T

he Indonesian Consumers Foundation (YLKI) wants Bank Indonesia (BI) to punish banks that outsource customer recruitment if contractors give customer information to other parties without
permission.

Banks were responsible for such privacy violations since as the companies that hired the service providers, YLKI chairman Husna Zahir said in Jakarta on Wednesday.

She urged banks to terminate contracts with offending companies if they discovered violations.

“If there’s an indication that the service provider companies are leaking customers’ personal data to other parties, the banks hiring them have to take responsibility,” she said as quoted by detikFinance news portal.

Husna added that a bank that hired a company to find new customers for loans or credit cards had to educate the company about protecting customer data.

“Customer data has to be kept protected and can’t be commercialized as stipulated in the regulations of Bank Indonesia on the protection of customers’ personal data,” Husna said, adding that bank contractors, though not a financial institutions, should comply with financial laws and regulations.

BI’s payment system division head Ariwibowo said earlier that the traffic in customer data was primarily done by bank-contracted service providers or their employees.

A service provider or its employees might sell customer data forwarded by the bank to other companies, which would then use the information for their own businesses without customers’ knowledge.

“That’s why many people have reported that they received telephone calls from someone offering credit cards or letters containing application forms which have been pre-filled. In some cases, the letters come together with credit cards,” he said.

According to detikFinance, customer data was usually sold by individuals.

Bank customer data could be found on offer on several social networking web sites, along with instructions on how to use it effectively for certain professions, detikFinance reported.

Central bank spokesperson Difi Ahmad Johansyah said that BI regulations issued in 2005 stipulated that banks “were obligated to ask for permission from customers” before sharing customer data with third parties for commercial purposes.

However, Difi said that the central bank could do nothing if the people selling customer data were not banks or financial institutions.

YLKI called on Bank Indonesia to take more active role in solving the problem since customers’ privacy rights had been breached.

The organization urged banks to improve the supervision and education of companies hired to recruit customers, specifically on ethics and customer privacy.

“BI should be brave in giving punishments or warnings to banks hiring delinquent service provider companies,” Husna said.