Published on 26 Jul 2016
Finland one first European countries to develop a specific legal frame for the misuse and / or theft of identity
Following a 2014 proposal on ID theft by the Finnish government, ID theft became law in Finland on the 4th September 2015. The aim of the ID theft law, HE 232/2014, is to meet the requirements arising from attacks against information systems (IS). HE 232/2014 addresses ID theft and a wide range of cybercriminal activities, including: The directive includes violation of the secrecy of communication (§3), aggravated communications secrecy violation (§4), interference with telecommunications (§5), aggravated interference with data traffic (§6), light interference with data traffic (§7), interference with information systems (§7a), aggravated interference with information systems (§7b), hacking (§8), and aggravated theft of information (§8a). ID theft is addressed in §9b of the Act and is defined as the unauthorized use of someone else’s personal or identification data or other similar data identifying the person by a third party causing financial harm or more than minor inconvenience to the person. In addition, it is also unlawful to use messages which can be associated with a subscriber or a user of service. For example, data collected in communication networks to transmit, distribute, or provide messages (e.g. IP addresses). An ID theft case is opened only following a complaint, for example, that another party is acting unlawfully in using a stolen, created, or administrated identity to mislead another party.