Data security and privacy

The foundation of our business is customer trust, well-functioning services and data security.

We are compliant with  a high level of data security in all our operations.

We define in our security policy the principles, roles and responsibilities that we follow in our data security development, maintenance and monitoring. Polices obligate both all Elisians  and through contracts also our vendors and subcontractors.

Managerial board of security does the decisions concerning to information security and  privacy. In addition they supervise the management of main key security risks. Elisa’s security organisation is responsible of securing continuous development and implementation of our security operations.

We conduct  regular data security scans and inspections in our systems. We seek to identify any attempt of data security violation at the earliest possible phase and to repair recognised vulnerabilities or other threats. There is a  separate operating model for the management of data security disturbances and exceptional situations. We inform about measures that are related to the data security of our services using  most appropriate manner, for example on our website or through customer bulletins. We also report incidents to the authorities.

Privacy

Ensuring the confidentiality of communication, protecting the privacy of individuals and verifying online security are crucial issues for us.

Elisa’s privacy group is responsible of providing guidance, supervision and support in privacy protection related topics. In addition they ensure that register description about our customer registers are up to date.

Privacy protection covers content of a communication, information about communication parties, and all personal data that is given out during online interactions or collected by any organisation.

We conduct regular trainings for our employees and partners about privacy and security.  They all are obligated to comply with our privacy policies and instructions. We supervise fulfillment of privacy by screening and analysing the data of our logfiles generated from our data services and by ensuring up-to-date stationary information. 

Elisa’s business units have the primary responsibility to ensure data privacy of their products and services. Processing personal data is regulated by Finnish law and by instructions and guidelines of authorities. We  disclose customer information only to the authorities or other telecommunication companies  within the limits of legislation and in accordance with the description of our register description.

Cooperation and services to enhance cyber security

Cyber risks combine events affecting data systems and the physical world in new kinds of threats to the functioning of the general public, companies and society as a whole.

Preparation and prediction are key issues in managing cyber threats. As a provider of nationally critical infrastructure, we design and implement our systems keeping in mind the  continuity and security. Therefore cooperation with authorities and other companies and business organisations is important to ensure both standby and readiness capability  and development of cyber security.

We monitor the functionality of our systems 24/7 to enable to both detect and manage disturbances, like of denial service attacks. In abnormal circumstances, we aim to inform customers and authorities as efficiently as possible.

By  detecting disadvantageous connections on the basis of the information we have detected or received otherwise, we are able to inform our customers of the malware infections and we urge them to clean up their devices.

We provide services for our customers which enable them to be more prepared for harmful circumstances, to manage their cyber risks and situations.

The use of mobile network is safe

There are several finalised and ongoing international academic studies about safety of the radiofrequency radiation generated from base stations and mobile phones. Base on study results independent expert panels have concluded that at present there is no evidence that  exposure below current maximum values would cause verified harmful health effects.

In Finland, the safety of the mobile phone networks is monitored by the Radiation and Nuclear Safety Authority (STUK), whose decisions and regulations are based on scientific research findings. In Estonia the authority is The Environmental Board of the Environmental Ministry.

We follow actively related international research and instruction given by authorities. In addition we participate to the cooperation with industry to mitigate the harmful effects of radiofrequency radiation by e.g. careful planning of base station locations.  We are expert member on the Electromagnetic Fields (EMF) advisory board.

Reliable information about the subject is available, for example, at the following addresses:

  • STUK - Radiation and Nuclear Safety Authority: www.stuk.fi  
  • International Commission on Non-Ionizing Radiation Protection (ICNIRP): www.icnirp.org
  • World Health Organisation: www.who.org/emf

In Finland, the safety of mobile phone networks is monitored by STUK - Radiation and Nuclear Safety Authority, the decisions and regulations of which are based on numerous scientific research findings. Elisa complies with laws and regulations in all its activities.

More information (in Finnish) about the health effects of mobile communications is available at www.mobiilijaterveys.fi