This can lead to a negative outcome for the individuals whose information was not saved and for the operators who allowed such an incident. The owners of such data risk becoming victims of various types of intruders. Money can be illegally debited from their bank cards and accounts. There is a risk of being subjected to blackmail related to the disclosure of personal information and other threats.
Operators bear the following types of liability for violations that result in the leakage of personal data:
Civil : includes compensation for damages and moral harm in court.
Administrative : a fine for the leak of personal data, the application of restrictions or a complete ban on activities that involve transactions with personal information.
Criminal : occurs in the chinese student data package case of illegal distribution of personal data, if this has caused significant damage. Information about this is transferred to law enforcement agencies.
Responsibility for personal data leakage
Source: shutterstock.com
If it is established that the operator has violated the requirements for preventing leakage of personal data when storing tangible media, Part 6 of Article 13.11 of the Code of Administrative Penalties of the Russian Federation provides for a fine:
for officials – from 8,000 to 20,000 rubles;
Individual entrepreneurs – from 20,000 to 40,000 rubles;
for enterprises and organizations from 50,000 to 100,000 rubles.
More significant violations (for example, collecting and publishing personal data on the Internet) may result in a fine of one to six million rubles for the first violation and six to 18 million rubles for a repeat violation, if committed by a legal entity.
Illegal disclosure of personal and family data of an individual in public places or in the media may be classified as a criminal offense (Article 137 of the Criminal Code of the Russian Federation).
Such violations may result in a fine of up to 200,000 rubles or an amount equal to the income received over a period of one and a half years. There is also a practice of assigning mandatory, corrective or forced labor for a period of up to 360 hours, a year or three years, respectively.
In addition, the offender faces arrest for up to four months or imprisonment for a maximum of two years. A ban on certain activities for three years may be imposed, depending on the severity of the offense. The situation is aggravated if the offender has used his official position for selfish purposes.
Case: VT-metall
Find out how we reduced the cost of