Regulations and industrial standards on private data protection were important, but users’ awareness and cautious consent in giving personal data were key factors to ensure their data were protected from abuse and fraud, said Khrisna Chandra, chief information officer of digital signature start-up PrivyID.

Personal efforts to protect user data include choosing strong passwords and being careful in using public networks, when installing applications and when receiving shady links and offers, he added.

The government is in the final stages of drafting a bill on personal data protection, which is expected to be deliberated at the House of Representatives starting this month, according to Communications and Information Ministry Director General for Application Informatics Semuel Abrijani Pangerapan.

“The minister has coordinated with the House, and there has been an agreement with Commission I. Deliberation and passage are expected next year,” said Semuel as quoted by kompas.com. The draft is currently being finalized at the State Secretary, he added. “This is super priority, not just priority.”

As Indonesia’s digital economy is expected to more than triple in value to US$130 billion in 2025 to lead Southeast Asia, digital financial services are also on the rise, according to a report by Google, Temasek and Bain & Company titled e-Conomy SEA 2019. Digital payments in Southeast Asia, according to the report, will account for almost one in every two dollars spent in the region by 2025.

Mastercard Indonesia senior analyst of business and development Wahyu Putranto said in the shift to the digital era, all elements in the fintech industry had a responsibility to take care of customer data, including the users themselves.

“The industry must also keep the balance between customers’ convenience and their personal data security,” Wahyu told a seminar organized by the Indonesia Fintech Association (Aftech) on Dec. 3.

Aftech managing director Mercy Simorangkir said personal data protection was important because technological innovation in finance entailed its own risks and the association, therefore, promised to move the industry into a more responsible direction.

“The Financial Services Authority (OJK) has officially appointed Aftech to organize innovation in digital finance, and we will fulfill our duty to oversee the development of digital finance innovation into a more responsible direction,” Mercy said in the seminar.

Data protection 101 for fintech users

Khrisna explained that one of PrivyID’s ways to ensure the confidentiality of its users’ data was forcing its users to set strong passwords.

“People have to make a habit of using a strong password, with uppercase and lowercase characters and symbols,” he said.

He also emphasized the common advice not to use the same password for multiple online accounts, as this could put all accounts at risk if one of them is compromised.

Wahyu said that users also had to be careful when using and accessing their online accounts through public Wi-Fi networks, as the information sent through public Wi-Fi networks could also be accessed by other people connected to the same network.

Users also had to be selective when installing apps on their mobile devices, such as smartphones, he said.

“[The apps we install] can sometimes ask for permission to our data and we simply allow it without any consideration,” he said, adding that users also had to check permission requests from the apps to prevent them from gaining permission to sensitive data, such as contacts and images.

He said users needed to be careful when clicking on any suspicious links, so that they were not at risk of sharing any unwanted personal data. “When we receive any link from a message, we sometimes just click on it,” he said.

Khrisna said opening an email or receiving a phone call and a suspicious offer could also put a fintech user at risk of fraud.

“Be careful when you receive emails, any phone calls or any offers from unknown people,” Khrisna warned, adding that if users were contacted by any company about matters related to their accounts, they should make sure that the sender was legitimate. (mfp)