Information Law No. 242- FZ

Earlier this month Russia ushered in new privacy measures as Information Law No. 242- FZ came into effect. The law states that from September 1st, companies operating on Russian territory will be required to store users’ personal data on domestic servers. They must also notify the Russian regulator, Roskomnadzor, the country’s data protection agency, of the location of their servers

The new legislation has presented a serious challenge to foreign companies operating in the country and as the deadline passed the Wall Street Journal documented that many companies were unable to comply in time, including US giants Facebook, Google and Twitter.

So does this offer a potential reprieve?

Well, no -the Roskomnadzor says it intends to enforce the law against small and medium-size domestic and foreign companies with offices in Russia, and reserved the right to conduct spot checks on any firm if necessary. Russian authorities already moved to block more than 60 websites even before the deadline had passed. As a result some foreign companies including Samsung Electronics Co., Uber Technologies Inc. and eBay have already agreed to comply with the law.

As the only foreign data centre provider in country at this time, Telehouse offers storage, guidance and advice to clients in Moscow. This is a big issue as you can imagine, as the trust level for multinational companies dealing with the Russian government and regulations is difficult.

Clear Steps To Ensure Effectiveness:

If you are planning to enter the Russian market your company must outline all measures in the following categories: legal, technology and organizational. The plan must include security guidelines and these metrics.

  1. Tools: Enterprise must include required certified software and hardware
  2. Policies on Policing: Internal controls to ensure compliance
  3. Damage Assessment Metrics
  4. Potential Threats Assessments
  5. Registration Maintenance of all locations where Personal Data is Stored
  6. Notification Process of all unauthorized access to Personal Data
  7. Notification of Damage to Personal Data itself
  8. Rules for and Records of Personal Data Access
  9. Migrations in Progress May Not Meet Deadlines

The Telehouse Moscow Data Centre is already at work assisting customers with collocation within this certified premium, Tier III design facility only 15 minutes from the Kremlin.