Alexey Lukatsky, a business consultant on information security

[tanjimajuha20]

RTM Group CEO Evgeny Tsarev recommends providing precise definitions, which are currently missing: "In order to really talk about responsibility for leaks, we need to clearly define what leaks are. All attempts to give an unambiguous definition that I know of have failed. It is strange to be held responsible for something that has no definition. For example, is it a leak if an employee copies corporate information to a flash drive? Or can it only be considered a leak when the employee leaves the company premises? Or when he or she transfers the information to third parties? Or when they make it publicly available and bahamas cell phone number list start selling it? But they may not make it public or sell it, but use it to implement a multi-level attack. Is this a leak? Or is it something else? That is, are additional conditions needed to define a leak, for example, using a database for illegal purposes? There are a lot of questions here, but unfortunately there are no answers, or they are all contradictory. In general, the position is correct - leaks must be fought. But not only terms are needed, but also approaches. How will the fact of a leak be recorded? How will the fine be calculated? Etc., etc. If the state system is set up to combat leaks, then it is possible to radically reduce the number of leaks, but it is important to take into account many details."

at Positive Technologies, believes that everything depends on law enforcement practice: “Currently, two forms of increasing liability are proposed. One is administrative, related to turnover fines. It is this that can entail increased attention from personal data operators to the protection of personal data that they process. And the second norm, related to criminal liability for the illegal turnover of personal data, does not in any way affect the strengthening of measures related to ensuring security, because it is imposed on those who steal or trade in illegally obtained personal data. As for turnover fines, on the one hand, of course, this should entail increased attention, but mainly only for large personal data operators that process large volumes of personal information about users or their employees. But whether this will seriously affect the increased attention to security issues, only law enforcement practice will show, because, as we know, the severity of our laws is often compensated for by the non-obligation of their implementation or the lack of desire on the part of law enforcement, in fact, this is "implement law enforcement."