Russia Data Protection Enforcement Update - Administrative Charges Follow Breach

It is being reported that Moscow prosecutors conducted an investigation into whether several websites that were involved in data breaches earlier this year violated the country’s data protection law. As a result of the breaches, names, contact information and order histories of Internet magazine subscribers (including adult-themed publications) became available on Internet search engines, including Russian-language Yandex. Without naming the websites, the report states that the prosecutors have filed administrative charges against two Internet magazines as a result of the investigation.

This is at least the second in a recent string of high profile data breaches in Russia. We previously reported about a data breach that resulted in public disclosure (including on Yandex) of personal information and text messages of the customers of Megafon, a major Russian mobile provider. On August 30, a Moscow court determined that the breach violated the country’s communications laws and ordered Megafon to pay a fine of 30,000 rubles.

Although the fine levied against Megafon is relatively small (approximately $1,000 in US dollars), the string of data breach actions appears to mark a new era in data protection enforcement in Russia.  While the country's data protection law continues to face criticism at home as unworkable, federal agencies appear to move forward aggressively to enforce the law.