The Association of Russian Banks (ABR) has proposed to the Ministry of Digital Development, Communications and Mass Communications of the Russian Federation (Minzifra) to reconsider the introduction of working fines for information leakage in the case of repeated violations. According to a report by “Kommersant”, the ABR sent letters to Minzifra in early March expressing concerns over the bill that the State Duma adopted in the first reading.
One of the letters highlighted that the proposed measure could be discriminatory as state institutions do not generate turnover, making it impossible to enforce working fines on them. This discrepancy in liability for the same offense violates the constitutional principle of equality before the law, stated the ABR. Examples of leaks from state and municipal institutions were provided in the letter to support the argument against the fines.
Another letter from the ABR pointed out that the current fines could have a negative impact on companies specializing in information security and the overall IT industry. The interaction between credit organizations and various services often involves automatic file exchanges, increasing the risk of data theft or infection in case of a breach by one participant. The letter also mentioned that current fines are based on actual damage, allowing for regressive claims against the counterparty.
Acting President Aleksey Volyukov criticized the disparity in responsibility for leaks between commercial organizations and state institutions. He suggested retaining a fixed fine amount ranging from 20 to 500 million rubles instead of implementing working fines. Volyukov also expressed concerns about the excessive upper threshold of fines for large banks, which could lead to bankruptcy in some cases.
Andrei Emelin, the head of the National Council of the Financial Market, highlighted the detrimental impact of leaks of personal data on companies and banks. Emelin stated that such leaks result in losses due to damage to IT infrastructure, business processes, reputation, and customer base. Considering the current fines, Emelin warned that the cumulative losses from leaks could potentially force businesses into suspension or bankruptcy.