We have discovered that some personal data concerning clients of Family Law Services was stored in such a way that too many employees within the Division could access it. Access to this data should have been restricted to only those professionals directly involved in the client’s case. The data was never accessible to anyone outside the Division.
The matter came to light when a Division employee raised a concern using our internal reporting system.
Who is affected by the breach?
The breach concerns parents and their children who were clients of Helsinki’s Family Law Services and for whom custody agreements were confirmed between 2012 and 2019. The data includes the names and personal identity codes of parents and children, information on custody arrangements, and in some cases, details about which parent the child resides with.
No action required from affected individuals
The data has now been secured with appropriate access controls, and only authorised employees may view it as part of their work duties. The breach is not expected to have any consequences for those affected.
No action is required from individuals whose data was involved. However, under the General Data Protection Regulation (GDPR), we are required to notify affected individuals of the incident. We have also reported the internal breach to the Office of the Data Protection Ombudsman.
If you would like more information about the breach, you may contact Family Law Services directly. You can also reach out to the City of Helsinki's Data Protection Officer with any data protection-related questions.
Family Law Services
Call hours: Monday to Tuesday 9.00–10.00
Phone number: +358 50 5720129 / +358 9 310 83316
Helsinki’s Data Protection Officer
Phone number: +358 9 310 1691 (switchboard)
Email:
tietosuoja@hel.fi(Link opens default mail program)