Indonesia is Working Towards Improving Information Defense with Data Privacy Laws

Last updated on May 6th, 2021 at 10:28 am

Indonesia is moving a data privacy regulation ahead in several of the largest e-commerce firms after a string of high-profile data attacks in recent months.

The bill-expected before the end of the year-would make it unlawful to gather data from users without consent and allow companies to warn buyers within days of learning that their identities, addresses and other details have fallen into the wrong hands.

The new legislation, which involves corporate penalties of up to 210 billion rupiah (S$20 million) or up to seven years in jail for offenders, represents increasing anxiety among Indonesia’s steadily rising population of online shoppers that companies and government are struggling to keep their personal details secure.

Indonesia ‘s State Cyber and Crypto Agency (BSSN) has reported that in 2019 the nation saw more than 98 million cyber threats, up from 12 million a year earlier. Mr Ardi Sutedja, who helped create BSSN and is now chairman and director of the non-profit Information Security Platform, said that more threats are going unreported by businesses who are trying to stop spooky clients and investors.

Early May, news broke out on Twitter that Tokopedia ‘s online mall experienced Indonesia’s largest data leak with personal data fraud, including addresses and passwords for 91 million accounts placed for sale on the dark web.

The info, which can be used as a bait for phishing scams, had resurfaced for sale for the equivalent of S$15 earlier this month, local media stated.

Days after the heist of Tokopedia, the smaller competitor Bhinneka, who specializes in company supplies, announced that he was also the target of a hack that obtained access to 1,2 million accounts. Only, in May, the country’s election committee claimed that 2,3 million ballots had been secretly copied from private records.

Late last year, the Bukalapak e-commerce platform discovered hackers had taken off with 13 million accounts with personal info. Until now, laws regulating personal data have been spread through various political, telecommunications and jobs regulations which have rendered it difficult for customers to keep companies responsible for abuse of their details.

One example: Documents left at the front desks to handle the flow of guests to the workplaces will now be registered, their contents exchanged or dissected as the host wishes-which the current law will not fix so far.

Meanwhile, after the hack, Tokopedia, which dropped from being the 25th most visited site in Indonesia to 110th place, has clawed back some ground since. This currently rates 50th in a world where nearly two-thirds of the 270-million-strong population counts as Web subscribers.

An expert specialized in monitoring hoaxes and social networking, Mr Ismail Fahmi said Indonesian people are unable to learn about their errors online. Modelled after the 2018 General Data Protection Regulation of the European Union, Indonesia ‘s proposed Personal Data Privacy Act requires the owner of the data to revoke consent for its usage, to be alerted and charged within three days after its misuse.

Atop a current legislative framework of each organization will be a data security officer who will guarantee that the business remains compliant-which Mr Ardi estimates would cost the amount of 10 % to 20% of operating capital on average to educate employees to update the IT network.

The law couldn’t have been arriving too fast. According to a 2019 report by Google, Temasek and Bain & Company, the amount of internet sales by Indonesians of plane tickets, home appliances, take-off orders and other products is projected to increase to US$ 130 billion (S$181 billion) by 2025

After all that, everyday customs can still put Indonesians in digital bandit crosshairs. One example: Documents left at the front desks to handle the flow of guests to the workplaces will now be registered, their contents exchanged or dissected as the host wishes-which the current law will not fix so far.

Meanwhile, after the hack, Tokopedia, which dropped from being the 25th most visited site in Indonesia to 110th place, has clawed back some ground since. This currently rates 50th in a world where nearly two-thirds of the 270-million-strong population counts as Web subscribers. An expert specialized in monitoring hoaxes and social networking, Mr Ismail Fahmi said Indonesian people are unable to learn about their errors online.