Insights | August 3, 2020

Leakage of personal data in the Finnish Trade Register’s information service

Recently, a data protection breach was discovered in the Finnish Patent and Registration Office's (PRH) Trade Register's information service Virre. The error affected 144 individuals and they should have been contacted by PRH. In case of any concerns, we recommend contacting PRH for more information on whether representatives of your company were affected and what kind of information might have been disclosed.

The error took place between 16 June and 6 July 2020 and during that time personal details of persons registered with the trade register, including details on beneficial owners of companies, were unintentionally shown to users of the rapid search function of the service.

• The service showed to users notification documents containing personal data, which should have been accessible only to certain authorities. Such documents included trade register extracts, personal data forms and, e.g., passport copies.
• The error affected 144 individuals and they should have been contacted by PRH.
• The error was caused by the installation of a new software function and was fixed on 8 July 2020.
• The Data Protection Ombudsman has been notified of the incident.

In case of any concerns, we recommend contacting PRH for more information on whether representatives of your company were affected and what kind of information might have been disclosed. If the information is not provided directly to the company, the company can advise the persons, whose data may have been leaked, such as board members, CEO, and other persons authorized to represent the company, to make a data request in their own name (or authorize someone to make the request on their behalf).