NordenBladet — In its negotiations on Wednesday 11 November, the Government decided on measures to help victims of identity theft and to improve personal identity protection. The Government outlined the following measures:Ensuring psychosocial and other support and coordinating aftercareThe Ministry of Social Affairs and Health will ensure that the victims of the data breach at Psychotherapy Centre Vastaamo continue to receive the necessary psychosocial and other support. Support will continue to be provided through a number of different operators and channels for as long as is required. The Ministry will also monitor and coordinate the aftercare of the situation within the healthcare and social welfare services system.Amending the Act on the Electronic Processing of Client Data in Healthcare and Social Welfare and allocating additional resourcesOn 5 November 2020, the Government submitted a bill to Parliament on the processing of client data in healthcare and social welfare. The Act is due to enter into force on 1 April 2021. 

The proposed amendment would extend the obligation to join the Kanta service platform to all service providers that use client or patient information systems. The information systems used by service providers must pass a test ensuring their operability with the Kanta services and a data security assessment carried out by an appointed data security assessment body.

The Government will ensure the effective implementation of the Act through a variety of measures, including allocating additional resources to the National Supervisory Authority for Welfare and Health (Valvira) and the Finnish Institute for Health and Welfare. These increases in resources aim to improve guidance and supervision concerning the use of data management systems. Under the current legislation, the criteria for changing an individual’s personal identity code are strict and cannot be applied proactively to prevent criminal or other severe misuse of the personal identity code. The Government is therefore preparing a legislative amendment that, in limited situations such as data breaches, would provide an opportunity for individuals to change their personal identity code in order to limit the misuse of their identity.

Developing a single blocking service for all official bans, blocks and prohibitions
In order to ensure that the victims of a data breach are able to manage their everyday lives, it is important to make it as easy as possible to prevent the misuse of their data.

The suomi.fi website provides information on official bans, blocks and prohibitions and has links to the different services. The Digital and Population Data Services Agency, the Ministry of Finance and the Ministry of Transport and Communications are exploring the possibility of creating a single blocking service together with operators in the private sector. The service would make it possible to apply for all official bans, blocks and prohibitions in one place. The service is expected to be ready by the end of next year.

The Ministry of Finance is setting up a project to reform the legislation on the personal identity code system in its entirety. One of the objectives of the project is to clarify the use of personal identity codes and ensure that they are used to distinguish between individuals rather than for identification purposes. Enhancing communication on practices concerning the processing of personal identity codes  The Government decided to enhance communications with citizens on the proper use of personal identity codes and other information related to the identity of individuals in different services. The personal identity code is designed to distinguish between individuals and may not be used for identification purposes by law. The Data Protection Ombudsman is also assessing the need for a more stringent policy on the use of personal identity codes.Several operators (the Ministry of Finance, the Digital and Population Data Services Agency, the Finnish Competition and Consumer Authority, the Finnish Transport and Communications Agency, the Police and the Financial Supervisory Authority) are working together to provide guidance on how personal identity codes and other personal data should be used in society. This is intended to ensure that from now on, personal identity codes will only be used to distinguish between individuals. The Data Protection Ombudsman is responsible for supervising the processing of personal data as a general authority.

Other longer-term measures
The Ministry of Finance will continue its digital identity project aimed at developing a digital identity card. The project is expected to be completed in 2022.The Government Resolution on digital security (issued on 8 April 2020) will be implemented.Preparations will be made for amendments to the Consumer Protection Act that would extend the requirement for strong identification to include, for example, online purchases paid for on credit in instalments.

Source: Valtioneuvosto.fi