Who is responsible for your data privacy protection? | Bahasa
Indonesia.27 Feb 2023.3 min read
● Bank DBS Indonesia’s legal expert explains the dangers of giving data consent recklessly and the importance of understanding personal data protection and its legal basis
● Bank DBS Indonesia is committed to protecting customer data through regular feature updates and comprehensive data security management
Indonesia, 27 Feb 2023 - Personal data security and privacy vulnerabilities have been widely discussed of late. Issues arising from personal data protection, from data leaks that occur in various institutions, the rampant buying and selling of data online, to overlapping regulations, have triggered hot debates. Yosea Iskandar, Head of Legal & Corporate Secretary, PT Bank DBS Indonesia, highlighted the challenges of personal data protection, especially in the banking sector. Law No. 27 of 2022 was issued to guarantee the basic rights of citizens regarding Personal Data Protection (PDP Law). Yosea believes that complete understanding of the law among the industry, business players, and the general public is key to achieving the main objectives of the law.
The dangers of giving data consent carelessly
Recent data breaches indicate a lack of understanding among a majority of the public of the impact of personal data misuse. Yosea cited as an example an online loan scam whose victim found a sum of money had been transferred to his account only to be asked later to return the money along with an exorbitant amount of interest. In fact, the victim did not apply for the loan although he admitted to having obtained a loan from another illegal online loan provider, which he had paid in full. Indeed, it was highly likely that the victim's personal data was used by illegal online loan providers to grant him a loan without his knowledge. Yosea explained that lawfully and formally, borrowers may have given consent to illegal online loan providers to use their personal data to apply for loans. However, in reality, borrowers may not realize the extent of the consent they have given.
Therefore, Yosea called on consumers to consider the future consequences before giving consent for the use of their personal data. When names and phone numbers are leaked to irresponsible parties, the information may likely be used to offer illegal products or services such as online gambling. However, if you are not careful in utilizing social media, shopping apps, and internet searches, your personal information can be scattered everywhere. As a consequence, when names, phone numbers, and credit card numbers are leaked, criminals can use them to commit credit card fraud.
"When the information leaked is miniscule, we may not realize or notice it at all. However, the more information leaked, the greater the risk, not just for us, but also for our family members," said Yosea.
Regulations on data usage for banking sector
The concept of and regulations on personal data protection are not new to the banking sector. Banks also understand that they are obliged to obtain customer consent for collecting and utilizing customers personal data. Financial Services Authority Regulation (POJK) No. 6 of 2022 concerning Consumer and Public Protection in the Financial Services Sector prohibits financial services companies from giving consumer personal data and/or information to other parties, except when there is an understanding between the parties that makes it legal according to the PDP law.
Article 11 paragraph 4 of POJK No. 6 of 2022 obliges business players to state in writing and/or verbally the purpose and consequences of consent to disclosing consumer personal information. POJK 6 and POJK 11 also impose administrative sanctions against business players, including banks, who fail to meet their obligations. Sanctions can be in the form of written warnings and penalties, compensation to consumers, restriction or suspension of products/services/business activities, prohibition to issue new banking products, suspension of certain business activities, a downgrade in the assessment of governance factors in the assessment of bank financial health, revocation of product/service licenses and business licenses. Commenting on the stipulations, Yosea explained that consumers have the right to obtain information about the clarity of identity, the basis of legal interests, and the accountability of the business player seeking consent as material considerations for approval.
In view of the above stipulations, Yosea said banks must ensure that data processing is carried out not only in accordance with its purpose but also with the intention of protecting customer rights. Banks should also ensure that the consent is obtained in writing or in the form of a recorded oral statement. Banks that fail to protect personal data are obliged to give written notification to the relevant customer.
Bank DBS Indonesia’s customer data protection
As a banking institution that prioritizes digital transformation, Bank DBS Indonesia makes customer data protection a top priority. Bank DBS Indonesia ensures that all banking activities, including customer personal data protection, are conducted on the back of data acquisition and collection practices that are in accordance with applicable regulations.
In accordance with the “Live more, Bank less” mission, Bank DBS Indonesia through digibank by DBS strives to facilitate customer banking activities through various technological innovations while prioritizing data security. One of the technologies used is the Know Your Customer (KYC) process that utilizes the face recognition feature that is directly integrated with Dukcapil to ensure the authenticity of customer data used to open an account. In addition, there are other features, such as the application of the two-factor authentication (2FA) using a soft token feature that offers better protection than the One-Time Password (OTP). Bank DBS Indonesia also continues to play a role in educating customers on the risks of digital banking applications.
Head of Digital Banking PT Bank DBS Indonesia Erline Diani said, "We prioritise customer data security by maintaining system security, processing data in accordance with applicable regulations, and implementing good risk mitigation strategies. As an institution that has been named the ‘Safest Bank in Asia’ by Global Finance for 14 consecutive years, the ‘World's Best Digital Bank’ by Euromoney, as well as the ‘World's Best Bank’ by Global Finance, we have an obligation to maintain that trust."
About DBS
DBS is a leading financial services group in Asia with a presence in 19 markets. Headquartered and listed in Singapore, DBS is in the three key Asian axes of growth: Greater China, Southeast Asia and South Asia. The bank's "AA-" and "Aa1" credit ratings are among the highest in the world.
Recognised for its global leadership, DBS has been named “World’s Best Bank” by Global Finance, “World’s Best Bank” by Euromoney and “Global Bank of the Year” by The Banker. The bank is at the forefront of leveraging digital technology to shape the future of banking, having been named “World’s Best Digital Bank” by Euromoney and the world’s “Most Innovative in Digital Banking” by The Banker. In addition, DBS has been accorded the “Safest Bank in Asia“ award by Global Finance for 14 consecutive years from 2009 to 2022.
DBS provides a full range of services in consumer, SME and corporate banking. As a bank born and bred in Asia, DBS understands the intricacies of doing business in the region’s most dynamic markets. DBS is committed to building lasting relationships with customers, as it banks the Asian way. Through the DBS Foundation, the bank creates impact beyond banking by supporting social enterprises: businesses with a double bottom-line of profit and social and/or environmental impact. DBS Foundation also gives back to society in various ways, including equipping communities with future-ready skills and building food resilience.
With its extensive network of operations in Asia and emphasis on engaging and empowering its staff, DBS presents exciting career opportunities. For more information, please visit www.dbs.com.
The dangers of giving data consent carelessly
Recent data breaches indicate a lack of understanding among a majority of the public of the impact of personal data misuse. Yosea cited as an example an online loan scam whose victim found a sum of money had been transferred to his account only to be asked later to return the money along with an exorbitant amount of interest. In fact, the victim did not apply for the loan although he admitted to having obtained a loan from another illegal online loan provider, which he had paid in full. Indeed, it was highly likely that the victim's personal data was used by illegal online loan providers to grant him a loan without his knowledge. Yosea explained that lawfully and formally, borrowers may have given consent to illegal online loan providers to use their personal data to apply for loans. However, in reality, borrowers may not realize the extent of the consent they have given.
Therefore, Yosea called on consumers to consider the future consequences before giving consent for the use of their personal data. When names and phone numbers are leaked to irresponsible parties, the information may likely be used to offer illegal products or services such as online gambling. However, if you are not careful in utilizing social media, shopping apps, and internet searches, your personal information can be scattered everywhere. As a consequence, when names, phone numbers, and credit card numbers are leaked, criminals can use them to commit credit card fraud.
"When the information leaked is miniscule, we may not realize or notice it at all. However, the more information leaked, the greater the risk, not just for us, but also for our family members," said Yosea.
Regulations on data usage for banking sector
The concept of and regulations on personal data protection are not new to the banking sector. Banks also understand that they are obliged to obtain customer consent for collecting and utilizing customers personal data. Financial Services Authority Regulation (POJK) No. 6 of 2022 concerning Consumer and Public Protection in the Financial Services Sector prohibits financial services companies from giving consumer personal data and/or information to other parties, except when there is an understanding between the parties that makes it legal according to the PDP law.
Article 11 paragraph 4 of POJK No. 6 of 2022 obliges business players to state in writing and/or verbally the purpose and consequences of consent to disclosing consumer personal information. POJK 6 and POJK 11 also impose administrative sanctions against business players, including banks, who fail to meet their obligations. Sanctions can be in the form of written warnings and penalties, compensation to consumers, restriction or suspension of products/services/business activities, prohibition to issue new banking products, suspension of certain business activities, a downgrade in the assessment of governance factors in the assessment of bank financial health, revocation of product/service licenses and business licenses. Commenting on the stipulations, Yosea explained that consumers have the right to obtain information about the clarity of identity, the basis of legal interests, and the accountability of the business player seeking consent as material considerations for approval.
In view of the above stipulations, Yosea said banks must ensure that data processing is carried out not only in accordance with its purpose but also with the intention of protecting customer rights. Banks should also ensure that the consent is obtained in writing or in the form of a recorded oral statement. Banks that fail to protect personal data are obliged to give written notification to the relevant customer.
Bank DBS Indonesia’s customer data protection
As a banking institution that prioritizes digital transformation, Bank DBS Indonesia makes customer data protection a top priority. Bank DBS Indonesia ensures that all banking activities, including customer personal data protection, are conducted on the back of data acquisition and collection practices that are in accordance with applicable regulations.
In accordance with the “Live more, Bank less” mission, Bank DBS Indonesia through digibank by DBS strives to facilitate customer banking activities through various technological innovations while prioritizing data security. One of the technologies used is the Know Your Customer (KYC) process that utilizes the face recognition feature that is directly integrated with Dukcapil to ensure the authenticity of customer data used to open an account. In addition, there are other features, such as the application of the two-factor authentication (2FA) using a soft token feature that offers better protection than the One-Time Password (OTP). Bank DBS Indonesia also continues to play a role in educating customers on the risks of digital banking applications.
Head of Digital Banking PT Bank DBS Indonesia Erline Diani said, "We prioritise customer data security by maintaining system security, processing data in accordance with applicable regulations, and implementing good risk mitigation strategies. As an institution that has been named the ‘Safest Bank in Asia’ by Global Finance for 14 consecutive years, the ‘World's Best Digital Bank’ by Euromoney, as well as the ‘World's Best Bank’ by Global Finance, we have an obligation to maintain that trust."
About DBS
DBS is a leading financial services group in Asia with a presence in 19 markets. Headquartered and listed in Singapore, DBS is in the three key Asian axes of growth: Greater China, Southeast Asia and South Asia. The bank's "AA-" and "Aa1" credit ratings are among the highest in the world.
Recognised for its global leadership, DBS has been named “World’s Best Bank” by Global Finance, “World’s Best Bank” by Euromoney and “Global Bank of the Year” by The Banker. The bank is at the forefront of leveraging digital technology to shape the future of banking, having been named “World’s Best Digital Bank” by Euromoney and the world’s “Most Innovative in Digital Banking” by The Banker. In addition, DBS has been accorded the “Safest Bank in Asia“ award by Global Finance for 14 consecutive years from 2009 to 2022.
DBS provides a full range of services in consumer, SME and corporate banking. As a bank born and bred in Asia, DBS understands the intricacies of doing business in the region’s most dynamic markets. DBS is committed to building lasting relationships with customers, as it banks the Asian way. Through the DBS Foundation, the bank creates impact beyond banking by supporting social enterprises: businesses with a double bottom-line of profit and social and/or environmental impact. DBS Foundation also gives back to society in various ways, including equipping communities with future-ready skills and building food resilience.
With its extensive network of operations in Asia and emphasis on engaging and empowering its staff, DBS presents exciting career opportunities. For more information, please visit www.dbs.com.
