Data security and privacy

The foundation of our business is customer trust, well-functioning services and data security.

We are compliant with  a high level of data security in all our operations.

We define in our security policy the principles, roles and responsibilities that we follow in our data security development, maintenance and monitoring. Polices obligate both all Elisians  and through contracts also our vendors and subcontractors.

Managerial board of security does the decisions concerning to information security and  privacy. In addition they supervise the management of main key security risks. Elisa’s security organisation is responsible of securing continuous development and implementation of our security operations.

We conduct regular data security scans and inspections in our systems. We seek to identify any attempt of data security violation at the earliest possible phase and to repair recognised vulnerabilities or other threats. There is a  separate operating model for the management of data security disturbances and exceptional situations. We inform about measures that are related to the data security of our services using  most appropriate manner, for example on our website or through customer bulletins. We also report incidents to the authorities.


Ensuring the confidentiality of communication, protecting the privacy of individuals and verifying online security are crucial issues for us.

Elisa’s privacy group is responsible of providing guidance, supervision and support in privacy protection related topics. In addition they ensure that register description about our customer registers are up to date.

Privacy protection covers content of a communication, information about communication parties, and all personal data that is given out during online interactions or collected by any organisation.

We conduct regular trainings for our employees and partners about privacy and security. They all are obligated to comply with our privacy policies and instructions. We supervise fulfillment of privacy by screening and analysing the data of our logfiles generated from our data services and by ensuring up-to-date stationary information. 

Elisa’s business units have the primary responsibility to ensure data privacy of their products and services. Processing personal data is regulated by Finnish law and by instructions and guidelines of authorities. We disclose customer information only to the authorities or other telecommunication companies within the limits of legislation and in accordance with the description of our register description.

Read more:

Cooperation and services to enhance cyber security

Cyber risks combine events affecting data systems and the physical world in new kinds of threats to the functioning of the general public, companies and society as a whole.

Preparation and prediction are key issues in managing cyber threats. As a provider of nationally critical infrastructure, we design and implement our systems keeping in mind the  continuity and security. Therefore cooperation with authorities and other companies and business organisations is important to ensure both standby and readiness capability  and development of cyber security.

We monitor the functionality of our systems 24/7 to enable to both detect and manage disturbances, like of denial service attacks. In abnormal circumstances, we aim to inform customers and authorities as efficiently as possible.

By  detecting disadvantageous connections on the basis of the information we have detected or received otherwise, we are able to inform our customers of the malware infections and we urge them to clean up their devices.

We provide services for our customers which enable them to be more prepared for harmful circumstances, to manage their cyber risks and situations.