Data protection breach at the Heikinharju reception centre in Oulu
The personal data of asylum seekers who lived in the Heikinharju unit of the Oulu reception centre in 2017–2021 have been affected by a breach of data protection, in which certain other Finnish authorities could have seen customers’ personal data in two appointment calendars.
Calendar entries contained minimal information
The visibility of two appointment calendars was too extensive in the period from early 2017 to late 2021. Other authorities could see data associated with health-related appointment entries, among other things. Such data included the person’s name and the COVID-19 vaccination time. However, other authorities could not see more detailed data about the treatment given to the customer, for instance.
When the breach was detected, the visibility of the appointment calendars was immediately restricted as appropriate.
The data protection breach requires no action from you
It is estimated that the data protection breach concerned 105 customers, who are directly identifiable from the appointment entries. The entries contained minimal information and the only data disclosed were the topic and time of the appointment made.
The Finnish Immigration Service has submitted a notification of a personal data breach to the Office of the Data Protection Ombudsman. The Data Protection Ombudsman ensures that personal data are processed in Finland according to law and that people’s right to data protection is realised.
We apologise for the incident.
What does a personal data breach mean?
A personal data breach means, for instance, that your personal data can be seen by an authority not entitled to see them.
You can get more information by contacting the Finnish Immigration Service’s contact person (e-mail contact recommended):
- Oulu reception centre, email@example.com, tel. +358 295 463 128
- Finnish Immigration Service’s data protection officer, firstname.lastname@example.org, tel. +358 295 433 431 (exchange)