Personal data: A time bomb
The damage has been done. The time bomb that we knew of has exploded. Following the police’s arrest of those suspected of leaking bank customers’ personal data, the public should be concerned about the security of their personal data.
In fact, many of us are unaware of data security. Compounded by regulations that have changed constantly and their poor enforcement, customers are clearly vulnerable to the misuse of personal data.
Personal data is a new goldmine in today’s era. Our locations, identities, genders, favorite foods, and religions, even sexual preferences, are in the sights of those who wish to utilize our data, commonly for marketing purposes. As such, personal data has become a valuable commodity. But there are also the downsides to personal data transactions, ranging from identity theft to unauthorized financial transactions, if they fall into the wrong hands.
While the government is busy perfecting legal instruments through a draft bill on personal data protection, we actually bear personal responsibility to protect our own data. At the micro level, being cautious when filling in personal data, surfing a certain website or using cloud-based software is the first step to protecting our personal data.
Our lack of awareness about data security is evinced from how easy we fall prey to direct marketing officers through phone calls, or how eager we are to share the results of an online quiz app on our social media accounts. Those are only a few of the many instances when we give out our data for free.
However, unauthorized data collection actually happens with our consent. In such a case, the data collector is obviously not the one to blame.
In fact, most data collectors have been trying to comply with data protection regulations by publishing privacy notices and terms and conditions on their websites. It is us, as website users, who often fail to read carefully and understand the consequences of providing our information by using the website.
On the other side of the issue, our awareness of our right to personal data protection needs improving.
The current administration recognizes the rights of personal data owners, ranging from our right to request records of how our personal data is used, to our right to permanently delete our information stored by the data collector.
Such rights, which are intended to protect us, are enforceable. But well-published information on how to enforce a data owner’s rights and how to keep data collectors from misusing our data remains minimal.
The arrest of the seller of bank customers’ data provides the momentum for the public to become familiar with the issues of protecting personal data.
Apart from public education and awareness, the government should work harder to ensure personal data protection. The state needs to restore its sovereignty over the digital world through governance, as this is important to maintain a level playing field in Indonesia — one of the biggest markets for the technology industry.
The government’s bold move to require app-based service providers to open offices in the country deserves credit. But there is still more work to be done.
First and foremost, the vagueness of provisions in the existing regulation on personal data protection must be fixed with the upcoming Personal Data Protection Law. The House of Representatives needs to give priority to deliberation of the draft bill, as we are racing against time in light of the rapid development of new technologies.
The draft bill should provide flexibility for the government to respond to technological advancements.
Nonetheless, it should also use a language understandable to laypeople — not just techies or those in the technology industry — or else the general public would remain unaware of their rights to personal data protection.
Furthermore, the government should consider the recent trend of multilateral cooperation in personal data protection at the regional level, such as the international instruments initiated by the Asia-Pacific Economic Cooperation (APEC). The fact that cross-border data transactions are impossible to halt will necessitate good cooperation between Indonesia and the international community to protect its citizens’ personal data from cyber criminals anywhere in the world.
To sum up, collaborative efforts between the people and government are a must to build and regain our sovereignty in the digital realm. Future threats surely await us. It is only a matter of time until another incident occurs to test our vulnerability. As such, we need to prepare ahead to prevent another time bomb from ticking.