Working group to explore ways to improve information security and data protection in critical sectors of society
On 9 November 2020, the Ministry of Transport and Communications appointed a working group to identify needs to amend the legislation on information security and data protection in sectors of key importance for the functioning of society and to submit a proposal to the Government for policy guidelines on them. The aim is to further increase the level of information security in Finnish society and to ensure that the citizens' data is better protected than presently.
The study will focus on key sectors of society, such as health care, financial markets, energy supply, water supply and transport services. Further areas included in the study are Finland's digital infrastructure as well as information systems essential for the functioning of public administration.
The assessment should be as concrete as possible and focus, in particular, on the powers and supervision of the authorities. The working group is also expected to provide as accurate an assessment as possible of the operator-specific or information system-specific resources currently allocated to information security tasks as well as the expertise of the personnel on the matters. The task of the working group is to analyse the effects and calculate the costs of the proposed measures and the additional resources needed.
One reason for setting up the working group is a recent data breach against a service providing psychotherapy services. It showed that there are critical information systems in Finland in which information security and data protection have not been adequately ensured.
The group will be chaired by Laura Vilkkonen, Director-General at the Ministry of Transport and Communications.
In addition to representatives of the Ministry of Transport and Communications, the working group has members from the Ministry of Agriculture and Forestry, Ministry of Justice, Ministry of the Interior, Ministry of Social Affairs and Health, Ministry of Economic Affairs and Employment, Ministry for Foreign Affairs and Ministry of Finance. The group members also include the Cyber Security Director as well as representatives from the Cyber Security Centre of the Transport and Communications Agency, the Emergency Supply Centre, the National Police Board and the Office of the Data Protection Ombudsman are also presented in the group. The working group will also consult other authorities.
The term of the working group ends on 31 January 2021.
It is to publish an interim report in December 2020.
In order for the possible implementation of the group's policy and action proposals to take place, the resource implications have to be taken into account in the government session on spending limits in spring 2021.
Laura Vilkkonen, Director General, tel. +358 40 500 0817