The legal proceedings followed one of the most significant cybercrimes in Finnish history, where private therapy records were accessed and leaked. Initially, a lower court had found Tapio guilty of violating data protection regulations, specifically citing a lack of proper encryption and security measures. This original verdict resulted in a three-month suspended sentence, which has now been set aside by the appellate judges.
GET 50% Discount for VPN/ANTIVIRUS SOFTWARE AT 911Cyber - CODE: bit5025
In the first trial, the District Court of Helsinki concluded that the executive had failed to uphold the standards required by the General Data Protection Regulation. The focus of that conviction was the technical inadequacy of the company’s systems. The court argued at the time that as the head of the provider, the responsibility for these vulnerabilities rested with him.
Following that initial decision in early 2023, both the defense and the prosecution sought further legal action. Tapio maintained his innocence and asked for the charges to be dismissed completely. On the other side, prosecutors argued that the gravity of the breach warranted a harsher punishment, pushing for an unconditional prison sentence instead of a suspended one.
The Court of Appeal ultimately sided with the defense’s position regarding criminal liability. By overturning the conviction, the court has effectively ruled that the evidence did not support a criminal charge against Tapio personally for the technical shortcomings of the company. This decision marks a significant turn in the long-running legal aftermath of the Vastaamo security crisis.
Source: Court Clears Former Vastaamo Ceo Ville Tapio Of Data Protection Charges