Jakarta, 13/5/2020 (Antara) - Many Indonesians
have shown a preference for online shopping ever since the Indonesian
Government imposed large-scale social distancing measures to restrict
public movement and curb the spread of the novel coronavirus disease, or
COVID-19.
Data provided by ADA (Analytic Data Advertising)
indicates a 300-400-percent increase in internet usage by adaptive
shoppers last March, while internet use by WFH (work-from-home)
professionals has climbed 400 percent.
Amid the jump in online
shoppers, the Indonesian public was recently shocked to learn about the
leaking of personal data of millions of users of e-commerce platform,
Tokopedia.
According to some reports, a hacker put up a database containing the personal data of 91 million Tokopedia users for sale on the dark Web for US$5,000. Some reports say the data of 15 million users was breached.
Concerns over personal data safety have been gaining ground since the past several years, especially in view of the numerous credit and loan offers floating around via telephone and random short messages.
According to some reports, a hacker put up a database containing the personal data of 91 million Tokopedia users for sale on the dark Web for US$5,000. Some reports say the data of 15 million users was breached.
Concerns over personal data safety have been gaining ground since the past several years, especially in view of the numerous credit and loan offers floating around via telephone and random short messages.
Last year, the Home
Affairs Ministry, which is in charge of storing personal data of
Indonesian citizens, admitted that at least 1,227 institutions, both
government and private, have access to data on Indonesian citizenship.
However,
private institutions still have to seek permission from the ministry to
access citizens data, the then home affairs minister, Tjahjo Kumolo,
said in July, 2019.
The protection of people's data is
regulated in Law Number 24 of 2013 concerning Population Administration
and the Minister of Home Affairs Regulation Number 61 of 2015, among
others, but there is no strict sanction for any institution found
leaking personal data.
Therefore, Sukamta, member of
Commission I of the House of Representatives (DPR), has suggested that
the Bill on Personal Data Protection (PDP) encompass regulations on
obligations of data managers and sanctions for data breach.
He pointed to the recent data breach at Tokopedia while sharing his concerns.
He pointed to the recent data breach at Tokopedia while sharing his concerns.
Sukamta stressed that private data managers, such as public institutions and private companies, should guarantee the security of user data. Their cybersecurity system should always be updated and improved by utilizing the best technology.
"The importance of data is akin to oil a few decades ago, or spices in the ancient archipelago, which were believed to be more expensive than gold. In this digital world, data becomes (a) very tempting (source) to mine dollars," he pointed out.
In connection with the Tokopedia data leak, he urged the government, in this case, the Ministry of Communication and Informatics, the National Cyber and Crypto Agency (BSSN), the private sector, and the community, to jointly step up cyber vigil amid the COVID-19 pandemic.
"The Tokopedia (data leak) case is an eye opener and a matter of concern for the cyber world in Indonesia," Sukamta averred.
Meanwhile, Abdul Kharis Almasyhari, deputy chairman of the DPRs Commission I, and Commission I member Farah Putri Nahlia have urged police to proactively investigate the data breach.
"Tokopedias
user data leak is a big shame for an IT-based technology company,"
Farah, a politician from the Peoples Mandate Party (PAN), said on May 6,
2020.
The same day, Brig Gen Raden Prabowo Argo Yuwono,
spokesperson for the National Police (Polri), said Polri has not
received a report on the data leak. Police is still waiting for the
public to report it, he added.
Polri will follow up the case,
but right now, it is still waiting for the result of an internal
investigation by Tokopedia, he continued.
On May 12, 2020,
Tokopedia CEO William Tanuwijaya released a message for users of the
online shopping platform, explaining efforts taken by the company after
the data breach was detected on May 2.
The company is working with the Ministry of Communication and Informatics and the BSSN to investigate the case, he said.
Meanwhile,
the Indonesian Consumer Community (KKI) has filed a lawsuit in the
Central Jakarta District Court against Tokopedia and the Ministry of
Communication and Informatics over the data breach.
KKI's lawyer, Akhmad Zaenuddin, in a written statement on May 7, 2020, said Tokopedia's negligence was the reason behind the leak.
In line with existing laws, personal data is confidential and must be stored, maintained, and protected.
The state necessitates that every party that obtains personal data maintain confidentiality and protect the personal data and privacy of citizens conducting electronic transactions.
KKI chairman David Tobing also expressed regret over Tokopedia not divulging details of the data that was stolen and mishandled by a third party.
The Communication and Informatics Ministry is also facing legal action over its alleged ineptness in supervising the implementation of the electronic system to prevent the data breach.
KKI's lawyer, Akhmad Zaenuddin, in a written statement on May 7, 2020, said Tokopedia's negligence was the reason behind the leak.
In line with existing laws, personal data is confidential and must be stored, maintained, and protected.
The state necessitates that every party that obtains personal data maintain confidentiality and protect the personal data and privacy of citizens conducting electronic transactions.
KKI chairman David Tobing also expressed regret over Tokopedia not divulging details of the data that was stolen and mishandled by a third party.
The Communication and Informatics Ministry is also facing legal action over its alleged ineptness in supervising the implementation of the electronic system to prevent the data breach.
The ministry is
tasked with controlling, inspecting, tracking, and securing personal
data, in line with Article 35 and paragraph (1) of Government Regulation
(PP) Number 71 of 2019.
Minister of Communication and Informatics, Johnny Plate, had earlier spoken of his ministry having formed a team with the BSSN and Tokopedia to evaluate the data breach at the e-commerce platform.
Minister of Communication and Informatics, Johnny Plate, had earlier spoken of his ministry having formed a team with the BSSN and Tokopedia to evaluate the data breach at the e-commerce platform.
BSSN ensures the protection and
security of personal data of Indonesian citizens, according to the
agency's director of Digital Economy Protection, Anton Setiyawan.
"If an e-commerce platform applies customer-oriented protection, the BSSN protects all Indonesian citizens. Regardless of being requested or not, the BSSN will ensure the protection and security of Indonesian citizens' personal data," he noted in a statement on May 13, 2020.
The BSSN is closely monitoring cybersecurity in the digital economy sector comprising 2,218 startups, four unicorns, one decacorn, and 227 fintechs, he remarked.
As no one has been held responsible for personal data breaches so far, Center for Indonesian Policy Studies (CIPS) researcher Ira Aprilianti has urged the DPR to pass the Bill on Protection of Personal Data into law.
In wake of the COVID-19 pandemic, a law that protects personal data is deemed urgent, since many people prefer to shop online, she pointed out.
Misuse of personal data stored by e-commerce service providers is quite common. In several cases concerning fintech companies, consumer data is disseminated and traded without the customer's consent, she said.
Currently, 32 laws and regulations on personal data protection exist, and their implementation and supervision lie in the hands of various ministries and institutions. However, there is lack of coordination in the implementation of the laws and regulations, and absence of sanctions against data breaches, she added.
"If an e-commerce platform applies customer-oriented protection, the BSSN protects all Indonesian citizens. Regardless of being requested or not, the BSSN will ensure the protection and security of Indonesian citizens' personal data," he noted in a statement on May 13, 2020.
The BSSN is closely monitoring cybersecurity in the digital economy sector comprising 2,218 startups, four unicorns, one decacorn, and 227 fintechs, he remarked.
As no one has been held responsible for personal data breaches so far, Center for Indonesian Policy Studies (CIPS) researcher Ira Aprilianti has urged the DPR to pass the Bill on Protection of Personal Data into law.
In wake of the COVID-19 pandemic, a law that protects personal data is deemed urgent, since many people prefer to shop online, she pointed out.
Misuse of personal data stored by e-commerce service providers is quite common. In several cases concerning fintech companies, consumer data is disseminated and traded without the customer's consent, she said.
Currently, 32 laws and regulations on personal data protection exist, and their implementation and supervision lie in the hands of various ministries and institutions. However, there is lack of coordination in the implementation of the laws and regulations, and absence of sanctions against data breaches, she added.
1071656
(T.H-FDH/A/R013/R013) 13-05-2020 21:39:04
No comments:
Post a Comment