Roskomnadzor, Russia’s Federal Service for Supervision of Communications, Information Technology and Mass Media, released its annual report on the personal data law last week. The agency reported 53 personal data leaks in Russia in 2012.
Around 30 cases involved non-compliance with the requirements of the personal data law, while the remaining 20 cases involved an illegal transfer of personal data to third parties. Most leaks were associated with the unauthorized distribution of personal information in paper form.
The agency did not specify which categories of websites were the most affected by these leaks, but several cases of client database trafficking were reported by East-West Digital News recently in the field of e-commerce. From small sites to some well-established ones, a number of Russian online retailers have fallen victims of what appears to be a large-scale black market of client database information.
The vulnerabilities of major Russian websites came to light for the first time in 2011, when some 8,000 text messages sent by clients of the Russian cellular operator MegaFon through its website were found online in the output of the major Russian-language search engine Yandex.
A variety of violations
Roskomnadzor audited 193 Internet sources to ensure their compliance with the various obligations of Russia’s personal data legislation and found violations in 138 cases. In 16 cases, administrators have already removed the leaked personal data and opened 20 administrative cases against Internet sites that violated the law.
The personal data law, which came into force in the summer of 2011, imposed stricter legal obligations on both public and private organizations dealing with personal data.
According to this law, personal data can only be collected or used with the approval of the concerned person, which an organization must later be able to prove. The law, which is particularly demanding when it comes to the protection of stored personal data, has been severely criticized by the business and legal communities for containing excessively stringent requirements and creating considerable costs while lacking clear implementation mechanisms.
The Russian government received 1,098 complaints about the law’s provisions this year, most of them coming from website owners, RIA Novosti reported.
- RUSSIAN E-COMMERCE REPORT – In partnership leading universities and consultancies, EWDN has published an in-depth research on Russia’s online retail market, including a detailed analysis of the personal data law and how it affects businesses. To receive free insights or to order the full version (2013 edition), please contact us at [email protected].