Russian citizens could soon receive compensation through the public services portal in case of personal data leaks, following the implementation of the Law on cyber inspection, Senator Artem Sheikin announced.
Senator Sheikin explained that if there is a data breach on the “public services” platform, compensation will be provided to citizens by the Ministry of Construction from their own funds as the personal data operator. It is worth mentioning that the ministry had proposed last April to involve the Public Service portal as a third party in the compensation process for personal data leaks.
After discussions in the Federation Council on this matter, recommendations were issued to federal executive bodies to develop mechanisms for assessing organizations’ security against real threats, considering their suitability for determining final fines, Sheikin added.
Senator Sheikin emphasized the importance of ensuring that data operators have financial resources to compensate for data breaches and any resulting harm to citizens, with the possibility of state organizations compensating citizens either from the budget or from the finances of the party responsible for the leak.
In January, the State Duma of the Russian Federation passed a bill in the first reading to introduce fines for violating specific requirements of personal data legislation. The proposed maximum fine for legal entities could be up to 3% of their annual revenue, with a minimum of 20 million rubles and a maximum of 500 million rubles.
The bill, introduced in December 2023 by a group of senators and deputies led by the First Vice-Spiker of the Federation Council, Secretary of the General Council of United Russia Andrei Turchak, suggests adding new sections to Article 13.11 of the Administrative Code of the Russian Federation related to violations of personal data legislation.