fbpx

Download free GDPR compliance checklist!

Tag Archives for " Finland "

A Hacker Is Threatening to Leak Patients’ Therapy Notes

An extortionist has turned a breach of Finland’s Vastaamo mental health services provider into a nightmare for victims.

It seems that Vastaamo had at least one exposed database of patient information that was breached in November 2018 and likely again in mid-March 2019. It is unclear how many patients were affected, but the National Bureau of Investigation said on Sunday that the number could be in the tens of thousands.

The hacker or hackers running the extortion campaign have been demanding 200 euros’ worth of bitcoin, about $230, from victims within 24 hours of the initial ask, or 500 euros ($590) after that, or else they’ll make their information public. A hacker persona “ransom_man” has set up a site on the anonymous web service Tor that already lists leaked data from at least 300 Vastaamo patients. Finnish media reports also indicate that Vastaamo has received a demand for around $530,000 worth of bitcoin to keep the stolen data out of the public domain.

Source: A Hacker Is Threatening to Leak Patients’ Therapy Notes | WIRED

Finland DPA imposes €72,000 GDPR fine against taxi company

The Office of the Data Protection Ombudsman has imposed an administrative fine against taxi company Taksi Helsinki for data protection violations.

Last summer, the company had replaced its camera surveillance system with one that recorded both audio and video, but failed to assess the legality of the related personal data processing as required by the EU General Data Protection Regulation (GDPR). Additionally, the taxi company also failed to conduct the impact assessments required by GDPR before the start of processing.

Source: #Privacy: Finland DPA imposes GDPR fine against taxi company

Finland Approves Act On The Secondary Use Of Social And Health Care Personal Data

The Finnish Parliament has approved the new general Act on the Secondary Use of Social Welfare and Health Care Data in March 2019.

The new Act codifies the relevant legislation and broadens the possibilities to, under certain conditions, utilize and combine for secondary purposes personal data collected in relation to public or private social and health care operations.

Source: Finland: Parliament Approves New Act On The Secondary Use Of Social And Health Care Personal Data

Finland to investigate Nokia about sending data to China

Finland’s data protection ombudsman said on Thursday he would investigate whether Nokia-branded phones had breached data rules after a report said the handsets sent information to China.

Nokia-branded mobile phones are developed under licence by Finnish company HMD Global, which said no personal data had been shared with a third party although it said there had been a data software glitch with one batch of handsets that had been fixed.

Source: Finland to investigate Nokia-branded phones after data breach report | Reuters

Finnish Data Protection Act enters into force after being “significantly delayed”

The Data Protection Act (1050/2018) entered into force, on 1 January 2019, following the Parliament of Finland’s approval on 13 November 2018.

The Act implements the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) into national law and repeals the Personal Data Act (523/1999), as well as the Law on the Data Protection Board and the Data Protection Commissioner (389/1994).

Full article: Finland: Data Protection Act enters into force after being “significantly delayed”

Finland updates its data protectionlaw according to the GDPR

Finland finally adopted its new GDPR-style law on 13 November. The delay was partly caused by deliberations on the role of the Data Protection Ombudsman (equivalent of Privacy Commissioner) in imposing administrative fines. It was argued that to have one person decide on a very high level of sanctions did not fit in with Finland’s legislative tradition.

Source: Finland updates its DP law according to the GDPR – Privacy Laws & Business

Finland parliament weakens constitutional privacy right to pass security law

Finland’s parliament voted on Wednesday to add new exceptions to a clause in the constitution that guarantees the right to privacy, to enable swift approval of an intelligence bill aimed at combating terrorism and spying by foreign governments. The new language would create another exception to give the police and security forces the authority to snoop on emails and other messages to gather information about “military or other activity that threatens national security”.

Source: Finland parliament weakens constitutional privacy right to pass security law | Reuters

Finnish court issues precedent “right to be forgotten” decision for Google to remove data

The Supreme Administrative Court ruled that Google must remove a convicted man’s information from its search engine data, as requested, in respect of his privacy. The court ruled that even though the crime in question was extremely serious, the public’s right to information on the case did not outweigh the man’s right to privacy and personal data protection.

Source: Finnish court issues precedent “right to be forgotten” decision for Google to remove data | Yle Uutiset | yle.fi

Jehovah′s Witness note-taking challenged at EU′s top court

Notes on door-to-door visits made by members of Jehovah’s Witnesses breach EU data privacy law, according to the advocate general of the EU’s top court. His finding backs the view of Finland’s data protection commission.

Source: Jehovah′s Witness note-taking challenged at EU′s top court | News | DW | 01.02.2018

FINLAND: Preparing to implement the GDPR

The EU General Data Protection Regulation (GDPR) entered into force on 24 May 2016 and EU Member States are required to implement the Regulation from 25 May 2018. While the Regulation will be binding in its entirety and directly applicable in all Member States, there is a margin of maneuverability for Member States to specify their own rules or to restrict them via national legislation.

Source: FINLAND: Preparing to implement the GDPR

>