Service use by Guardians and Attorneys
The response message of the Suomi.fi e-Authorizations ‘Acting on behalf of another person’ (HPA) interface has been expanded. The expanded response message contains more detailed information on the right to act on behalf of another person when
- person is acting as a public guardian
- person is acting as a private guardian
- person is acting as an attorney with a continuing power of attorney.
The extended response message is not enabled by default. Your e-service can adopt the expanded response message according to its own schedule, if there is a need for more detailed information.
Implementing the expanded response message requires development and testing before it can be taken into production use.
Who benefits from the update, and what should be taken into account?
Guardians and Attorneys
This update enables your e-service, which supports acting on behalf of another person, to determine from the response message whether the representative is a private guardian, a public guardian, or an attorney with a continuing power of attorney.
The need for more detailed information depends on the e-service and its processes.
For example, the e-service may want to display different information to public guardians, private guardians, and attorneys with a continuing power of attorney — especially in the future, if legislation enables acting on behalf of another person also in matters related to health.
Data protection – specific requirements for processing data related to public guardians
A service utilizing Suomi.fi e-Authorizations must ensure that the personal identification number of a public guardian is not displayed at any point during electronic representation or any related process — for example in the user interface, during customer service interactions, or via information requests. This requires planning before enabling public guardians to act on behalf of their clients. Your e-service must therefore distinguish public guardians in the Suomi.fi e-Authorizations response message going forward.
In addition, the National Legal Services Authority recommends that e-services also prevent the public guardian’s name from being displayed during electronic representation or any related process.
For example, on the Suomi.fi ‘Event Information’ page, the name of the public guardian is not shown to the client. Instead, in the event log for representation, the following description is displayed:
A public guardian was acting on your behalf - Organization - E-service - dateHowever, the logging requirements for Suomi.fi e-Authorizations remain unchanged, so the information of public guardians must also be found in the log data. For more detailed logging requirements, see the instructions.
Implementation and testing
Before starting testing, review the updated rule engine descriptionOpens in a new window. and the interface descriptionOpens in a new window..
The registry‑based acting‑on‑behalf functionality for guardians and attorneys with a continuing power of attorney can be enabled through the eAuthorisations Service rule engineOpens in a new window., i.e. the administrative user interface, by activating the following rule for your e-service:
Rule ID | Description |
|---|---|
036.010.1.4 | Include in the response the role of a private guardian, a public guardian, and an attorney with a continuing power of attorney in matters concerning a person’s financial affairs. |
By enabling rule 036.010.1.4, the response message will include the role of a private guardian, a public guardian, and an attorney with a continuing power of attorney in matters concerning a person’s financial affairs. The role information for public guardians is retrieved from the register maintained by the National Legal Services Authority.
The response message returns the following authorization roles for a guardian or an attorney with a continuing power of attorney:
- TRUSTEESHIP_PRIVATE_FINANCIAL = Private guardian, matters concerning the person’s financial affairs
- TRUSTEESHIP_PUBLIC_FINANCIAL = Public guardian, matters concerning the person’s financial affairs
- TRUSTEESHIP_MANDATE_FINANCIAL = Attorney with a continuing power of attorney, matters concerning the person’s financial affairs.
Note! Your organization must take into account the specific requirements for processing personal data related to public guardians before commencing production use.
Testing instructions and test data
Use the test data provided by the Digital and Population Data Services Agency (DVV) for testing. The data is available in the Test Data Service:
- Address: https://testiaineisto.fiOpens in a new window.
- Credentials for the service can be requested at: valtuudet-kayttoonotot@dvv.fi
Testing for guardians and attorneys with a continuing power of attorney can be performed using a separate dataset available in the Test Data Service. The dataset can be found under the Persons tab, below the heading Test data rows for persons, as a separate HTML link.
Communications and instructions
When you have enabled acting on behalf for guardians and attorneys with a continuing power of attorney, your e-service must provide guidance for users on how this representation works. If your e-service implements any customization affecting the actions available to guardians, attorneys with a continuing power of attorney, or users acting with a Suomi.fi authorization, these changes must also be clearly described in your end‑user instructions.
You can use the press release template in customer communications:
[e-service] is now available to public guardians
Public guardians can now manage their client's financial affairs in [organization's e-service]. The right to act is checked from the National Legal Services Authority's register.
In the e-service, the guardian can manage the following mandate themes on behalf of the client:
- Mandate theme 1
- Mandate theme 2
- Mandate theme 3
Select the phrase that corresponds to the e-service:
- Option 1. The personal identity code and name of the public guardian are not visible to the client.
- Option 2. The personal identity code of the public guardian is not visible to the client.
Personal data will also remain protected during the customer service process and will not be disclosed in connection with information requests.
Instructions for using the service are provided by [organisation's customer service, telephone number, email address].