Bill on stiff fines for personal data storage breach gains approval of Russian senators
MOSCOW, November 25 (RAPSI) – The upper house of Russian parliament on Monday backed a bill envisaging fines of up to 18 million rubles (about $300,000) for violating requirements for storage of personal data of Russians. A relevant statement was published on the Federation Council’s website.
Authors of the legislative proposal, two United Russia party MPs Victor Pinsky and Daniil Bessarabov, claim that according to the federal personal data law an operator must provide recording, systematization, storage, updating and retrieval of Russian citizens’ data using bases locating in Russia when they collect information including the use of Internet.
Current legislation does not stipulate punishment for failure to meet the database localization requirements.
The initiative sets fines from 2 to 6 million rubles ($30,000 – 90,000) for the first breach of requirements and from 6 to 18 million rubles for repeated violations.
The bill also fixes heavy fines for repeated violations related to online distribution of extremist content. Thus, dissemination of calls for terrorism and extremism would result in fines ranging from 150,000 to 300,000 rubles for website owners, from 600,000 to 800,000 rubles ($9,000 – 12,000) for officials and from 1.5 to 5 million rubles ($23,000 – 80,000) for companies.
Moreover, the draft law envisages fines varying from 2 to 6 million rubles for repeated refusal of legal entities to hand over encryption keys to the Federal Security Service (FSB).
The State Duma passed it in a final third reading on November 21.