1. From information management to using and opening data

Information policy and data sharing

This part describes the significance using and opening data has for society as part of information policy.

Our society depends on data and information, operations and services that are created using the data. Societal actors possess enormous volumes of data, and data is constantly being generated and used in many ways. The strong digitalisation of society offers completely new opportunities for sharing and using data while also presenting many types of threats and risks related to issues such as data protection, digital security and the misuse of data.

Background to information policy

Information policy Jointly agreed principles and policies on the methods and procedures for producing, acquiring, moving, opening, sharing, using, maintaining and storing information. Source: Finto information policy

Finland's goal is to enable the efficient, safe and ethical use of information in our society. This is why a memorandum titled Finland needs an information policy (in Finnish), was prepared under the Ministry of Finance's leadership in 2017. It lay the foundation for information policy as a new policy sector. Shortly after this, a report titled Ethical information policy in the era of artificial intelligence(in Finnish, pdf) was completed and submitted to Parliament in December 2018 by Prime Minister Sipilä’s Government. In this report, information policy was examined not only from the perspective of information management but also from the viewpoints of the prerequisites for using information, underlying values, ethical principles and economic impacts. The report serves as a policy and knowledge base on the basis of which measures can be prepared in the future.

Information policy describes the policy measures that enable efficient, secure and ethical collection and use of information. Among other things, information policy promotes the collection, opening, pooling, sharing and storage of information and strengthens data protection and information security while respecting people's rights and freedoms. The value cycle of data, in which information policy measures can be used to increase the economic and social value of data for individuals and society, can be regarded as the foundation of information policy. Information policy also helps to formulate the positions on the basis of which Finland aims to influence the international operating environment, commitments and regulation of data use.

The goals of Prime Minister Marin’s Government Programme (10 December 2019) include adding depth to the management of information policy and making openness the overarching principle of information policy. The Opening up and using public data project initiated by the Ministry of Finance for 2020–2022 contributed to the attainment of these objectives, among other things by drafting a proposal on the strategic objectives of using and opening data. The purpose of the strategic objectives and the measures through which they are achieved is to support the public administration in using and opening data through common, cross-cutting objectives and actions.

Strategic objectives of using and opening data

The strategic objectives of using and opening data have been divided into four themes:

  1. Steering, coordination and cooperation
  2. Strategy and action
  3. Information management
  4. Enablers

Under each theme, the strategic objectives related to it are described. Each strategic objective has a main objective and sub-objectives that support it as well as long-term impacts that are aimed for by attaining the objective. 

Based on these strategic objectives, the Government adopted a resolution on using and opening data on 17 March 2022.

Read the Government Resolution (in Finnish).

Utilising and providing information in a proactive and diverse manner is stressed as one of policies in the Strategy for Public Governance Renewal, which will guide and support the renewal of the entire public administration in the 2020s.

Read more about information policy

Importance of knowledge management

This part describes the significance of knowledge management for the organisation and the preconditions that data sharing creates for it.

By investing in knowledge management, the organisation can improve its capabilities for preparedness and responsiveness as well as its decision-making and service provision processes.

It is important that organisations have capabilities for preparing for and responding to changes in society, the operating environment and their work as well as possible in order to secure their operations and to cope with situations of change. Different datasets help to anticipate and analyse changes. 

The Finnish way to examine knowledge management is to divide it into managing the information itself and management with the help of information. The word 'management' could also be replaced by steering. The public sector and central government rely on information for their activities. The ministries prepare matters, in other words manage information. Decisions are made on the basis of careful preparation: information is used for management. Consequently, both aspects of knowledge management are at play in everything. Everyone engaged in knowledge work is a knowledge manager, at least regarding their own work.

Knowledge management is often defined as systematic analysis and use of information in decision-making, but knowledge management as a whole includes not only the use but also the production of information, which is why this matter should be looked at more broadly. The precondition for using information and knowledge management is that the requisite information exists and is available in general. Consequently, it is impossible to make use of information unless the party producing the necessary information shares it with users. Any restrictions associated with data disclosure, contracts or information security and data protection must be taken into account when sharing data.

Knowledge management is about using information and integrating analysed information into decision-making.

The first step in the knowledge management process often is defining a problem or a goal. Next, the necessary information is mapped, collected and made available to the necessary extent, after which the information is used and analysed, and conclusions are made.

Read more information about the basics and practices of knowledge management 

Useful resources include:

At the practical level, knowledge management takes different forms. The method used depends on the organisation's structure, management practices and the way in which the organisation chooses to use information in its decision-making and operational development. Knowledge management can rely on both internal information generated in the organisation's own activities and external information, which may include information describing the operating environment. In the social welfare and health care sector, for example, information about the organisation's own activities is quite central.

The preconditions for knowledge management are rather good today, as public administration organisations are already widely sharing their public data, either as open data or on a contractual basis. At the practical level, however, the utilisation of data is often hampered by factors related to access, use or quality of the data.

Practical examples of knowledge management

State Treasury's Tietokiri project

Tietokiri led by the State Treasury was one of the projects aiming to promote a culture of knowledge management in public administration. The aim of the project was not only to create new services (including a shared data platform and analysis and reporting services) but also to make the results of knowledge management visible and share good practices. Networking and cooperation have been the cornerstones of these efforts, and besides the State Treasury, the participants have included the Ministry of Finance that guided the work, Finnish Government Shared Services Centre for Finance and HR Palkeet, Hansel, National Land Survey of Finland, HAUS Finnish Institute of Public Management Ltd and DigiFinland.

One of the most important objectives of Tietokiri was to aggregate data administrated by different actors in order to make more efficient use of it and to increase transparency in public administration. The shared data platform contains information on central government activities, finances and administration residing in the registers of joint service providers. The data platform also makes it possible to aggregate data collected from different sources, making it possible to generate new information. The benefits of compiling shared central government data are multiple: openness and transparency in administration are increased and a more uniform information architecture will improve predictability and comparability and, on the other hand, the collection of data will require less resources in the future.

Tietokiri has compiled different interesting examples of knowledge management to the website valtiolla.fi (in Finnish).

Government’s analysis, assessment and research projects

The Government's analysis, assessment and research projects produce information to support decision-making, knowledge management and practices. These activities are guided by the Government's annual assessment and research plan. The maximum duration of projects carried out following this plan is three years. The criteria for evaluating projects are their relevance, impact, usability, quality and feasibility. Read more about the Government’s analysis, assessment and research projects.

Tietojohtaminen association

Tietojohtaminen association promotes data-based value creation and the utilisation of information in decision-making and all societal activities. The association raises awareness of knowledge management, issues statements, provides training related to its field for public and private sector organisations, and publishes a blog and a journal titled Tietoasiantuntija.

Tietojohtaminen association's website (in Finnish).

Knowledge management network

Knowledge management network was established to disseminate information on good practices in knowledge management, especially in the social and health care sector, and to promote cooperation in the context of national knowledge management. The network provides up-to-date information on knowledge management themes in the form of blog posts, webinars and seminars.

Knowledge management network website (in Finnish).

Data and analytics expert network

The public administration's Data and analytics expert network is intended for those working with data and analytics and anyone interested in this theme. The purpose of the data and analytics expert network in public administration is to share experiences and advance competence. Its goals include creatively aggregating and visualising public administration data to develop knowledge management, to network and share best practices, and to promote cross-administrative cooperation.

Helsinki GSE Situation Room

Helsinki Graduate School of Economics (Helsinki GSE) established in April 2020 a Situation Room of economics, which provided information in support of economic policy decision-making for ministries and other public bodies during the coronavirus pandemic. The aim of the Situation Room was to provide more or less real-time information on developments in the business sector, the labour market and society as a whole. Helsinki GSE specialises in research and education in economics.

Data Room

Established in 2022, the Data Room is a unit of the Government Institute for Economic Research (VATT) focusing on fast-paced research that supports evidence-based decision-making. It works in close cooperation with Helsinki GSE and Statistics Finland. The Data Room was granted funding for three years, or from 2023 till 2025, by the Ministry of Finance.

NOVI Research Group for Information and Knowledge Management, University of Tampere

Research and education in information management have been conducted in the University of Tampere for more than 20 years. Its research in the fields of information system science (IS) and knowledge management (KM) is internationally recognised.

More information about NOVI Research Group for Information and Knowledge Management.

Key Finnish legislation

This part describes key legislation related to data sharing and data management in Finland.

When planning to share data, it is important to identify different regulatory constraints and obligations as early as possible, as they may affect the implementation of data sharing and selection of technical solutions. It is advisable to involve the organisation's legal experts and data protection officer in the assessment of these restrictions and obligations. 
In addition to EU obligations, Finland does not have more detailed national regulation on the opening of data. Instead, many organisations have started to share their information resources as open data either on their own initiative or as a response to a request for information. Read more about the obligations in the following chapter.

Act on Information Management in Public Administration

The Act on Information Management in Public Administration (906/2019, Public Information Management Act) and the acts associated with it entered into force on 1 January 2020. The Act promotes the harmonisation of information management, information security and digitalisation in the authorities’ activities.

The Act on Information Management in Public Administration lays down provisions on following the principle of openness and meeting the requirements of good governance in data management by the authorities. The Act contains provisions applicable to public administration at large on the organisation and description of data management, interoperability of information pools, information system interoperability, technical implementation of application programming interfaces and viewing access, and the implementation of information security. An Information Management Board of Public Administration was established pursuant to this Act. The task of this Board operating in conjunction with the Ministry of Finance is to assess and steer information management by State agencies and municipalities.

More detail has been added to the provisions of the Act in decrees on documents subject to security classification (Government Decree on the Security Classification of Documents in Central Government 1101/2019), the activities of the Information Management Board (Government Decree on the Public Administration Information Management Board 1338/2019), and the procedure for issuing statements on changes in information management applicable to central government authorities (Government Decree on Statement Procedure for Information Management Changes 1301/2019).

Implementing the Act is a task that belongs to all authorities and that is guided and supported in a systematic manner. The Public Information Management Act is only partly applicable to some actors; see section 3, Scope of application of the Act and restrictions to it.

Parties within the scope of application of the Public Information Management Act are:

  • State agencies and institutions
  • courts of law and committees established to handle appeals (in parts)
  • State enterprises
  • municipalities and joint municipal authorities (mainly)
  • Parliamentary organs (mainly)
  • Office of the President of the Republic of Finland (mainly)
  • independent institutions subject to public law (mainly)
  • universities (mainly)
  • universities of applied sciences (mainly)
  • parties performing public administrative tasks (in parts)

Find out more:

Source: Ministry of Finance, Public Information Management Act (in Finnish)​​​​

Act on the Openness of Government Activities

The Act on the Openness of Government Activities (621/1999) implements the principle regarding the openness of documents and information held by the authorities laid down in section 12 of the Constitution. Following the principle of openness, all information produced by the public administration is public unless there is a specific legal basis for its secrecy.

The Act on the Openness of Government Activities also contains provisions on the grounds on which documents may be secret. However, specific legislation applicable to a certain sector may also contain provisions on secrecy and publicity.

The authorities to which the Act on the Openness of Government Activities applies are defined in section 4 of this Act, under which authorities are defined as

  • State administrative authorities and other State agencies and institutions as well as State enterprises
  • Parliamentary agencies and institutions
  • courts of law and other bodies for the administration of law
  • municipal authorities and the authorities of well-being services counties and joint authorities for health and wellbeing
  • independent institutions subject to public law, including the Social Insurance Institution (Kela) and Bank of Finland
  • boards, consultative bodies, committees etc. appointed for the independent performance of a certain task on the basis of an Act, a Decree or the decision of an authority.

This list is not exhaustive, as the Act on the Openness of Government Activities may also be applicable by virtue of special legislation. Under section 30, subsection 2 of the Universities Act (559/2009), for example, activities pursued by the university and the student union are governed by the provisions of the Act on the Openness of Government Activities.

The Act on the Openness of Government Activities also applies to corporations, institutions, foundations and private individuals appointed for the performance of a public task on the basis of an Act, a Decree or a provision or order issued by virtue of an Act or a Decree.
The Act on the Openness of Government Activities applies to documents prepared or delivered to an authority. Under section 5 of the Act, a document refers to not only conventional documents on paper but also to information, data sets and messages in electronic format.

When a document is requested from an authority, the authority must, as a rule, disclose the document or decide that the document will not be disclosed without delay and as soon as possible. The decision should be made within two weeks of receiving the request, except in special cases where the matter must be resolved within one month. If the authority decides not to disclose the document, a written decision that can be appealed must be made on this.

If the full document is not secret, disclosing it may be possible, for example by deleting or covering secret information.

The Act on the Openness of Government Activities also contains provisions on the requirements and obligations applicable to the provision of information by the authorities and the manner in which access to documents is provided. An authority is obliged to assist those requesting access in finding the information, such as specifying the document to which access is required. The authorities must also promote the openness of their activities and, where necessary, produce guides, statistics and other publications, as well as information materials on their services and practices, as well as on the social conditions and developments in their field of competence.

Find out more:

Archives Act

The Archives Act (831/1994) lays down provisions on archiving and its organisation as well as the obligations of records creators. An archive comprises documents that have been delivered to the records creator because of their tasks or that were created in connection with the records creator's work. In this context, a document has the same meaning as in the Act on the Openness of Government Activities above.

The Act applies to the following records creators:

  • State agencies, institutions, courts and other judicial bodies as well as other State authorities,
  • municipal authorities and bodies as well as the authorities and agencies of a wellbeing services county and joint authority for health and wellbeing,
  • the Bank of Finland, the Social Insurance Institution of Finland, other independent institutions subject to public law and universities,
  • enterprises of the State, wellbeing services counties and municipalities, and
  • the Orthodox Church and its parishes (separate provisions apply to the Evangelic Lutheran Church).

In addition, the Archives Act applies to other organisations or individuals when they perform a public task pursuant to an Act or a Decree or a provision or regulation issued by virtue of an Act or a Decree, to the extent that they generate and acquire documents referred to in the Act on the Openness of Government Activities as a result of this task.

The records creator must determine how the responsibility for and the planning and practical management of its archive activities are arranged. The records creator must define the storage periods and methods for the documents accumulated as a result of the performance of their tasks and maintain a filing system for them. When determining the storage periods of documents, any separate statutes or regulations on them must be taken into consideration. The National Archives of Finland determines which documents and information related to them must be preserved permanently.

The task of the archives service is to ensure the usability and preservation of documents, to provide an information service related to documents, to determine the preservation value of documents and to destroy unnecessary documents.

Archives services must be managed ensuring that

  • they support the performance of the records creator’s tasks
  • they support the right of individuals and organisations to access public documents
  • the legal protection and data protection of individuals and organisations has been duly accounted for
  • the availability of documents related to the legal protection of individuals and organisations has been ensured
  • the documents serve as information sources for research.

The requirements of the archive services must be addressed in the records creator’s information and document management.

The Archives Act also contains further provisions on the preparation, preservation and use of documents. For instance, documents must be preserved so that they are safe from destruction, damage and unauthorised use. Documents that are not subject to long-term preservation must be destroyed after the specified storage period, safeguarding data protection.
Find out more:

Legislation on processing personal data

The cornerstone of the legislation on processing personal data and data protection is the General Data Protection Regulation of the European Union, or Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

The General Data Protection Regulation (GDPR) imposes strict requirements for the collection, storage and control of personal data on companies and organisations. These requirements apply both to European organisations that process personal data concerning persons in the EU and to non-EU organisations that process data concerning persons residing in the EU.

Personal data are information concerning an identified or identifiable natural person which may include their name, personal identity code, address, internet protocol address, passport number or income information. However, it may be possible to anonymise data and datasets, for example by technical measures, ensuring that they no longer contain personal data.

Under the GDPR, personal data must be processed lawfully, fairly and transparently. Personal data must be accurate and, where necessary, kept up to date. The GDPR also lays down provisions on the data subject's right to demand rectification of incorrect personal data concerning them.

Consequently, under the GDPR personal data must always be processed lawfully and for a certain lawful purpose, and only the data needed for this specific purpose may be processed. Data may not be processed for a purpose or in a manner that is incompatible with that purpose. Data processors must also ensure that, in order to process personal data, they fulfil one of the bases defined in the GDPR, including:

  • the data subject's consent,
  • compliance with a legal obligation,
  • protection of the data subject's vital interests, or
  • exercise of official authority or performing a task carried out in the public interest.

As a basic premise, the last mentioned is the grounds for processing personal data in a public authority's tasks. The processing of personal data is regulated under a national act, which defines how and for what purpose each type of data can be processed. Guidance on this matter is also provided by the practice of the parliamentary Constitutional Law Committee. The entry into force of the General Data Protection Regulation has consequently led to the passing of a great deal of national special legislation. Regulation that provides a legal basis for the processing of personal data may also be included in some other Act, rather than necessarily laid down in a separate piece of legislation.

Personal data must also be processed in a manner that is sufficiently secure and protected. Various measures should be taken to prevent unauthorised or unlawful access to the data and to avoid accidental destruction or loss of the data. In this respect, regulation on data protection and information security are also close to each other.

The General Data Protection Regulation is an extensive and significant piece of legislation that cannot be discussed exhaustively in this context. The GDPR obliges organisations that process personal data on a large scale to appoint a data protection officer (mandatory in public administration), whose task is to provide advice on different data protection issues and supervise the processing of personal data.

The GDPR has been supplemented with the national Data Protection Act (1050/2018), which defines the tasks and competence of the Data Protection Ombudsman and lays down more detailed provisions on certain special situations, including the processing of personal data for journalistic, artistic or scientific purposes, and the processing of personal identity codes.

Find out more:

Other legislation

Besides the statutes discussed above, other pieces of legislation may also be relevant to the opening of data. This may include legislation that applies to the activities of a certain authority or the performance of a certain public task, or it may be other legislation laid down to fulfil an international obligation or implement an EU directive, for example. EU obligations related to opening data are described in the next chapter.

In addition to the General Data Protection Regulation, a wide range of other European Union legislation on disclosure and movement of data exists or is being planned that may be directly applicable without separate implementation, including the Data Governance Act, the negotiations on which in the EU were concluded in 2022 and whose implementation in the Member States is expected to begin in 2022.

Data sharing obligations

This step provides a concise description of key obligations related to sharing public administration data in Finland.

The sharing of public administration data as open data in Finland is based on EU obligations. More extensive efforts to promote the opening of data in Finland began in around 2009, for example by various working groups set up, and a short while later by means of goals recorded in the Government Programmes.

Open data is machine-readable data in digital format that is freely available to everyone for any purpose as long as its original source is acknowledged.

General legislation

General legislation contains general provisions on certain activities, such as data sharing, to which detail is added in special legislation. 

Directive on open data and the re-use of public sector information

Background to the Directive on open data and the re-use of public sector information

Directive 2003/98 (EC) of the European Parliament and of the Council on the re-use of public sector information (the PSI Directive) was adopted on 17 November 2003. The PSI Directive laid down provisions on the re-use of public sector information, under which all public information produced by the public sector should, as a rule, be freely available to users free of charge. This Directive was part of the eEurope 2002 Action Plan drawn up by the Commission to create a Union-wide framework for the use of public sector information. As Finland’s national legislation already covered the minimum regulation under the PSI Directive, in particular in the Act on the Openness of Government Activities (621/1999) and the Act on Criteria for Charges Payable to the State (150/1992), the Directive did not require any amendments to national legislation at that time.

In June 2013, the European Parliament and the Council adopted Directive 2013/37/EU on amending Directive 2003/98/EC on the re-use of public sector information. The amendment made some further public sector datasets available for re-use and added detail to the presentation and pricing of the data. The scope of the PSI Directive was also extended to museums, libraries and archives.

Finland notified the Commission of the implementation of Directive 2013/37/EU in October 2015 and June 2016 and made reference to the national legislation, including the Act on the Steering of Information Management in Public Administration (634/2011). In October 2019, a third notification was submitted to the Commission regarding Article 5(1) of the Directive, announcing that the Act on Information Management in Public Administration (906/2019, later referred to as the Public Information Management Act) would replace the Act on the Steering of Information Management in Public Administration.

In April 2018, the Commission published its Staff Working Document SWD (2018) 145 and proposal COM (2018) 234 on the Directive on re-use of public sector data (recast). The recast Directive on open data and the re-use of public-sector data 2019/1024/EU, or the Open Data Directive, was adopted in June 2019. 

Purpose of the Directive on open data and the re-use of public sector information

The purpose of the Open Data Directive is to promote the re-use of all public sector data for commercial and non-commercial purposes. The directive is about the practices and procedures of data re-use. It is based on Union and national access regimes, which it does not interfere with.

Key amendments introduced in the recast directive are

  • expanding the scope of the directive to documents held by public undertakings operating in certain industries,
  • expanding the scope to research data stemming from public funding,
  • stricter restrictions on the conditions and exclusive arrangements for the re-use of documents, and
  • regulation on high-value datasets.

In addition, the directive imposes an obligation of using APIs to provide access to data updated frequently and in real time (dynamic data) and to high-value datasets.

What are high-value datasets?

High-value datasets have important benefits for society or the economy, and they are subject to higher access requirements than other datasets. The Commission is empowered to adopt delegated acts and implementing acts. Under delegated acts, Annex I of the directive may be amended by adding new thematic categories of high-value datasets to it, and the implementing acts lay down a list of specific high-value datasets belonging to these categories and the arrangements for their publication and re-use. 

Implementation of the Open Data Directive in Finland

The directive was implemented nationally on the basis of the available regulation in July 2021 (see He 74/2021 vp, which is also quoted in this Chapter where applicable). Regarding public authorities, amendments were made to the Public Information Management Act (710/2021) and the Act on the Openness of Government Activities (711/2021). The European Commission will define separately the so-called high-value datasets that must be shared as open data, through APIs and free of charge in the delegated acts supplementing the directive. At the time of the writing of this document, no such delegated acts have yet been adopted.

In addition to the authorities, the Open Data Directive applies to certain data of companies in which public sector bodies exercise a dominant influence, which resulted in the passing of the Act on Re-use of Data Held by Companies Providing Certain Public Services (712/2021). In addition, the directive provides for access to research data stemming from public funding. These provisions were enacted in the Act on the Re-use of Research Data Sets Produced with Public Funding (713/2021).

Read more:

General Data Protection Regulation

The EU’s General Data Protection Regulation (2016/679) was adopted in 2016, and in 2018, it was complemented with the national Data Protection Act (1050/2018). The GDPR resulted in large-scale measures aiming to ensure privacy protection in our society.

Vuonna 2016 annettiin EU:n tietosuoja-asetus, General Data Protection Regulation (2016/679)(pdf), ja vuonna 2018 sitä kansallisesta täydentävä tietosuojalaki (1050/2018). Tietosuoja-asetus aiheutti mittavia toimenpiteitä yhteiskunnassamme yksityisyydensuojan varmistamiseksi.

Special legislation

Special legislation supplements and adds detail to general legislation. The following section describes special legislation relevant to data sharing.

Legislation on spatial data

The EU’s INSPIRE Directive (2007/2/EC) aiming to improve the use of spatial data, increase cooperation between authorities and create diverse services for the public was adopted in 2007. In Finland, provisions implementing the INSPIRE Directive are laid down in the Spatial Data Infrastructure Act (421/2009) and the Spatial Data Infrastructure Decree (725/2009).

Read more:

Legislation on forest data

In 2018, an amendment to the Forest Information Act stemming from a change in EU environmental directives was passed. This meant providing open access to most of the data collected by the Finnish Forest Centre in electronic format.

Act on the Forest Information System of the Finnish Forest Centre (in Finnish)

Legislation on transport data

In 2010, the ITS Directive (2010/40/EU) was adopted, which contained rules on the deployment of intelligent transport systems in road transport and interfaces with other modes of transport. The delegated acts have entered into force gradually from 2013 on. A specific report has been prepared on the national implementation of the ITS Directive (pdf, in Finnish).

The Act on Transport Services (320/2017), which contains provisions on the interoperability of data and information systems as well as the deployment of intelligent transport systems related to the ITS Directive, was passed in 2017. 

Secure sharing of sensitive data

Example of promoting the secondary use of social and health data

A separate Act on the Secondary Use of Social and Health Data (Secondary Use Act, 552/2019 (in Finnish)) has been passed in Finland. The objective of the Act on the Secondary Use of Health and Social Data is to enable the efficient and secure processing of personal data stored for the purposes of steering, control, research and compilation of statistics in the social welfare and health sector. The aims of the Act also include safeguarding individuals’ legitimate expectations as well as rights and freedoms related to the processing of personal data. Secondary use of social and health data means that client and register data generated in social welfare and health care activities are used for other than the primary purpose for which they were originally stored.

The Finnish Social and Health Data Permit Authority Findata was established pursuant to the Secondary Use Act (findata.fi). The Data Permit Authority issues data permits when data held by several different controllers, data stored in Kanta services or the register data of a private social welfare and health care service provider are needed. Findata offers controllers who possess the datasets an advisory service, support for preparing metadata descriptions, an anonymisation service and a permit processing service on behalf of controllers. 

Additional information on the Secondary Use Act on the website of the Ministry of Social Affairs and Health.

Organisation of information management

This part describes how an organisation falling within the scope of the Public Information Management Act should organise its information management. For a more general discussion of the Public Information Management Act, see the previous step.

The concepts of information management entity and its management body as well as the responsibilities of the management body are first discussed briefly. This section also offers useful links to examples of how information management can be organised and what the first steps are.

Information management act of arranging knowledge processes in a way that the availability, discoverability and utilisation of data for different purposes can be ensured for the lifespan of the data. Source: Information management Finto.

Management body of an information management entity

An information management entity refers to an authority who has a duty to organise its information management in compliance with the Public Information Management Act (906/2019). Information management entities include

  • State agencies and institutions;
  • courts of law and committees established to handle appeals;
  • Parliamentary organs;
  • State enterprises;
  • municipalities;
  • joint municipal authorities;
  • independent institutions subject to public law;
  • universities referred to in the Universities Act and universities of applied sciences referred to in the Universities of Applied Sciences Act.

In the Public Information Management Act, the management body of an information management entity refers to the authority or public official responsible for the general management of the information management entity.

Table shows examples of actors who typically are responsible for leading the information management entity as referred to in the Public Information Management Act and for organising information management in information management entities.

Information management entity Management
State agency or institution Head of the agency, such as Director General or Permanent Secretary (ministries)
Municipality Municipal executives together with the municipal manager
Joint municipal authority The Board together with the Director of the joint municipal authority
Courts Chief judge
Committees established to handle appeals Chairperson
Parliamentary agencies Head of the agency
State enterprises State enterprise's Board of Directors together with the Managing Director
Independent institutions governed by public law Institution's Board together with the Director
Universities University board together with the Rector
Universities of applied sciences Board together with the Rector (CEO)

Responsibilities of an information management entity’s management body

Under the Public Information Management Act, responsibilities related to the organisation of information management are assigned to the management body of the information management entity. The management body must ensure that the responsibilities connected to the tasks relating to the implementation of information management have been defined and that adequate supervision of compliance with the information management obligations has been organised. The management body must also ensure that the entity has up-to-date instructions for the processing of datasets, the use of information systems, the data processing rights, the implementation of the information management responsibilities and for the rights of access to information, data security measures and preparedness for exceptional circumstances.

The management body must also make sure that the entity has training available to ensure that the personnel have adequate knowledge of the provisions, regulations and instructions of the information management entity in force relating to information management, data processing and publicity and secrecy of documents. Additionally, the management body must provide proper tools for implementing the obligations relating to information management. As part of providing proper tools the management body must ensure, when making procurements, that the interoperability of information systems and information pools can be implemented and that the application programming interfaces can be opened, at least in situations where this is required under the Public Information Management Act. Additionally, it must be ensured that technical interface data structures have been specified and that the API descriptions are available to the information management entity and actors accessing the data.

In connection with changes to information systems and interfaces, the interoperability of information pools and their usability when compiling and using data must be taken into consideration. The information management entity should also identify any needs and rights of other authorities or actors to use the data that can be accessed and assess the impacts of the change from their perspective.

For more information on the information management model, information management map and description to implement document publicity, see chapter 3 Identification of datasets.

Examples and additional information on the organisation of information management and the first steps