Roskomnadzor teaches Russian companies to work with sensitive data

Roskomnadzor refuted information that operators processing large volumes of sensitive information will be required to obtain a special license. Previously, it was reported that this condition would be included in the bill on fines for the leakage of personal data.

According to the department, the official proposals contained in the bill “do not provide for the need for licensing or the introduction of additional licensing procedures.” They are aimed at increasing the level of protection of personal data of citizens by operators.

However, companies handling more than 1 million records will likely need to meet a few other requirements. They must be Russian legal entities, have at least five employees with higher education in the field of information security, and also have a budget of more than 100 million rubles. The latter condition ensures that the operator can compensate customers for damages in the event of a leak.

In addition, such operators are required to use only Russian databases and confirm that all requirements for the processing of personal information and ensuring information security are strictly observed.

Roskomnadzor noted that the amendments are due to the need to increase the level of information protection of sensitive information, the leakage of which poses increased risks for society, especially when working with large volumes.