Data protection means securing data, data systems, services and data transmission with administrative, technical and other measures. The aim of data protection is to secure the accessibility, accuracy and confidentiality of data in normal as well as in abnormal situations.
The operations of Suomen Asiakastieto Oy (AT) are based on gathering, controlling, refining and reliably delivering data to customers. Several laws, customers and stakeholders place certain demands on AT’s operations and data handling regarding data security. That is why it is vital to take data protection seriously in all the services and business processes of AT.
Data protection awareness of staff is promoted and maintained by notifying the staff and training them annually. Guidelines regarding data protection are available to all the staff members via AT intranet.The data protection expert makes sure the guidelines are up-to-date.
In addition, accessing the data has been separately defined for softwares and technical devices, such as firewalls and servers. The usernames and access rights are personal and in accordance with the job descriptions. When a person stops working for Asiakastieto, the access rights are removed. Access to the AT premises is granted only by personal access pass.
The customers also have personal usernames. The definition of the access rights of customers is always based on the customers' needs. If access to credit information is granted, the customer must have a use for that information as defined in the Credit Information Act.
The service environment has been designed to be as fault-tolerant as possible for devices, networks, servers and services. Service connection has been secured by duplication: if the primary connection is lost, the back-up connection will automatically be deployed.
Trustworthy automated checks play a major role in minimising serious malfunctions and in recovering from malfunctions. The virtual environment is automatically checked. IT service group will monitor the checks.
Production, testing and development networks are separate entities. The internal systems can only be accessed via intranet or a secured remote access and a strong authentication.
Network traffic is monitored. Public networks always use TSL/SSL to secure data. Asiakastieto uses an encrypted SFTP protocol when transferring data.
Encrypted emails can be sent through Asiakastieto's website. Asiakastieto will not accept unencrypted emails containing personal identity numbers.
By clicking the image below, you can access the encrypted email programme provided by Asiakastieto.