Skip to Content

Did your organization experience data breach or a data leak? You can now get compiled operating instructions on the web service

Publication date 2.12.2021 12.00
Press release

The Digital and Population Data Services Agency has published an electronic guide on the web service for organisations affected by a data breach or data leak. The guide provides information to companies, communities and other organisations on how to act if they suspect that their organisation has been the victim of a data breach or if confidential information held by the organisation has been leaked to the public.

The web service guide, just published, provides advise on how an organisation should act at the time of an acute situation, how it can prevent additional damage caused by the situation and where it can find help to find out what happened. In addition, the guide provides useful advice on what to do after the crisis in order to prevent it from happening again. The guide can also help you review how well your organization is prepared for data breaches. 

"From an organisational point of view, a data breach or a data leak also presents something of a crisis which usually comes as a surprise. In this situation, the organisation is faced with enormous number of questions from concerned customers, the media and other parties," says Timo Salovaara, Deputy Director General of the Services Division of the Digital and Population Data Services Agency. 

"The situation is often as chaotic and unclear for organisations as it is for those who have suffered a data leak in their private lives. That is why we also wanted to alleviate the pain of organisations in such a situation. I hope that the guide we have published will help various organisations to act in such crisis situations and to prevent any further damage as effectively as possible," Salovaara says. 

Collaboration in the production of guides for citizens and organizations  

The now published guide is a continuation of a guide published in spring 2021, which provides instructions on what a private individual should do if he or she suspects that his or her personal data has fallen into the wrong hands. The guides have been published in Finnish, Swedish and English. 

Both guides have been largely based on the data breach of the Psychotherapy Centre Vastaamo, which resulted in extensive leakage of customers' personal data to the Internet in the autumn of 2020. As one of the further measures for dealing with a leak, the Board outlined that a service facilitating the action to be taken in the event of a data leak would be implemented. 

The Digital and Population Data Services Agency has planned a new guide in cooperation with the public administration and private sector organisations. The provision of services related to different situations requires both an understanding of customer needs and smooth cooperation across organisational boundaries.  

The Confederation of Finnish Industries, the Helsinki Chamber of Commerce, the Community Cyber Response Force KyberVPK, a voluntary organisation of Finnish cyber experts, the Cyber Security Centre under the Finnish Transport and Communications Agency Trafi, the Police, the Police University College, Suomen yrittäjät (a national, regional and local advocate for small and medium entrepreneurs), the Office of the Data Protection Ombudsman and the National Supervisory Authority for Welfare and Health Valvira were involved in the drafting of the guide. 

Further information 

Digital and Data Population Data Services Agency, Timo Salovaara, Deputy Director General +358 295 535 303, firstname.lastname[at]