Bankers ask the Ministry of Digital Resources to cancel turnover penalties for leaks.
In early March, the Association of Banks of Russia (ADB) sent letters to the Ministry of Digital Development, Communications and Mass Media of the Russian Federation (Mincifra) with a proposal to abandon the introduction of revolving fines for information leakage in case of repeated violation. About it with reference to letters of the organization writes "Kommersant". Earlier, the State Duma adopted in the first reading a bill on such fines.
In one of the letters, ADB points out that the proposed measure is discriminatory, since state institutions do not have turnover, and therefore it is impossible to recover a turnover fine from them, unlike commercial organizations. Thus, as the ADB emphasizes, "the commission of the same offense entails different liability for the first and second persons, which is a violation of the constitutional principle of equality of all before the law and the court." The letter provides examples of leaks that occurred from state and municipal institutions.
In addition, another letter states that turnover fines "may negatively affect information security companies and the entire IT industry as a whole." ADB explains that credit institutions interact with many services, and in all cases, files are automatically exchanged. Thus, if one of the exchange participants enters the system, there is a high probability of infection or data theft from other participants. At the same time, taking into account the current judicial practice, an administrative fine refers to real damage, that is, you can file recourse claims against the counterparty.
Acting President of the ADB Alexey Voilukov considers it unfair that responsibility for commercial organizations for leaks is significantly tightened, and state institutions actually go unpunished. In his opinion, it is possible to abandon revolving fines and leave a fixed amount of fines from 20 to 500 million rubles, as currently provided.
Voilukov also believes that the upper threshold of the fine is excessive, since, for example, a large bank, having received such a fine, can file a recourse claim against the software supplier that caused the leak. For most of these companies, a fine of hundreds of millions of rubles can lead to bankruptcy, he added.
The head of the National Financial Market Council, Andrey Emelin, adds that a turnover fine as a sanction implies that the violator extracts economic benefits from his behavior. However, personal data leaks only result in losses for the companies and banks that committed them, since they involve direct and indirect costs — they cause damage to the IT infrastructure, business processes, cause reputational damage, and lead to an outflow of customers, Mr. Emelin emphasizes.
According to Emelin, the combination of losses from leaks, taking into account turnover fines, can lead to the suspension of business and even bankruptcy.
In early March, the Association of Banks of Russia (ADB) sent letters to the Ministry of Digital Development, Communications and Mass Media of the Russian Federation (Mincifra) with a proposal to abandon the introduction of revolving fines for information leakage in case of repeated violation. About it with reference to letters of the organization writes "Kommersant". Earlier, the State Duma adopted in the first reading a bill on such fines.
In one of the letters, ADB points out that the proposed measure is discriminatory, since state institutions do not have turnover, and therefore it is impossible to recover a turnover fine from them, unlike commercial organizations. Thus, as the ADB emphasizes, "the commission of the same offense entails different liability for the first and second persons, which is a violation of the constitutional principle of equality of all before the law and the court." The letter provides examples of leaks that occurred from state and municipal institutions.
In addition, another letter states that turnover fines "may negatively affect information security companies and the entire IT industry as a whole." ADB explains that credit institutions interact with many services, and in all cases, files are automatically exchanged. Thus, if one of the exchange participants enters the system, there is a high probability of infection or data theft from other participants. At the same time, taking into account the current judicial practice, an administrative fine refers to real damage, that is, you can file recourse claims against the counterparty.
Acting President of the ADB Alexey Voilukov considers it unfair that responsibility for commercial organizations for leaks is significantly tightened, and state institutions actually go unpunished. In his opinion, it is possible to abandon revolving fines and leave a fixed amount of fines from 20 to 500 million rubles, as currently provided.
Voilukov also believes that the upper threshold of the fine is excessive, since, for example, a large bank, having received such a fine, can file a recourse claim against the software supplier that caused the leak. For most of these companies, a fine of hundreds of millions of rubles can lead to bankruptcy, he added.
The head of the National Financial Market Council, Andrey Emelin, adds that a turnover fine as a sanction implies that the violator extracts economic benefits from his behavior. However, personal data leaks only result in losses for the companies and banks that committed them, since they involve direct and indirect costs — they cause damage to the IT infrastructure, business processes, cause reputational damage, and lead to an outflow of customers, Mr. Emelin emphasizes.
According to Emelin, the combination of losses from leaks, taking into account turnover fines, can lead to the suspension of business and even bankruptcy.
