Information security
The Ministry of Transport and Communications is responsible for
legislation and strategy development concerning information
security in communications networks and services. Information
security refers to the administrative and technical measures that
ensure the confidentiality and integrity of information and the
usability of systems.
The mission of information security policy is to ensure that the
general public, businesses and government all have confidence in
the security and privacy protection of services provided in the
ubiquitous information society. The trust is based on, for example,
user-friendly services, adequate privacy protection and genuine
content.
The role of the Finnish Communications Regulatory Authority,
FICORA, is to act as the national authority for information
security. CERT-FI is the name of the FICORA unit dealing with
information security infringements and their prevention.
National Information Security Strategy
A Government resolution on the national information security
strategy was adopted in December 2008. The aim of the Strategy is
safe everyday life in the information society. The vision of
the strategy is that people and businesses can trust that their
transactions in information and communications networks and in the
related services are secure.
The Strategy focuses on three priorities: basic skills in the
ubiquitous information society, information risk management and
process reliability, and competitiveness and international network
cooperation. The aim is safe everyday life in the information
society that will be achieved with skills and judgment, not
luck.
Identification and data protection
Identification with user names and passwords, and with changing
passwords and certificates is efficient and widely used. For
example the Ministry of Finance has issued instructions on using
these identifiers. For the purposes of electronic identification
the Population Register Centre has made available an electronic
identity card and a related citizen certificate.
An electronic signature refers to any technically produced
signature that ensures the identity of the sender. A third party, a
certificate authority, always ensures the authenticity of an
electronic signature.
Act on Electronic Signatures entered into force from the beginning
of February 2003. An electronic signature has the same legal value
as a hand-written signature. The Act applies to electronic
signatures and certificates. Electronic signatures may be used in
both commercial and administrative transactions.
The Act on Electronic Signatures lays down provisions on
certificate providers’ obligations and responsibilities and on the
protection of personal data. The obligations of certificate
providers concern, for example, reliable identification of a
certificate applicant, use of secure systems, and personnel
qualifications. The Act also provides the minimum content for a
qualified certificate.
The providers of certificates must, according to the Act, inform
FICORA about their activities. FICORA supervises the providers.
FICORA also maintains a public register of the certificate
providers.
Biometric identification is coming into widespread use, which
requires monitoring of its processing and usage, and possibly some
legislative measures. Biometric identifiers are personal data and
provisions on their processing are primarily laid down in the
Personal Data Act. The processing involved is supervised by the
data protection ombudsman. A working group appointed by the
Ministry of the Interior is examining the possibilities to include
biometric identifiers into travel documents. The group also
assesses the resulting need for legislative amendments.
Further information
Ms Mirka Meres-Wuori, Senior Adviser, tel. +358 9 160 28532, firstname.lastname@lvm.fi