Kela does not process confidential data on public cloud computing platforms

Kela has updated its cloud computing policies. Under current legislation, Kela is barred from using public cloud computing platforms to handle confidential data. Kela is investigating various solutions for exchanging data with partners and stakeholders.

The migration of various services to cloud platforms requires Kela update its cloud computing policies. Kela handles customer data in compliance with the Act on the Openness of Government Activities and the Information Management Act. The key issues for Kela are privacy, data protection and managing the risks inherent in the processing of data.  Because of the extent of its operations and the nature of the data it processes, Kela does not currently use any public cloud computing platforms to process confidential data.

According to Ari Vähä-Erkkilä, chief information officer at Kela, the issue boils down to how Kela can comply with the legal requirements for processing data and make sure that it handles customer data responsibly.

Cross-agency collaboration required

Staff at Kela work together with a variety of partner organisations, including local authorities. Exchanging data with partners and stakeholders is important.  The seamless exchange of data is essential to ensuring a smooth customer experience.

Vähä-Erkkilä says that the Kanta Services are a secure means for transmitting data from Kela to pharmacies and other organisations. However, there are challenges when it comes to using public cloud-based communication and collaboration platforms.

Kela will evaluate the services it is currently using during the rest of 2021 and will make decisions on a case-by-case basis following a risk assessment. Kela wants to make sure that the cooperation with its partners can continue to work smoothly, responsibly and in a way that protects customer data.

In preparing its decisions, Kela has collaborated closely with a number of security authorities.