Secure data

The starting point for data protection is to recognise and minimise the risks regarding data protection.

The aim of data protection is to secure the services of Asiakastieto and the accessibility, accuracy and confidentiality of data in normal as well as in abnormal situations. Data protection in Asiakastieto is comprehensive and constantly upgraded.

What is Asiakastieto's data protection policy like?

 Asiakastieto’s data protection policy

Data protection policy has been approved by Asiakastieto's Board on April 25, 2017.

Data protection means securing data, data systems, services and data transmission with administrative, technical and other measures. The aim of data protection is to secure the accessibility, accuracy and confidentiality of data in normal as well as in abnormal situations.

The operations of Suomen Asiakastieto Oy (AT) are based on gathering, controlling, refining and reliably delivering data to customers. Several laws, customers and stakeholders place certain demands on AT’s operations and data handling regarding data security. That is why it is vital to take data protection seriously in all the services and business processes of AT.

Data protection awareness of staff is promoted and maintained by notifying the staff and training them annually. Guidelines regarding data protection are available to all the staff members via AT intranet.The data protection expert makes sure the guidelines are up-to-date.

How is my personal data protected?

Asiakastieto's acces management

Access management has been defined as rights to see, handle and edit personal data. These rights are given to persons who, as a part of their job, have the necessity to handle the data. The principles of access management have been outlined in a separate document.

In addition, accessing the data has been separately defined for softwares and technical devices, such as firewalls and servers. The usernames and access rights are personal and in accordance with the job descriptions. When a person stops working for Asiakastieto, the access rights are removed. Access to the AT premises is granted only by personal access pass.

The customers also have personal usernames. The definition of the access rights of customers is always based on the customers' needs. If access to credit information is granted, the customer must have a use for that information as defined in the Credit Information Act.

How is the data protected?

Technical architecture and data checks

The service environment has been designed to be as fault-tolerant as possible for devices, networks, servers and services. Service connection has been secured by duplication: if the primary connection is lost, the back-up connection will automatically be deployed.

Trustworthy automated checks play a major role in minimising serious malfunctions and in recovering from malfunctions. The virtual environment is automatically checked. IT service group will monitor the checks.

Production, testing and development networks are separate entities. The internal systems can only be accessed via intranet or a secured remote access and a strong authentication.

As a part of data collection, Asiakastieto makes several checks to ensure the accuracy of the data.

 

How is data transfer protected?

Data transfer protection

Networks and service systems have been protected by firewalls. Traffic from public networks is limited only to the necessary addresses and portals.

Network traffic is monitored. Public networks always use TSL/SSL to secure data. Asiakastieto uses an encrypted SFTP protocol when transferring data.

How can I send/receive encrypted email?

Sending encrypted emails

Emails must always be encrypted when sending personal identity numbers.

Encrypted emails can be sent through Asiakastieto's website. Asiakastieto will not accept unencrypted emails containing personal identity numbers.

By clicking the image below, you can access the encrypted email programme provided by Asiakastieto.