The rights and obligations of telecoms operators
A telecoms operator must maintain the information security of its network and communications services by ensuring:
- operating security
- communications security
- hardware and software security
- data security.
Operators are not required to take unreasonable measures for ensuring information security as long as the measures are commensurate with:
- the seriousness of threats
- the level of technical development
- the costs.
FICORA may issue further regulations to telecoms operators regarding the information security of network and communications services or of data retention.
Information Society Code(sections 243, 247 and 272, in Finnish)
In order to prevent information security violations and to ensure information security, a telecoms operator has the right to:
- prevent the conveyance and reception of messages
- remove from messages malware that pose a threat to information security
- take any other comparable technical measures in its communications network.
An operator may undertake these measures only if they are necessary for safeguarding the network or communications services or the communications ability of a message recipient. The measures taken to ensure information security may not limit freedom of speech or the protection of privacy any more than is necessary.
Information Society Code(section 272, in Finnish)
A telecoms operator must immediately notify its customers and FICORA of significant information security violations or threats to information security in the services and of anything else that prevents or significantly interferes communication services.
A telecoms operator also has to notify its customers of:
- measures available to customers for protecting themselves against the information security threats discovered identified and the costs of such measures
- sources of further information on the threats.
Information Society Code (sections 274 and 275, in Finnish)