Authorities responsible for information security

FICORA monitors compliance with the Act on the Protection of Privacy in Electronic Communications

FICORA is responsible for monitoring compliance with the Act on the Protection of Privacy in Electronic Communications and other provisions and regulations adopted pursuant to the Act. These provisions concern for example the following matters:

  • the processing of identification data
  • the protection of communications and the decoding of such protection
  • the information security of communications and identification data.

Responsibility for national information security obligations decentralised

In Finland, several different authorities are responsible for our national obligations concerning information security.

The overall responsibility for international information security obligations lies with the Ministry for Foreign Affairs. It acts as the National Security Authority (NSA) which is responsible for:

  • steering national activities;
  • preparing international security agreements etc.;
  • supervising and monitoring that international classified information is protected and handled appropriately.

The Ministry of Defence, the Finnish Security Intelligence Service and the Defence Command of the Finnish Defence Forces are so-called Designated Security Authorities (DSAs).

FICORA acts as a Designated Security Authority and a National Communications Security Authority (NCSA), specialising in information assurance matters relating to classified information that is transferred or handled in an electronic format.

Data Protection Ombudsman monitors the processing of personal data

The Data Protection Ombudsman is responsible for monitoring the processing of personal data. The Ombudsman monitors compliance with provisions on the following matters:

  • the processing of location data
  • telephone directories and other subscriber directories
  • directory inquiries
  • direct marketing
  • the processing of employees' e-mail messages.

Issues concerning the confidentiality of communications and data traces left in a communications network fall within the powers of FICORA, while the Data Protection Ombudsman handles other matters related to the electronic processing of personal data. The division of duties between the two authorities is not clear-cut, and they may negotiate and co-operate in individual cases.

Finnish Competition and Consumer Authority and consumer advisory services

FICORA does not handle individual cases concerning contracts and compensations between operators and their customers. These disputes fall within the remit of consumer protection authorities.

The Finnish Competition and Consumer Authority (FCCA) supervises the legal protection of consumers, ensuring, for example, that the marketing of communications services complies with the law and that contract terms are fair. FCCA negotiates with stakeholders operating in the field and develops for the industry guidelines on compliance with provisions. It also gives consumers guidance and advice on billing problems and on changes in the terms and conditions of contracts. FCCA does not handle individual disputes.

Consumers can report to the Authority issues like the following:

  • inappropriate marketing
  • unfair contract terms
  • invoicing errors
  • poor customer service.

Consumer advisors and the Consumer Disputes Board handle disputes between consumers and companies. If you are unable to settle a matter with your operator, contact first the consumer advisory services. Consumer advisors give personal assistance and mediate in disputes. The Consumer Disputes Board handles disputes between consumers and companies and issues recommendations for resolving them.


When there is reason to suspect that a crime has been committed, the matter falls within the powers of the police. Data and communications offences include for example the following offences:

  • secrecy offence
  • message interception
  • interference with communications
  • computer break-in.

The above-mentioned offences are mainly complainant offences. This means that the police cannot begin investigations until the complainant, the injured party, reports the matter to the police and demands a punishment for the person who has committed the offence. A complainant is the party whose rights have been violated; for example, a person whose login details and passwords have been misused or a person or an organisation whose server the offender has used for obtaining unauthorised access rights.

Essential elements of IT crimes (in Finnish)

The Ethical Committee for Premium Rate Services (MAPEL)

MAPEL is not an authority but the self-regulatory body of telephone service providers. Its members represent the key interest groups of the telephone service market. MAPEL protects the interests of consumers on the telephone service market and establishes and maintains good conduct in the provision of telephone services. MAPEL can be contacted by anyone with questions about premium rate services. MAPEL handles complaints concerning the contents, marketing and billing of premium rate telephone and SMS services, issues decisions and recommendations on service production and marketing and is involved in international co-operation in protecting consumers' interests on the market for value-added services.

Key words: Information security , Data protection

Updated 03.03.2016

LinkedIn Print


The Finnish Communications Regulatory Authority (FICORA)

The National Cyber Security Centre Finland (NCSC-FI)

Itämerenkatu 3 A

P.O. Box 313


Media contacts by telephone +358 295 390 248