In Russia personal data is defined as any information relating to a directly or indirectly identified or identifiable individual. The interpretation of this general definition continuously evolves. No more than two years ago it was widely believed that information must relate to an unambiguously identified individual in order to qualify as personal data. However, as of today more and more categories of information start to be considered as personal data. In July 2017, the Russian regulator in the area of personal data (Ministry for Telecoms and Mass Media of the Russian Federation (Ministry)), issued a letter on a slightly different subject (electronic cash decks and electronic payment confirmations). Importantly, in this letter the Ministry specifically considered and expressed its position that where an individual customer providers his/her personal phone number or email, such information by itself (without any additional detail) qualifies as personal data, and all requirements relating to personal data must be complied with. The above position is not binding, but companies which previously considered emails and phone numbers as not falling under Russian personal data laws and thus did not treat this information accordingly should reassess their position and take relevant measures (localization, protection, limitations on transfer etc.) and relevant potential risks, including the risk of potential blocking of non-compliant websites.