Russia will hike fines for data theft by 10 times for big & small companies. Should same happen in every country?

Multiple hacker groups in Russia have been showing high levels of activity over the most recent months, increasing the number of data breach reports. In response, the Russian authorities have taken some drastic measures, which have generated some criticism for Vladimir Putin’s administration.

One of the most controversial measures is the noticeable increase in fines set for data security incidents. According to the changes proposed by the Russian Ministry of Justice, the maximum fine for private data breach incidents should be increased from the current 50,000 rubles (about $724) to 500,000 rubles (about $7,240). According to the proposal, fines for individual entrepreneurs would increase from 20,000 rubles to 300,000 rubles, while fines for officials will go from 10,000 rubles to 100, rubles. Finally, fines for regular citizens will go from 2,000 to 20,000 rubles.

The idea of increasing fines first came in 2015, when the lower house of the Russian Parliament proposed a considerable increase in financial penalties for data breaches. Although this proposal was never approved, the authorities consider that recent events have become necessary to rethink the country’s data protection policy.

As in many other countries, Russia has seen a marked increase in data breach incidents, although the cybersecurity community believes that the Russian authorities have taken longer than supposed to implement new mechanisms to combat these incidents and punish those responsible.

According to technology firm InfoWatch, in 2019 reports of confidential data security incidents grew by nearly 40% compared to the previous year, a trend that could be replicated without difficulty when 2020 data is revealed.

The coronavirus pandemic has only worsened the outlook, as thousands of companies resort to using remote work tools to maintain their activities they have become more prone to cybersecurity incidents.

While the increase in data breach fines is a common measure (even as established by the GDPR), members of the cybersecurity community have questioned the effectiveness of this policy: “In addition to the increase in monetary sanctions, governments must push for new legislation on data confidentiality and privacy protection mechanisms , a certainly complex process,” says Yekaterina Portman, director of Deloitte.

Another criticism of this measure is its uneven impact on the finances of private companies; while small businesses could be severely hit by this measure, large firms would hardly receive a fine, even for the highest amount. It is obvious that this project has been proposed with the best intentions, but it is necessary to make multiple improvements and additional processes.