Personal data of almost a million Russians was publicly available because of leaking from banks
The Kommersant publication reported that in May 2019, about 900 thousand Russians had leaked their personal information to the network. Name, passport details, phone numbers, as well as information about the place of work and salary are in the open acces. Information was received in 2013, but most of it is still relevant.
The sources of leakage are three banks, Alfa-Bank, OTP Bank and HKF Bank. Commenting on this situation, employees of Alfa-Bank and HKF Bank informed the media about the start of the audit, while at OTP Bank they denied any information about the leakage.
The information included in the network is personal data in accordance with the international regulatory act of GDPR, and in accordance with the Federal Law of the Russian Federation “About Personal Data”. However, these regulations have a different relationship to the protection of personal data security by the operator.
While in the text of the GDPR, the protection of processed personal data is indicated among the fundamental principles of personal data processing, the Federal Law “About Personal Data” refers the protection of confidentiality of personal data to the operator’s duties in Article 19, but the main reason for such leaks is that the rules for the storage of personal data in the Federal Law of the Russian Federation “About Personal Data” are significantly less than in the GDPR.
Despite the different approach to the protection of personal data of various regulations, the sanction for non-compliance with the rules for the protection of the data being processed is provided for by both laws. It is necessary to establish whether banks had the right to store this information, as well as whether the level of protection necessary for storing published data was ensured. The result of this check will determine whether the indicated banks will be liable for the leakage of information.
Banks must be held accountable for this leakage, because lack of serious punishment causes leakages like this.