OP 11 November, 2024 - 05:45 PM
Russians who suffered from leaks of confidential data were offered to pay up to 5 thousand rubles in compensation per person. The proposal was made by Vladimir Novikov, Chairman of the Working Group of the All-Russian Union of Insurers (VSU) on Information Risk Insurance, during a speech in the Federation Council of the Russian Federation. He also proposed setting a limit on insurance coverage for such risks from 5 million to 1 billion rubles, depending on the volume of personal data stored by the company.
For more than two years, the Russian Federation has been discussing a bill on turnover fines for technology companies that have allowed leaks of personal data. The provision provides for a fine of 0.1% to 3% of the company's annual revenue, but not less than 15 million rubles and not more than 500 million rubles for a repeat leak.
The issue of organizing a fund to help victims of leaks is also under discussion. The Ministry of Digital Development proposes using the Gosuslugi portal as a third party in distributing compensation for such leaks, although the department has not yet established the amount of such payments.
The VSS project envisages the creation of an insurance product that will include fixed compensation amounts for damage from personal data leaks. In the future, the amounts of such payments may be revised, Novikov said.
The VSS took three categories of personal data as the basis for determining the amount of compensation: simple, special and biometric. The guaranteed payment for a leak will be 1 thousand, 2 thousand and 5 thousand rubles, depending on the type of data.
When calculating the total insurance amount, the volume of this data for each company will be taken into account. If the data operator stores up to 1 thousand records, then the total insurance coverage limit will be 5 million rubles. The maximum insurance amount will be obtained by companies that aggregate more than 1 million records - 1 billion rubles.
Novikov spoke about the model for settling insurance claims. After Roskomnadzor registers the fact of a leak, it is necessary to confirm the data of each victim and inform him about it through government services. Then the victim will be able to apply for compensation. The National Insurance Information System, which has access to data from Roskomnadzor, insurance companies and individuals, can confirm the requests, Novikov continues. After the checks are completed, compensation payments will be made automatically.
![[Image: jd74hlyg1dql66gwzhx-1rs18q8.jpg]](https://i.ibb.co/ZYMfHBn/jd74hlyg1dql66gwzhx-1rs18q8.jpg)
If there are too many victims, the Supreme Court proposes to reduce the amount of payments and establish a priority for people. Thus, some will be compensated for their damages, while others will not, Novikov summed up.
![[Image: q7y5afjqb3y0qyjkwk5pg5bgheu.jpg]](https://i.ibb.co/4Nftr23/q7y5afjqb3y0qyjkwk5pg5bgheu.jpg)
In October 2024, Roskomnadzor registered 13 leaks of 9.7 million records with Russian user data. Since the beginning of the year, more than 600 million records have been leaked after 110 cyber incidents. For leaks of personal data, companies are subject to administrative fines of up to 100 thousand rubles.
habr.com/ru/news/857576
![[Image: Capture-d-cran-2025-01-13-134003.png]](https://i.ibb.co/yqTM0D0/Capture-d-cran-2025-01-13-134003.png)
For more than two years, the Russian Federation has been discussing a bill on turnover fines for technology companies that have allowed leaks of personal data. The provision provides for a fine of 0.1% to 3% of the company's annual revenue, but not less than 15 million rubles and not more than 500 million rubles for a repeat leak.
The issue of organizing a fund to help victims of leaks is also under discussion. The Ministry of Digital Development proposes using the Gosuslugi portal as a third party in distributing compensation for such leaks, although the department has not yet established the amount of such payments.
The VSS project envisages the creation of an insurance product that will include fixed compensation amounts for damage from personal data leaks. In the future, the amounts of such payments may be revised, Novikov said.
The VSS took three categories of personal data as the basis for determining the amount of compensation: simple, special and biometric. The guaranteed payment for a leak will be 1 thousand, 2 thousand and 5 thousand rubles, depending on the type of data.
When calculating the total insurance amount, the volume of this data for each company will be taken into account. If the data operator stores up to 1 thousand records, then the total insurance coverage limit will be 5 million rubles. The maximum insurance amount will be obtained by companies that aggregate more than 1 million records - 1 billion rubles.
Novikov spoke about the model for settling insurance claims. After Roskomnadzor registers the fact of a leak, it is necessary to confirm the data of each victim and inform him about it through government services. Then the victim will be able to apply for compensation. The National Insurance Information System, which has access to data from Roskomnadzor, insurance companies and individuals, can confirm the requests, Novikov continues. After the checks are completed, compensation payments will be made automatically.
If there are too many victims, the Supreme Court proposes to reduce the amount of payments and establish a priority for people. Thus, some will be compensated for their damages, while others will not, Novikov summed up.
In October 2024, Roskomnadzor registered 13 leaks of 9.7 million records with Russian user data. Since the beginning of the year, more than 600 million records have been leaked after 110 cyber incidents. For leaks of personal data, companies are subject to administrative fines of up to 100 thousand rubles.
habr.com/ru/news/857576