Russia plans to tighten data protection, draws up draft legislation to stop leaks
Nov 25, 2018 09:28 AM IST
Russia has drawn up draft legislation aimed at stopping leaks of personal information from state agencies, a step that follows publication of details of Russians allegedly involved in clandestine intelligence operations abroad.
The bill, produced by Russia’s communications ministry, bars unauthorised people from creating and publishing databases of personal data drawn from official sources, and fines anyone violating that rule.
It also requires that state agencies setting up systems for handling personal data consult with the Federal Security Service, Russia’s main domestic intelligence agency.
The communications ministry did not respond to a request for comment from Reuters.
The bill, published late on 23 November, says it is in response to a 2017 instruction from President Vladimir Putin and makes no mention of the spate of leaks.
However, Russian authorities have been embarrassed by leaks about two men Britain alleges were Russian intelligence agents who used a nerve agent to poison former spy Sergei Skripal and his daughter. Russia denies involvement.
The two men told Russian television they were innocent tourists who went to the English city of Salisbury, where Skripal was living, to view its cathedral.
But the Bellingcat investigative journalism website, drawing on leaked passport information, identified the two as officers with Russia’s GRU military intelligence agency.
In a separate case, a Russian accused in a U.S. indictment of conducting cyber attacks around the world was traced, via leaked official databases, to an address in Moscow that Washington says is a base for Russian military intelligence.
The legislation, comprising two draft laws and a draft government resolution, has been published for a 30-day period of public consultation, after which it will be submitted to parliament and the government for approval.
Russia has an active black market in illegal databases compiled using confidential information stolen from state-run registries. The data includes passport details, addresses, car registrations, flight manifests and even tax returns.
Releasing personal data in this way is already illegal under existing legislation, but Russian authorities have struggled to stamp out the practice. Many of the databases are openly available on the Internet.