Act on Information Management Governance

Act on Information Management Governance in Public Administration
(634/2011) 

Original: PDF

Chapter 1 — General provisions

Section 1 — Purpose of Act
The purpose of this Act is to improve the efficiency of activities in public administration and to improve public services and their availability by laying down provisions on information management governance in public administration and on promoting and ensuring the interoperability of information systems.

Section 2 — Scope of Act and relationship with other legislation
(1) This Act lays down provisions on the obligations of certain authorities in public administration when conducting information management tasks.

(2) This Act applies to:

1. central government agencies and bodies and unincorporated government enterprises;
2. courts of law and other judicial bodies when conducting administrative tasks;
3. local government authorities when conducting tasks laid down for them by law;
4. corporate entities and foundations when exercising public authority in conducting public administration tasks.

(3) This Act does not apply to:

1. the Office of the President of the Republic of Finland;
2. Parliament and its agencies;
3. public authorities in Åland operating at regional, central government and local government level;
4. the Bank of Finland;
5. the universities referred to in the Universities Act (558/2009);
6. the Evangelical Lutheran Church of Finland and the Orthodox Church of Finland;
7. companies and corporate entities arranging employment pensions, statutory nonlife insurance or unemployment benefit funding;
8. the Social Insurance Institution of Finland, with the exception of sections 5 and 13(4) of the Act.

(4) The information security of central government authorities as referred to in the Act on the Openness of Government Activities (621/1999) and the contingency preparations of central government authorities for exceptional circumstances as referred to in the Emergency Powers Act (1080/1991) are subject to the relevant provisions laid down in these Acts in regard to information management.

Section 3 — Definitions
In this Act,

1. information management in public administration means support activities that ensure the performance of public administration tasks and make use of the methods and means of information and communication technologies;
2. public administration information system means a data file or data reserve composed of information gathered for a particular purpose and stored using automatic data processing, which the user can use to produce services or perform other tasks in accordance with the purpose of the system and the information processing requirements;
3. enterprise architecture for information management in public administration means specification of the structure of the information management entity comprising public administration organisations, services, operating processes, processed information and the information systems used, and the technologies, and of the relationship between the entity’s component parts;
4. interoperability of public administration information systems means the technical and content-based interoperability of information systems with the information systems of other authorities in public administration when the systems use the same data.

Chapter 2 — Information management governance

Section 4 — Governance
(1) Under this Act, general governance of information management for authorities in public administration is the task of the Ministry of Finance. The ministry must, in particular, arrange:

1. planning and specification of the operating, information, system and technology architectures (enterprise architecture) in public administration;
2. preparation and maintenance of system interoperability specifications and definitions required for a joint enterprise architecture for information management in public administration;
3. governance of joint information management services in public administration and other measures necessary for coherent information management activities.

(2) Provisions on a joint enterprise architecture for information management in public administration based on the standard referred in section 6, in so far as this concerns information, system and technology architectures and the content of the system interoperability specifications and definitions required for this, may be issued by government decree. In the case of information systems used in conducting public administration tasks by a corporate entity or foundation that exercises public authority, only provisions on the content of the information architecture required for system interoperability and the content of the specifications and definitions required for this may be issued by government decree.

(3) The ministries have the task of governing the development of information management and information management projects within their respective field of responsibility, giving due consideration to the purpose and obligations laid down in this Act.

(4) Before an authority referred to in section 2(2)(1-2) decides on an information management procurement of its own or on some other information management procurement that is funded from the Budget and is for the authority to determine, and where this is of extensive operational importance or of significant economic value, the authority must request the opinion of the Ministry of Finance on the matter. If the authority referred to above wishes to deviate from the opinion of the Ministry of Finance, it must submit the matter for decision by the ministry for the administrative branch in which the authority operates. Further provisions on the procurements referred to in this section and on the procedure of the Ministry of Finance in regard to the matter of opinions may be given by government decree.

Section 5 — Advisory Committee on Information Management in Public Administration

1. The Advisory Committee on Information Management in Public Administration (JUHTA) operates in connection with the Ministry of Finance for the purpose of furthering the development of the information society within the sphere of public administration.
   The Advisory Committee is a permanent collaborative and advisory body for central government authorities, the Social Insurance Institution of Finland and local government authorities. The Advisory Committee may, if necessary, also include representatives of other parties involved in promoting information management in public administration. The Advisory Committee is appointed by the Government for three years at a time.
2. The task of the Advisory Committee is to further the modernisation and adoption of operating practices and service production methods in public administration by utilising information and communication technologies, and to issue recommendations concerning information management in public administration. Provisions governing the Advisory Committee’s decision making and the organisation of its activities and further provisions on the composition and tasks of the Advisory Committee will be given by government decree.

Section 6 — Standard for information management in public administration
The Ministry of Finance may determine whether a recommendation issued by the Advisory Committee on Information Management in Public Administration concerning a
joint enterprise architecture for information management in public administration and
system interoperability specifications and definitions required for this shall constitute a
standard for information management in public administration.

Chapter 3 — System interoperability

Section 7 — Interoperability of public administration information systems
To enable and ensure the interoperability of public administration information systems, authorities in public administration must each plan and specify their enterprise architecture and must comply with it once it has been formulated and is maintained, as well as with the system interoperability specifications and definitions required for it, and with the interoperability specifications and definitions for information systems within its field of responsibility.

Section 8 — Information system interoperability within a field of responsibility

1. Each ministry must ensure that interoperability specifications and definitions for information systems within its field of responsibility are built and maintained for that field of responsibility. Provisions on the content of interoperability specifications and definitions for information systems within a field of responsibility may be issued by ministerial decree. If the system interoperability specifications and definitions referred to above concern information systems used in conducting public administration tasks by a corporate entity or foundation that exercises public authority, provisions on the dependencies required for the interoperability of such information systems and on the relationship with information systems of authorities in public administration may be issued by ministerial decree.
2. If, within the fields of responsibility of two or more ministries, there are overlaps in specifications and definitions, which prevent or hinder the interoperability of information systems, the ministries must together agree on removing these overlaps.

Section 9 — Modifying information systems of authorities in public administration

1. Authorities in public administration must ensure that their information systems meet the interoperability requirements referred to in section 4 and issued by government decree, or referred to in section 8 and issued by ministerial decree, when significantly modifying information systems or when procuring new information systems and services or otherwise developing information systems, and no later than when the service contracts for the information systems expire.
2. Provisions on the date by which a public authority’s information systems must be made to meet the interoperability requirements referred to in section 4 which are issued by government decree, following the entry into force of the decree referred to in section 4, may be issued by government decree. Provisions on the date by which a public authority’s information systems must be made to meet the interoperability requirements referred to in section 8 which are issued by ministerial decree, following the entry into force of the decree referred to in section 8, may be issued by ministerial decree.

Section 10 — Utilising stored information

(1) Authorities in public administration must seek to organise their activities in such a way
that they use the information deposited in the information systems referred to in this
section if the activities of the authority require the use of this information. These information systems comprise:

1. the Population Information System referred to in the Act on the Population Information System and the Certificate Services of the Population Register Centre (661/2009) and the information referred to in section 7(1)(1-2) and 7(1)(6) of the Act;
2. the Register of Associations referred to in the Associations Act (503/1989);
3. the Trade Register referred to in the Trade Register Act (129/1979);
4. the Register of Foundations referred to in the Foundations Act (109/1930);
5. the Land Information System referred to in the Act on the Land Information System and Related Information Service (453/2002);
6. the Business Information System referred to in the Business Information Act (244/2001).

(2) The topographic data system maintained by the National Land Survey of Finland and the Finnish Geodetic Institute is also comparable to the information systems referred to above in subsection 1.

Section 11 — Joint services

1. Authorities referred to in section 2(2)(1-3) of this Act must use the pertinent joint information technology solutions they require for implementing electronic transactions and that interact with transaction services. Provisions on joint information technology solutions required for implementing electronic transactions and that interact with transaction services, and on the extent of use of these solutions, may be issued by government decree. Prior to issuing a government decree on the matter, the Advisory Committee on Information Management in Public Administration must be consulted.
2. Authorities referred to in section 2(2)(1-2) of this Act must use the joint basic information technology and information system services that they require. Provisions on the jointly used basic information technology and information system services and on the extent of use of the services may be issued by government decree.

Chapter 4 — Miscellaneous provisions
Section 12 — Availability of information
Authorities in public administration must ensure that the information concerning specifications and definitions referred to in this Act is available in a form that can be utilised with information technology.

Section 13 — Entry into force

1. This Act enters into force on 1 September 2011.
2. Authorities in public administration must begin to prepare an enterprise architecture specification in accordance with section 7 within six months, and must complete this work within three years, of the entry into force of the government decree referred to in section 4 concerning the matter.
3. Authorities in public administration must introduce the services they require referred to in section 11 within two years of the service being available and the government decree referred to in section 11 having entered into force, or no later than the expiry of the service contract for an independently procured service equivalent to the service in question.
4. The Advisory Committee referred to in the Government Decree on the Advisory Committee on Information Management in Public Administration (145/2006) and which is operating when this Act enters into force shall operate as the Advisory Committee on Information Management in Public Administration as referred to in this Act until the end of its term.
5. Actions necessary for the implementation of this Act may be undertaken before the Act’s entry into force.