Data security and privacy

Our business is based on the trust of customers, well-functioning services and data security.

Ensuring the confidentiality of communication, protecting the privacy of individuals and verifying online security are crucial issues for us. We are compliant with  a high level of data security in all our operations.

We define in our security policy the principles, roles and  responsibilities that are followed in data security development, maintenance and monitoring. Polices obligate both all Elisa employees and through contracts also our vendors and subcontractors.

Managerial board of security does the decisions concerning to information security and  privacy. In addition they supervise the management of main key security risks. Elisa’s security organisation is responsible of securing continuous development and implementation of our security operations.

We conduct  regular data security scans and inspections in our systems. We seek to identify any attempt of data security violation at the earliest possible phase and to repair recognised vulnerabilities or other threats. There is a  separate operating model for the management of data security disturbances and exceptional situations. We communicate any measures related to the data security of our services in the most appropriate manner, on our website or through customer bulletins, for example. We also report incidents to the authorities.

Protection of privacy

Ensuring the confidentiality of communication, protecting the privacy of individuals and verifying online security are crucial issues for us.

Elisa’s privacy group is responsible of providing guidance, supervision and support in privacy protection related topics. In addition they ensure that register description about our customer registers are up to date.

Privacy protection covers content of a communication, information about communication parties, and all personal data that is given out during online interactions or collected by any organisation.

We have comprehensive privacy and data security  instructions and we train our employees and partners about privacy and security. They are obligated to comply with our  privacy policies and instructions. In addition to up-to-date statutory information we supervise our compliance in privacy by screening and analysing the data of our logfiles that are generated from our data services. 

Elisa’s business units have the primary responsibility to ensure data privacy of products and services. Processing personal data is regulated by Finnish law and by instructions and guidelines of authorities. We  disclose customer information only to the authorities or other telecommunication companies  within the limits of legislation and in accordance with the description of our register description.

Cooperation and services to enhance cyber security

Cyber risks combine events affecting data systems and the physical world in new kinds of threats to the functioning of the general public, companies and society as a whole.

Preparation and prediction are key issues in managing cyber threats. As a provider of nationally critical infrastructure, we design and implement our systems with continuity and security perspectives in mind.  We cooperate with authorities, other companies and business organisations in preparing and developing cyber security.

We prepare for special circumstances, for example, by verifying our network and systems, placing them in guarded premises and ensuring power supply in case of power failures. We cooperate closely to develop our functional capability in cases of major disruptions. We monitor the functioning of our systems 24/7 in an effort to be able to detect and manage special events, such as denial of service attacks. In special circumstances, we aim to communicate to the customers and authorities as efficiently as possible. We were the first operator to provide our customers with an interactive disruption map service in 2010.

For our part, we are responsible for the security of the Finnish network environment and cooperate with authorities and operators. Based on information detected or received from somewhere else, we recognise connections sending malicious traffic, inform our customers about malware-infections on their devices and prompt them to clean their device. Our customers may also purchase extra support, for example, for cleaning computers infected by malware.

Reliable authentication plays a key role in the majority of digital services. We have introduced increasingly strong authentication in our services and have developed strong authentication solutions, such as the Mobile Certificate in cooperation with other Finnish operators.

We provide our customers with services with which they will be able to prepare for special circumstances and to manage cyber risks and situations facing their activities. Key services include virus protection and firewall services, encrypted connections, encrypted server, storage and data centre services, filter services, prevention of denial of service attacks and snapshot systems providing status reporting of systems and supporting their management. 

The use of mobile network is safe

There are several finalised and ongoing international academic studies about safety of the radiofrequency radiation generated from base stations and mobile phones. Base on study results independent expert panels have concluded that at present there is no evidence that  exposure below current maximum values would cause verified harmful health effects.

In Finland, the safety of the mobile phone networks is monitored by the Radiation and Nuclear Safety Authority (STUK), whose decisions and regulations are based on scientific research findings. In Estonia the authority is The Environmental Board of the Environmental Ministry.

We follow actively related international research and instruction given by authorities. In addition we participate to the cooperation with industry to mitigate the harmful effects of radiofrequency radiation by e.g. careful planning of base station locations.  We are expert member on the Electromagnetic Fields (EMF) advisory board.

Reliable information about the subject is available, for example, at the following addresses:

  • STUK - Radiation and Nuclear Safety Authority: www.stuk.fi  
  • International Commission on Non-Ionizing Radiation Protection (ICNIRP): www.icnirp.org
  • World Health Organisation: www.who.org/emf

In Finland, the safety of mobile phone networks is monitored by STUK - Radiation and Nuclear Safety Authority, the decisions and regulations of which are based on numerous scientific research findings. Elisa complies with laws and regulations in all its activities.

More information (in Finnish) about the health effects of mobile communications is available at www.mobiilijaterveys.fi