The upper house of Russia’s federal legislature approved amendments to the country’s federal data protection law (in Russian). The amendments impose detailed information security requirements on businesses that process personal data and revise some of the statute’s data subject consent provisions. The amended law will come into force when it is published in the official newsletter. Russia originally enacted a comprehensive federal data protection law in 2006, but the statute has faced major headwind. While the law is similar in its approach to the EU Data Protection Directive 95/46/EC, it is much more restrictive regarding personal data processing. After several delays, the law came into effect on July 1, 2011. Commentators, however, continue to view the law unfavorably, arguing that it’s unworkable. The amended law directs the government to develop regulations that will set forth appropriate levels of information security protections. The regulations will also establish the security requirements for processing biometric data.