Data permission

A data permission is the Incomes Register Unit’s decision on what data can be transmitted and disclosed from the Incomes Register to each data user. Each organisation that uses the Incomes Register must have their own data permission. The data permission consists of an administrative decision and attachments to the decision, defining the organisation’s data access profiles, data user roles and services.

The data access profile is an accurate description of what individual data can be disclosed to a data user and for what purposes. The right to obtain data from the Incomes Register is based on law. The data access profile and its content are defined in the data permission.

The use of the Incomes Register’s data is subject to a valid data permission. Every organisation that uses the Incomes Register must submit a report to the Incomes Register Unit for a data permission, regardless of whether the organisation is using the Incomes Register’s data via an interface or the e-service.

The data permission must be changed if the Incomes Register’s data content is changed so as to affect data permissions, such as new income types are added. Usually, data content changes are made once a year, and often because the legislation that regulates the use of the Incomes Register’s data is amended.

Does the data permission need to be in effect before testing?

No production data permission is required to test the Incomes Register. Read more about testing.

How are organisation’s data access rights monitored?

Data is only disclosed on the basis of valid data access rights based on law and only to parties defined in the act on the incomes information system (laki tulotietojärjestelmästä 53/2018). Data access profiles define the data disclosed to organisations by group in accordance with different purposes and situations of use. Only data that is necessary by law in the case at hand or the task being carried out can be disclosed at each time.

How are individuals’ access rights monitored in the Incomes Register’s e-service?

The access rights of organisations’ employees are limited in the Incomes Register’s e-service by means of data user roles. One or more data access profiles of the organisation have been attached to each role. The roles are intended for different work-related tasks, and they can be used to view different data and make searches using different search terms. A single person may have several different roles.

The data access profile and the user’s role together define what data is shown to the person and what search terms can be used to search for data. Log data is generated on users’ activities in the e-service, using which organisations can monitor the use of the Incomes Register’s e-service in their organisation. Log events are generated, for example, when a user logs in to the Incomes Register or attempts to log in, and when they search for or view data.