Government proposes legislative amendments to improve the exchange of information between authorities in information security breaches
The Government proposes amendments to the Act on Electronic Communication Services, the Act on the Processing of Personal Data in the Defence Forces and the Act on the Processing of Personal Data by the Police. The aim of the amendments is to improve the exchange of information between authorities in information security breaches. The Government submitted the proposal to Parliament on 27 October 2022.
The amendments would facilitate the information exchange between public authorities in significant information security breaches that have or threaten to have serious adverse effects on the governmental decision-making authorities’ ability to act, national security and defence, essential social and healthcare services and rescue services, essential commodities such as energy, water and food supplies, essential payment and securities services or on transport and communication services critical for the functioning of society. Hacking into these functions is also covered in the proposal.
“With our proposal we could improve the cooperation between authorities by providing more opportunities for mutual exchange of information and executive assistance. Such efficient shared use of resources is yet another unique Finnish solution. Our ability to react to serious cyber attack situations would improve significantly,” says Minister of Transport and Communications Timo Harakka.
Proposal would improve the safety and security as well as the information security in society
The legislative amendments would improve the capacity of the authorities to investigate information security breaches that may adversely affect a wide range of critical functions in society. At the same time, the security and information security of the entire society would improve.
The proposal extends the possibilities for providing executive assistance between authorities in breaches of information security. In terms of the Transport and Communications Agency Traficom, the decision-making process for the executive assistance procedures would be streamlined. It is also proposed that communications providers have the right to voluntarily disclose information to Traficom with regard to information security breaches in order to investigate and prevent them.
The government proposal is based on the government resolution adopted in summer 2021 on improving information security and data protection in critical sectors of society.
The proposal relates to the work launched in spring 2022 by the Ministry of the Interior and the Ministry of Defence, which assesses more extensively the cross-administrative capacity of the authorities in ensuring cyber security and cyber defence and in combating cyber crime. The stakeholders will prepare and coordinate the projects in close cooperation.
A referral debate will be held on the proposal now submitted by the Government to Parliament. The timetable for the debate will be listed on Parliament’s website (upcoming plenary sessions).
After the referral debate, the proposal will be taken to a Parliamentary Committee. After the Committee submits a report, the matter will be discussed in a plenary session.
The aim is that the legislative amendments enter into force on 1 February 2023.
Outi Slant, Senior Specialist, tel. +358 29 535 9298, email@example.com
Veikko Vauhkonen, Senior Specialist, tel. +358 50 323 0578, firstname.lastname@example.org
Maija Ahokas, Director of Unit, tel. +358 50 323 6178, email@example.com
- Press release, 21 June 2022: Consultation process: Legislative amendments to improve the exchange of information between authorities in information security breaches
- Press release, 8 February 2022: Working group to explore ways to intensify cooperation between authorities in cyber security incidents