2013, and informed the BCRC. This information was confirmed by the Vice-Chairman of the Federation Council ' s Committee on State Construction and Law, Ludmil Bokov, one of the sponsors of the amendments.
The bill specifies requirements for operators Personal data (employees, telecommunications operators, banks, Internet stores and other Internet sites, companies developing loyalty programmes, etc.). In particular, they have an obligation to notify the designated authority in the event of improper disclosure or leakage of personal data. The notification procedure is not described; according to the BCRC, Ludmil Bokova, the authors intend to make the necessary clarifications " directly with data operators " . She said that efforts would focus on " unauthorized access only " . The senator also noted that he believed that it was appropriate for leaks to be notified to individuals. It did not rule out that such amendments would be prepared for the second reading of the draft.
The number of leaks of confidential information in Russia increased in 2016, compared with the previous 80 per cent, according to the latest report of the InfoWatch analytical centre specializing in cybersecurity. In total, there have been 213 such cases in the country over the past year, and 1,556 in the world. Most of the leaks are related to the theft of personal data, accounting for 85.6 per cent of all cases in the world.
