In July 2024, the Government set up an independent investigation group in connection with the Safety Investigation Authority of Finland (Otkes) to look into the data breach. The group has completed the investigation and submitted their report to the Government on 17 June 2025.
Recommendations in the investigation report
According to the report, the data breach that targeted the City shows that data breaches require the public sector to adopt new ways to increase preparedness, improve communication, and prevent data breaches.
The investigation highlights four recommendations. The recommendations concern how to develop communication guidelines and the coordination and monitoring of data management as well as the guidelines surrounding data management. The recommendations also address improving the detection of gaps in the public administration’s data security and the ability to notice and fix them.
Link to the Otkes news story(Link leads to external service)
The City has increased its efforts to improve its data security and data protection
The recommendations that Otkes proposes are in line with the City’s ongoing measures and action plans.
The City has strengthened its ICT infrastructure and practices surrounding the data protection, maintenance, and management of its ICT services, and it will make great investments in data protection in the coming years.
The City has launched a security management project with goals such as clarifying security management responsibilities and methods and improving the risk and continuity management of critical data systems.
There is also an ongoing action plan to ensure data management, data security, and protection of personal data which applies to all divisions, departments and municipal enterprises.
