This paper examines current issues of information security and personal data protection in the digital economy. The development of the information society and the transformation processes in the Russian economy pose a global challenge to digital security for the state and businesses. The authors trace the evolution of the concepts of the “information society” and “digital economy” in academic literature and in Russian legal regulation, from the works of F. Machlup, T. Stonier, and Y. Masuda to the provisions of the Strategy for the Development of the Information Society in the Russian Federation for 2017–2030. The article analyses the genesis of the concept of “personal data” in Russian legislation, from the Constitution of the Russian Federation of 1993 and the repealed Federal Law No. 24-FZ to the current Federal Law No. 152-FZ and Presidential Decree No. 188. Legal regulation of personal data circulation, improvement of protection methods, promotion of digital literacy, and enforcement of liability for violations of information security legislation are considered as the minimum necessary set of requirements for the state and businesses. Based on statistical data from InfoWatch, Roskomnadzor, the HSE Institute for Statistical Studies, and other sources, the authors demonstrate that personal data constitutes the overwhelming majority of compromised information, although a positive trend is already observed in the Russian Federation. Particular attention is paid to the institution of “turnover fines” introduced by Federal Law No. 420-FZ of November 30, 2024, and the forthcoming entry into force on March 1, 2026 of Order of the FSTEC of Russia No. 117 of April 11, 2025. The conclusion is drawn about the need for a comprehensive approach to ensuring the information security of personal data in the digital economy.