Social and health data have been used for secondary purposes in Finland for decades. Before the Secondary Use Act, permits for data use were granted by individual data controllers, the Ministry of Social Affairs and Health, or the National Institute for Health and Welfare. There was no uniform practice for granting permits, transferring, or processing data.
Previously, data could be sent directly to the permit holder in identifiable form on memory sticks or CDs. Post-processing control was practically impossible, although permit holders have undoubtedly handled personal data with the required care.
Centralized permit procedures and data processing improve data security and citizens’ privacy. When data is combined centrally, its use is more protected and can be monitored more effectively.
Regulations have been issued on the requirements for applications and the security of environments used for data analysis. For Findata’s operations, a secure, closed Kapseli environment has been built. Users authenticate in a two-step process, cannot upload any data themselves, and cannot extract anything. Once the connection to the environment is severed, permit holders have no further access to the data.