Minister of Justice Anna-Maja Henriksson (SFP) was seen on a television camera monitor as she and two of her fellow ministers, Sirpa Paatero (left) and Krista Kiuru (centre), presented measures to help the victims of hackings in Helsinki on Thursday, 12 November 2020. (Vesa Moilanen – Lehtikuva)


THE FINNISH GOVERNMENT on Thursday unveiled a lengthy list of measures to support the victims of the data breach at Psychotherapy Centre Vastaamo.

The government revealed it is prepared to expand the possibilities of individuals to change their social security number in circumstances, such as the aftermath of a hacking, where it is deemed necessary to prevent the misuse of identifying information.

Sirpa Paatero (SDP), the Minister of Local Government, underlined in a press conference that the process will remain complicated and painstaking also after the proposed legislative change, according to Helsingin Sanomat.

“You have to keep in mind that changing the social security number is a pretty big thing for any individual,” she said, reminding that there is no way to enter the new number into all systems at once.

Minister of Justice Anna-Maja Henriksson (SFP) said the Ministry of Justice will begin preparatory work on a bill that would require stronger identification for online services, including all types of consumer credit agreements. The requirement currently applies to, for example, payday loans but not to one-time credits or pay-later invoice solutions.

“It’s unfortunate that the social security number and other identifying information of an individual, such as name and address, make it possible to commit frauds. This applies also to business-to-consumer trade,” she said.

“If you buy, let’s say, a washing machine online, you can typically pay for it with credit in instalments. The Finnish Competition and Consumer Authority has received questions about these kinds of credits, about why more careful identification isn’t required in these situations. Although there are relatively few reports of wrongdoing in retail, we have to try limiting those possibilities.”

The government also revealed that companies using client and patient data repositories will be required to use Kanta, provider of digital services for the social and health care sector in Finland. Psychotherapy Centre Vastaamo, the database of which was infiltrated in a hacking in November 2018, was among the companies that had chosen not to use the voluntary services.

All third-party patient data systems, meanwhile, will be phased out in a bid to improve data security and protection.

“This is a major change. We’ve been talking about it for a decade and now this big reform can be carried out. And I’m very pleased that it will be,” commented Minister of Family Affairs and Social Services Krista Kiuru (SDP).

The act is to enter into effect on 1 April 2021.

Aleksi Teivainen – HT