Привлечение к ответственности за утечку персональных данных
In the media headlines we see more and more often news about successive leaks of personal data (hereinafter - PD) from large companies, state institutions, etc. personal data (hereinafter - PD) leaks from large companies, state institutions, etc.
For example, just the other day a court in Moscow fined the Higher School of Economics for leaking students' personal data, and a few days earlier the data of the online legal aid platform SberPravo was leaked. Roskomnadzor has recorded 27 data leaks since the beginning of 2023, which led to the publication of 165 million records about Russians online. In total, since the entry into force of the requirement the regulator has received reports of 130 incidents since the mandatory reporting of data leaks for Russian companies came into force. At the same time, the question arises as to how many incidents have not been reported. According to Group-IB data, last year 311 databases of Russian companies were made publicly available for the first time.
However, in most cases it is the organization itself, the legal entity, that is held responsible. Therefore, the question arises as to what is the situation is with the prosecution of individuals for violation of legislation in the field of personal data. How often does this happen and what are the prospects for the development of personalization of liability for personal data leakage? Due to the fact that the investigation of leaks is rather investigation of leaks is difficult and law enforcement agencies do not have much relevant experience, first of all, it is not the "external" perpetrators who organized the leak (hackers, etc.) that may be held liable, but "internal" ones - employees of the company, etc.
In this article we will study in what cases employees of organizations can be held liable for leaks of personal data, in particular, administrative and criminal liability, prospects for the development of legislative regulation, as well as try to formulate practical recommendations for mitigating emerging risks.