Regulation on secure operating environments

Findata has issued a regulation on the requirements set for other service providers’ secure operating environments. The regulation concerns the secondary use of social and health data.

According to the Act on Secondary Use, the analysis of data at individual level is only permitted in environments that meet the requirements of the regulation as of 1 May 2022. The requirements require the same level of information security as is required for Findata’s own operating environment.

This regulation applies to all purposes laid down in the Act on Secondary Use for which a data permit is required under the Act on Secondary Use. These purposes include scientific research, statistics, education and the planning and reporting duty of an authority. With regard to teaching, the regulation pertains to the preparation of teaching materials, not actual teaching.

The entry into force of the requirements does not affect existing, valid permits. If data are processed on the basis of a valid permit previously granted, the processing of that data may continue in the same environment after 1 May 2022.

See the regulation

The regulation was updated in January 2022. The new regulation replaces the previous regulation of 5 October 2020 (THL / 2492 / 4.00.00 / 2020). The updated regulation contains its own copy of the criteria for issuing the certificate, in addition to which the requirements are described in more detail.

Trusted authentication sources

The trusted authentication sources mentioned in the regulation for secure operating environments of other service providers are currently:

  • Haka
  • Virtu

In addition, if necessary, we will arrange a user ID for foreign customers with a separate order, which will enable the use of the services.