Advanced Search

The Law On The Processing Of Personal Data In The Implementation Of The Sanctions

Original Language Title: Laki henkilötietojen käsittelystä rangaistusten täytäntöönpanossa

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now for only USD$40 per month.

Law on the processing of personal data in enforcement

See the copyright notice Conditions of use .

This law has been repealed by L 7.8.2015/1069 , valid from 1 November 2015.

In accordance with the decision of the Parliament:

Chapter 1

General provisions

ARTICLE 1
Scope of law

This law lays down, for the purpose of carrying out the duties for the enforcement of penalties and the other tasks of the Criminal Sanctions Agency, the Criminal Maintenance Office and the Department of Corrections, the keeping of the necessary identity records and other forms of Processing of personal data. Save as otherwise provided in this Act, the confidentiality and disclosure of personal data shall be governed by the law of the public authorities (18/09/1999) As well as other processing of personal data (523/1999) .

ARTICLE 2
Definitions

For the purposes of this law:

(1) Convicted Any person who has been sentenced by a court to a prison sentence, to the conversion of the fine or to the imposition of community sanctions;

(2) Prisoner A person who carries out a prison sentence or a fine for the conversion of a fine;

(3) Entering the penitentiary A person who has been imprisoned or otherwise taken under the law;

(4) The date A person who is authorised to visit a prisoner;

(5) An outside person Any person other than those referred to in paragraphs 1 to 3 who are authorised to reside in the territory of a penal institution;

(6) Carrying out community sanctions A person who is subject to a suspended sentence, a young offender, a juvenile delinquent or a person in prison for the purposes of supervision of a community service or a community service.

Chapter 2

Penalties for the implementation of penalties

ARTICLE 3
National identity records of the Criminal Sanctions Agency

In order to deal with the information referred to in this Act, the Criminal Sanctions Agency (registry administrators) shall, by means of automated data processing, maintain the information system of the criminal forwarding institution and the prison system.

The information system of the Criminally Maintenance Institute shall include a national register of penalties as a national register of persons.

The information system of the prison system includes the following national identity registers:

1) a register of implementation;

(2) a control and operational register;

3) a security repository.

The Criminal Sanctions Agency shall keep the following persons registers as referred to in Article 2 (4) and third persons referred to in paragraph 5:

1) a register of tapas;

(2) the register of meetings;

3) the register of cases.

§ 4
Identification details

The data subject to the register of community sanctions referred to in Article 3 (2) and the Prisons of Prisons referred to in Article 3 (3) shall be recorded as necessary for the identification of the data subject and shall be registered with the registered name, identification number, sex, Mother tongue, nationality, domicile and address and any identifying marks.

Data as necessary for the identification of the registrant and shall be used as a search identifier for the purposes of Article 3 (4) of the Criminal Sanctions Agency and the name and personal identification number of the register of meetings of the register of meetings and the Ministry of Business Registered name and date of birth.

In addition to the controller, the correctness of the information entered in the register shall be carried out by an operating unit of a criminal service or prison institution which has entered the register of information.

§ 5
Community register of sanctions

The Community Register of Sanctions contains the information necessary for the sentencing and enforcement of the community penalty for the person carrying out the community penalty. These data include:

1) criminal and judicial information;

(2) the conditions and other information relating to the supervision of juvenile offenders sentenced to a suspended sentence;

(3) the content and other information related to the implementation of the implementation plan for youth;

(4) the service plan and other information related to the implementation of the community service;

(5) the terms and conditions of the probation-free supervision and other surveillance data;

(6) the content and other information related to the implementation of the monitoring plan; (08.04.2012)

(7) Information relating to penalties, aptitude reports and other preparatory measures and opinions to be drawn up for the sanctions mentioned in paragraphs 2 to 6. (08.04.2012)

ARTICLE 6
Implementation register

The implementing register shall include the enforcement of the sentenced person, the prisoner and the sentence, as well as the information necessary for the execution of pre-trial detention. These data include:

1) criminal and judicial information;

(2) information on specific provisions regarding pre-trial detention;

(3) information necessary for the implementation of community sanctions other than those referred to in paragraph 1;

(4) information on the disciplinary measure;

(5) information on the start and end of implementation or implementation;

(6) other information necessary for the execution of prison sentences and for the execution of pre-trial detention.

§ 7
Surveillance and operating register

The control and operational register shall contain the information necessary for the maintenance of the institutional order and for the supervision and participation of the prisoner or penal institution. These data include:

(1) investment in prisons and prisons;

(2) organisation of supervision and maintenance of safety;

(3) compliance with the obligation to participate and participation in other activities;

(4) training, professional experience and social situation;

(5) the evaluation of work and performance and other evaluations carried out for the purpose of investing;

6. Links outside the penitentiary;

(7) preparing for release;

8) running away and unauthorized access to an open establishment, as well as the violation of the terms and conditions of exit, study and civil service licences, as well as the violation of the conditions attached to the establishment of an institution outside the penal institution;

9) disciplinary offences.

The information contained in a prisoner or a criminal detention facility may include information on persons other than the prisoner referred to in paragraph 1, including the maintenance of public order and the maintenance of security. Or to a penitentiary.

The control and operational register shall also include information on the implementation plan, as specified in the monitoring report, and any other information necessary for the implementation and monitoring of the monitoring report. (08.04.2012)

The control and operational register shall also include information on the content and conditions of the Supervisory Freedom Implementation Plan, the possible infringement of its obligations and its consequences, as well as other enforcement and monitoring of the probation freedom The necessary information. (23/03/2013)

§ 8
Safety data register

The Safety Data Register shall contain information on persons who have reason to suspect, in prison or in prison, or in order to establish or maintain prison security, for the purposes of the prevention and detection of crime in prison or in order to maintain institutional security:

(1) committed or committed a criminal offence punishable by imprisonment; or

2) contributing or contributing to a crime that may result in more than six months' imprisonment.

The register may also include information on other exceptional incidents at risk of safety and on events related to events.

§ 9
A registry register

For the purpose of maintaining law and order and security, a prisoner or a registry of persons authorised to meet a prisoner or a penal institution shall be kept in a case of a case of a case involving the collection of the following information, in addition to the individual information:

1) who the person is to meet;

2) the date of the meeting;

3) other information related to the meeting.

ARTICLE 10 (10/04/2013)
Visiting language register

The language register shall be kept for the purpose of maintaining public order and security. The register shall contain information on persons who have been given a (767/2005) in Chapter 13, Or pre-trial detention (768/2005) in Chapter 9, The meeting ban. The register shall, in addition to the identity of the person who has been subject to a meeting ban, collect information on the content and criterion of the non-meeting and the duration of the meeting ban.

ARTICLE 11
Dairy register

The register shall include information necessary for the maintenance of safety and institutional order from persons outside the meaning of Article 2 (5) who are authorised to move on the territory of the penitentiary in the course of work or other tasks. Or are otherwise authorised in a penal institution. The register shall, in addition to the personal details of the individual, be collected on a site-by-site basis for the purposes of the business and the time of the transaction.

ARTICLE 12
Organised repository

In addition to the national registers of the prison system referred to in Articles 6 to 11, where appropriate, in the penal institution, gather information on the control of the registry referred to in Article 7 In order to maintain and maintain public order. The register may be collected for the purposes of the necessary information relating to the supervision and operation of a prisoner or of a person who has been placed in a penal institution, such as information relating to the supervision of a person or prison, not to date. As regards the data to be deposited in the register, the degree of reliability must be recorded.

Once the information referred to in paragraph 1 has been provided, they may be transferred to the supervisory and operational register or to the safety data register. The information contained in the information register shall not be disclosed outside the Criminal Sanctions Agency or the Department of Corrections.

ARTICLE 13
Medical records of the institution of prisons

The healthcare services belonging to the Department of Prisons are each holding their own patient registers. The keeping of the patient register and the transmission and processing of the information contained therein shall be valid, as provided for in Article 18 and elsewhere in the law.

Chapter 3

Principles of data processing

ARTICLE 14
Treatment of sensitive information

Personal data relating to persons referred to in this Act may be collected and stored in respect of personal data intended to describe the person convicted, the prisoner or the sentenced person

(1) criminal acts, penalties or other criminal penalties;

(2) health, disease or disability, or treatment measures or comparable measures against him;

3) the need for social assistance or the provision of social services, support measures and other social welfare benefits.

In an individual case, with the explicit consent of the data subject, other sensitive information other than those referred to in paragraph 1 may be collected and stored if the information is necessary for the purpose of the register.

§ 15
Processing of data

The proceedings of the Criminal Sanctions Agency shall be processed by officials of the Criminal Sanctions Agency, the Criminal Maintenance Office and the Department of Corrections, in so far as it is necessary to carry out their duties.

However, the information contained in the Safety Data Record may be processed only by officials of the Criminal Sanctions Agency or the Department of Prisons designated separately by the Criminal Sanctions Agency.

ARTICLE 16
Disclosure of information from the implementation register and of the control and operational register

In addition to the provisions of Article 29 of the Law on the Activities of the Authorities and otherwise provided for in that law, the controller, notwithstanding the provisions of confidentiality, shall, notwithstanding the provisions of confidentiality, waive the registration and supervision of the prison establishment, and Information on the person convicted of the operating register, the prisoner and the detention centre, which are necessary:

(1) police for the purpose of prevention, detection and prosecution of criminal offences or for the authorisation or approval of a person requiring the integrity of a person;

(2) for the purpose of dealing with the issue of a residence permit or of expulsions, conversion, asylum or citizenship; (9.11.200784)

(3) the Legal Register Centre for the execution of assets and for the implementation of the conversion sentence;

(4) to the enforcement authority for enforcement purposes and for the execution of the sentence;

5) to the challenge man for service of the challenge;

6. To the public prosecutor in order to prosecute the case;

(7) the Court of Justice for dealing with a criminal case;

(8) Customs duties on the purpose of preventing and investigating customs offences and for purposes other than data collection and storage of personal data (639/2015) In accordance with paragraph 1; (22/05/2015)

(9) border and border surveillance authorities and the prevention of criminal offences;

(10) to the military authorities in order to maintain a register of military service, as well as to the Joint Chiefs of Staff in order to maintain a security data register and a military justice system; (28.3.2015)

(11) For the purpose of managing the benefits provided for by the Social Insurance Institution.

The information referred to in paragraph 1 may be provided by means of a technical service.

Non-disclosure of personal information to third parties shall be decided by the controller, or by an official of the Criminal Sanctions Agency, the Criminal Maintenance Department or the Department of Prisons.

§ 17 (28.3.2015)
Disclosure of information on a security data register

In addition to the provisions of the law on public authorities' activities, the information on the safety data register of the prison institution may be refused, notwithstanding the secrecy provisions, to the police, the Joint Chiefs of Staff, Customs and Customs. And to the Border Guard for purposes consistent with the purpose of the security data register. Information on disclosure shall indicate the degree of reliability of the information.

ARTICLE 18
Transfer of information from the patient register

In addition to the rest of the disclosure of information contained in the records of patients in the rest of the law, the doctor responsible for the health of the prisoners or his/her health care professional may: , with its written consent, inform the Director of the prison or the official designated by him of any circumstances relating to the state of health or care of which the doctor considers it necessary for the treatment or treatment of this person; or A person's own security or other prisoners and personnel To protect health and safety.

Without the written consent of a person, healthcare professionals other than healthcare professionals may only provide information referred to in paragraph 1 which does not show the quality of the disease or any other health status or treatment Detail.

An official who has obtained the information referred to in paragraph 1 of the health status of a prisoner or a penal institution may only disclose that information to a prison official who is required to carry out his duties.

§ 19
Access to information from other authorities

In addition to the rest of the law, the Criminal Sanctions Agency shall have the right, notwithstanding the secrecy provisions, to obtain information concerning a person convicted by another authority, a prisoner, a penal institution or a person carrying out a community penalty, Which are necessary for the performance of the execution of the sentence or for carrying out the execution of pre-trial detention or for the performance of any other function of that authority, as follows: (14.5.2010/399)

(1) the notification and decision notification system of the national legal system for the notification and decision of the national information system; (14.5.2010/399)

(2) from the system of population information on the person's name, identity, nationality, nationality, home municipality, address and death, as well as any other relevant criminal sanctions agency, criminal forwarding institution or prison institution; Information;

(3) information on the police information system on the person in the apb and the records of the detainees in order to ascertain the whereabouts of the person;

(4) information on the state of the prosecution of a person having regard to the national processing system for the national legal system of the judicial administration; (14.5.2010/399)

(5) information on the state of implementation of the person's enforcement information system;

(6) Information from the Finnish Immigration Service on the implementation of the decision on the expulsion, expulsion and expulsion of a foreign person or of a foreign person in the form of a stay, expulsion and expulsion decision, and a ban on entry and residence. The length. (9.11.200784)

The information referred to in paragraph 1 may be provided by means of a technical service, as agreed with the controller.

§ 19a (8.12.2006/1099)
Right to information from the Court

In addition to what is laid down in the law, the Department of Prisons is entitled, notwithstanding the provisions of confidentiality and confidentiality, to obtain information from the Court of Justice on serious acts of violence or of a prisoner committed to a sexual offence. In the case of procedural documents, where such information is necessary in order to assess the need for a prisoner to take part in an action plan to prevent the repetition of criminal offences in prison, When choosing or implementing prisoners in such a programme.

Before extradition, the donor authority shall delete or replace the documents referred to in paragraph 1 by means of which the person concerned or any other interested party may be identified. However, the identity of the offender and the information on the age, sex or relative relationship of any other party to the offence shall not be removed.

Documents received under this Article may be processed only by officials of the Prison Service who may need them in accordance with paragraph 1 for the purpose of carrying out their duties. Documents shall be deleted as soon as they are no longer necessary for the purposes referred to in that paragraph.

§ 20
Access to and transmission of community sanction enforcement information in certain situations

A civil servant of a criminal forwarding institution acting in implementing the Community sanction shall, notwithstanding the provisions of confidentiality, have the right to obtain from the authorities of the State and the municipal authorities the necessary information on the person's social The situation, the income, the use of health services, the ability to work, the use of substances, education, work experience, employment and the fulfilment of military service.

In addition to the provisions of the law on public access to the public authorities, the Office may, without prejudice to confidentiality rules, transfer to a private community, a foundation and a private entity entrusted with the task of executing a community sanction. The information necessary for the performance of the implementation task.

Chapter 4

Registered rights

ARTICLE 21
Reporting of data processing

The controller shall inform the data subject of the processing of the data as provided for in the Personal Data Act. However, the obligation to provide information may be waiving in addition to what is laid down in the Personal Data Act if it is necessary for the order and the safety of the penal institution.

§ 22
Restrictions on the right of access

In addition to what is laid down in the Personal Data Act, the right of access to the data subject may be restricted if, in the event of a serious threat to the order and security of the penitentiary, the right to check the right of inspection is likely to result in a serious risk of following a serious threat. The security of the Criminal Sanctions Agency, the Criminal Maintenance Department or the Department of Corrections. The data subject does not have the right of access to the safety record and the data of the security data register.

The Data Protection Supervisor may, at the request of the data subject, verify the legality of the data relating to the registration referred to in paragraph 1.

ARTICLE 23
Implementation of the right of inspection

The right of inspection shall be exercised personally by the controller or his representative. When the request is presented, the data subject shall certify its identity.

The information necessary for the exercise of the right of inspection may be provided by the controller. Information from the national register may be used not only by the controller, but also by the Department of Criminal Maintenance or Punishment, as specified by the controller.

Chapter 5

Data security and data retention

§ 24
Protection of sensitive data

For the processing of sensitive information in the registers referred to in this Act, the controller shall exercise particular care and ensure the adequacy of the technical and organisational protection of the registers.

ARTICLE 25
Removal from the register

The identity of the person shall be deleted from the register of persons from the Criminal Sanctions Agency, where it is no longer necessary for the purpose of the register, but at the latest by:

(1) from the register of community sanctions, 10 years after the last completion of the community sanction;

2) from the implementation register 10 years after the last release of the person from the penitentiary or ceased to carry out community service;

(3) from the control and operating register 10 years after the last release of the person from the penitentiary;

(4) from a security repository 10 years after the last entry;

5) from the register five years after the date of the meeting;

(6) a visiting language register five years after the end of the prohibition;

(7) from the register of affairs two years after the last indication;

8) from a serial number one year after the indication of the data.

The need for information contained in the Safety Data Register shall be reviewed at least once a year.

The data file deleted from the database shall consist of an archival index of data referred to in Article 6. The information shall be deleted from the archival directory 50 years after the last person released from prison or ceased to carry out community service.

All data relating to a person shall be deleted from the data system no later than one year after the data subject is dead.

§ 26
Preservation of information on error

Notwithstanding the provisions of the Personal Data Act for the correction of incorrect information contained in the register, the information found to be incorrect may be kept in the context of the corrected information, where it is necessary for the data subject, the other party or In order to safeguard the rights of the Office of the Criminal Sanctions Agency, the Criminal Maintenance Office or the Department of Corrections. Such information may be used only to safeguard those rights. The information shall be deleted from the register in accordance with Article 25.

Chapter 6

Miscellareous provisions

§ 27
Penalty provisions

In breach of Article 16 (1) or Article 17 or Article 18 or Article 20 (2) of the Penal Code, the penalty for secret detention shall be punishable under criminal law. (39/1889) 1 or 2, if the act is not punishable Article 5 of Chapter 40 of the Penal Code Or otherwise, the law provides for a heavier penalty.

Penalty for the offence of personal registration Article 9 of Chapter 38 of the Penal Code And the data breach on the personal register Article 8 of Chapter 38 of the Penal Code Included. According to Article 48 (2) of the Personal Data Act, the penalty for breach of personal data is hereby sentenced.

ARTICLE 28
More detailed provisions

More detailed provisions on the use of the registers and on the content of the data content may be laid down by a Council Regulation.

§ 29
Entry into force

This Act shall enter into force on 1 January 2003.

THEY 26/2001 , LaVM 3/2002, HVL 6/2001, EV 30/2002

Entry into force and application of amending acts:

23.9.2005/77:

This Act shall enter into force on 1 October 2006.

THEY 263/2004 , LaVM 10/2005, PLN 20/2005 EV 98/2005

8.12.2006/1099:

This Act shall enter into force on 1 January 2007.

THEY 106/2006 , LaVM 15/2006 EV 157/2006

9.11.200784:

This Act shall enter into force on 1 January 2008.

Before the law enters into force, measures may be taken to implement the law.

THEY 90/2007 , PVM 4/2007, EV

14.5.2010/39:

This Act shall enter into force on 1 December 2010.

THEY 102/2009 , LaVM 2/2010, EV 21/2010

8.4.2011/33:

This Act shall enter into force on 1 November 2011.

THEY 17/2010 , LaVM 30/2010, HVL 30/2010, EV 266/2010

23.08.2013/632:

This Act shall enter into force on 1 January 2014.

THEY 140/2012 , LaVM 7/2013, EV 57/2013

28.3.2014/2:

This Act shall enter into force on 1 May 2014.

THEY 30/2013 , HVM 5/2014, EV 15/2014

10.4.2015/399:

This Act shall enter into force on 1 May 2015.

THEY 45/2014 , LaVM 17/2014, EV 255/2014

22.5.2015/643:

This Act shall enter into force on 1 June 2015.

THEY 351/2014 , HaVM 54/2014, EV 341/2014