The Russian Federal Supervision Agency for Information Technologies and Communications (FSA ITC) together with the Moscow police has conducted a number of pilot special operations to prevent the illegal distribution of databases containing personal data, the agency reported in a news release last week.
The campaign held on June 8 targeted sellers of CDs containing illegal databases at Russia’s largest electronics marketplace, the Gorbushkin Dvor mall in Moscow. During the raid, police confiscated 40 CDs presumably containing police databases with the home addresses and criminal records of individual Russian citizens from 2009, Russian daily Vedomosti wrote.
The illegal distribution of dubiously acquired personal data on private citizens from private firms and Russian state and municipal authorities has been a persistent problem in the country for the last decade. This April, for instance, a many sources in the Russian media reported on the shocking case of a Muscovite who bought a CD on the black market containing, among other sensitive data, information on his own HIV status for just 1,500 rubles, a mere $50.
According to the estimates of the Russian copyright protection association Russkiy Shchit, there are up to 50 stationary outlets selling CDs with personal data in Moscow alone. The cumulative revenue from such sales is estimated at 50-85 million rubles, $1.7-3 million, a month.
Among the largest databases containing personal data leaked in various years and offered for sale to date are included subscription bases of the country’s largest mobile service provider MTS (2003, 5.5 million records), the Tax Ministry database containing personal income data for Muscovites (2004, 9.9 million records), the Pension Fund of Russia database also containing information on personal income of Moscow citizens (2003, 7 million records), the shareholder registers for MTS, Lukoil and Nikoil (2005), and a consolidated database of recruiting agencies (2010, 847,000 records).
Gaps in legislation
Russian legislation does not allow law enforcement agencies to effectively prosecute the distribution of personal data. Currently the law presumes responsibility for transferring personal data of individual physical party and for direct stealing of such data by a hacker or an insider. Normative statutes that criminalize the massive redistribution of personal data still do not exist in Russian legislation.
Against this background, the situation regarding the prosecution of distributors of copyrighted materials is more optimistic. This April, for example, Adobe Systems won a civil suit against a Russian citizen, who has been ordered to pay the company 7,440,000 rubles, approximately $262,000, for selling and distributing pirated software. The case represents the largest settlement for damages to be granted to Adobe in Russia to date.
Earlier this year, East-West Digital News also reported on the criminal case opened by Russian Interior ministry against a 26 year-old Muscovite for having “replicated and disseminated” 18 copyrighted music recordings from his personal page on Vkontakte.ru, the largest Russian-language social networking website.
