Information security policies and terms

Legislation, policies, and terms related to information security and applied to students and employees of the university and operations at the university are compiled on this page.


Finnish legislation defines general preconditions for the production, administration, and users of IT services and the rights and obligations of both groups. The key laws related to the use of information technology and IT services are:

  • Criminal Code (19.12.1889/39)
    The Criminal Code acts as a basis for other legislation by describing the criminal offences and their punishments; chapter 38 describes crimes related to information and communication.
  • Personal Data Act (22.4.1999/523)
    The Personal Data Act covers gathering, processing, and storing of personal data. Due to the nature of its operations, the university has to process a great deal of personal data, which is why the Personal Data Act is used as a guideline in several operations. The obligations of the Personal Data Act are the reason why user accounts cannot be granted and forgotten passwords cannot be changed without confirming the ID of the account holder.
  • Information Society Code (917/2014)
    The objective of the Act is to foster the supply and use of electronic communications services and to ensure that everyone across Finland has access to communications networks and services at reasonable conditions.
  • Act on the Protection of Privacy in Working Life (13.8.2004/759)
    Act on the Protection of Privacy in Working Life covers the privacy of individuals in relation to their employer. The issues covered by the act also apply to students in some degree due to their close connection to the university.


Information security policy

Legislation defines the general acceptable norms and obligations on which the information and information technology-related policies of the University of Helsinki are based.

  • University of Helsinki information security policy
    The information security policy acts as a framework for the information security operations of the university, defining its objectives, obligations and methods of implementation.
  • Privacy protection at the University of Helsinki
    In issues related to privacy protection, the privacy protection group of the University of Helsinki acts as the highest organ, promoting and coordinating the management of privacy protection issues in university operations.

Information security rules and regulations

The information security rules and regulations for the students and employees of the university can be found in Flamma. In addition, the users of university online services must approve the terms of use and administration of information systems before using university online services.

The FUNET terms of use apply to the use of university backbone connections. The rules apply to all those using a network connection in some manner, including individual students when using the data communication connections of the FUNET member organisation. See the rules.