In March 2022, the Yandex
Posted: Sun Feb 09, 2025 7:04 am
New fines will be determined depending on the amount and composition of the "leaked" data. The largest fines are expected for the leakage of biometric and special data: about personal life, beliefs, nationality, health, etc.
Personal data leaks occur due to failure to comply with protective measures, so to prevent them you need to:
Use information security tools to monitor user activity and automatically block file transfers based on their content, the transfer channel, and the status of the user currently working with them.
Conduct information security audits and information asset audits regularly.
Compensation for damages after personal data leak
After a leak of personal data, victims can seek compensation for moral damages in court. Many citizens learned about this after the Yandex.Food case, which became a precedent "on compensation" in Russian judicial practice.
.Food service leaked personal data. In addition to two fines, the service received 20 claims for moral damages. The court satisfied 13 of them, obliging the company to pay the claimants 5 thousand rubles each. The average amount of compensation in other cases within this case is estimated at 5-10 thousand rubles.
Compensation for damages for leaks of personal data does not happen often, due to the judicial procedure of proceedings. However, at the moment, the Ministry of Digital Development of the Russian poland mobile database is developing a new extra-judicial procedure for receiving compensation, which can significantly increase the number of people wishing to receive compensation for the leak of their personal data.
I would also like to note that in the future, in the context of the draft law “On turnover fines”, it may be appropriate to pay compensation to organizations that have allowed a leak, as this will reduce the total amount of the fine for the leak.
Compensations are a consequence of leaks, which means that risks can be reduced in similar ways:
Use information security tools to monitor user activity and automatically block file transfers based on their content, the transfer channel, and the status of the user currently working with them.
Conduct regular audits of information system and information asset vulnerabilities.
Localization of personal data bases
Any company that stores or processes personal data of Russians must comply with localization requirements: use only servers located on the territory of the Russian Federation to process and store personal data of Russian citizens.
A typical example of this violation is the case of the international diving certification company International Training. To register on the site, the company collected personal data of Russians and stored it on a server in the USA. The fine for the violation was 1 million rubles.
Personal data leaks occur due to failure to comply with protective measures, so to prevent them you need to:
Use information security tools to monitor user activity and automatically block file transfers based on their content, the transfer channel, and the status of the user currently working with them.
Conduct information security audits and information asset audits regularly.
Compensation for damages after personal data leak
After a leak of personal data, victims can seek compensation for moral damages in court. Many citizens learned about this after the Yandex.Food case, which became a precedent "on compensation" in Russian judicial practice.
.Food service leaked personal data. In addition to two fines, the service received 20 claims for moral damages. The court satisfied 13 of them, obliging the company to pay the claimants 5 thousand rubles each. The average amount of compensation in other cases within this case is estimated at 5-10 thousand rubles.
Compensation for damages for leaks of personal data does not happen often, due to the judicial procedure of proceedings. However, at the moment, the Ministry of Digital Development of the Russian poland mobile database is developing a new extra-judicial procedure for receiving compensation, which can significantly increase the number of people wishing to receive compensation for the leak of their personal data.
I would also like to note that in the future, in the context of the draft law “On turnover fines”, it may be appropriate to pay compensation to organizations that have allowed a leak, as this will reduce the total amount of the fine for the leak.
Compensations are a consequence of leaks, which means that risks can be reduced in similar ways:
Use information security tools to monitor user activity and automatically block file transfers based on their content, the transfer channel, and the status of the user currently working with them.
Conduct regular audits of information system and information asset vulnerabilities.
Localization of personal data bases
Any company that stores or processes personal data of Russians must comply with localization requirements: use only servers located on the territory of the Russian Federation to process and store personal data of Russian citizens.
A typical example of this violation is the case of the international diving certification company International Training. To register on the site, the company collected personal data of Russians and stored it on a server in the USA. The fine for the violation was 1 million rubles.