Legal Protection Efforts for Customer Rights in Cases of Personal Data Breaches in Banking
DOI:
https://doi.org/10.37253/barjoules.v4i1.12406Keywords:
Legal Protection, Customer Rights, Data Breach, Banking, Personal Data ProtectionAbstract
In the rapidly evolving digital era, banking activities increasingly rely on electronic systems and online services. Behind this convenience lies a significant risk concerning the protection of customers’ personal data. This article examines the legal protection of customers’ rights in the event of personal data breaches by banking institutions. The study employs a mixed-method approach (normative and empirical). The normative approach involves analyzing relevant legal instruments such as Law Number 27 of 2022 on Personal Data Protection, Law Number 10 of 1998 on Banking, and regulations issued by the Financial Services Authority (OJK). The empirical aspect is supported by interviews with bank staff in the compliance and customer service divisions to understand how these regulations are applied in practice. The findings reveal that while the legal framework is relatively comprehensive, its implementation remains problematic. Issues include low legal literacy among customers, limited public outreach by banks, and technical constraints in countering the rapidly evolving cyber threats. Banks hold legal, ethical, and technical responsibilities to protect data and must provide compensation when negligence occurs. Dispute resolution mechanisms include internal complaints, mediation through OJK, or civil litigation. The study recommends the establishment of an independent supervisory body, the enhancement of public education on data rights, and the strengthening of internal bank security systems to ensure long-term customer data protection.
Downloads
References
Ahmad, F., Manurung, S. A., Silalahi, U., & Sudirman, L. (2025). The Urgency of Forming Legislation Regarding Online Loans in Indonesia: Legal Protection Solutions for the Community. Jurnal Pembaharuan Hukum, 12(1), 1–18. https://doi.org/10.26532/jph.v12i1.37895
Algamar, M. D., & Ismail, N. (2023). Data Subject Access Request: What Indonesia Can Learn adn Operationalise In 2024? Journal of Central Banking Law and Institutions, 2(3), 481–512. https://doi.org/10.21098/jcli.v2i3.171
Algamar, M. D., Munir, A. B., & Hendro, H. (2024). Managing Indonesian Data Breach Notification In The Financial Services Sector: A Case For One-Stop Notification Model. Journal of Central Banking Law and Institutions, 3(3), 547–584. https://doi.org/10.21098/jcli.v3i3.271
Alrawhani, E. M., Romli, A., & Al-Sharafi, M. A. (2025). Evaluating the role of protection motivation theory in information security policy compliance: Insights from the banking sector using PLS-SEM approach. Journal of Open Innovation: Technology, Market, and Complexity, 11(1), 100463. https://doi.org/10.1016/j.joitmc.2024.100463
Anbiya, Z. A. N., & Januarita, R. (2026). Tanggung Jawab Bank atas Investasi Ilegal Pegawai: Tinjauan UUPK dan GCG. Bandung Conference Series: Law Studies, 6(1). https://doi.org/10.29313/bcsls.v6i1.21897
Annafa, S. W., Simanjuntak, H. P. G. H., & Ananda, A. M. (2024). Tanggung Jawab Hukum Bank dalam Kasus Kebocoran Data Nasabah. Jurnal Multidisiplin Ilmu Akademik, 1(6), 129–135. https://doi.org/10.61722/jmia.v1i6.2885
Antony, A., Sandoval, E. B., & Louis, J. E. (2025). Legal Reform in Indonesia’s Response to the Digital Manipulation Era: A Responsive Legal Theory Approach. Trunojoyo Law Review, 8(1), 1–26. https://doi.org/10.21107/tlr.v8i1.30732
Antony, A., Sudirman, L., & Situmeang, A. (2026). Legal Research Methodology as a Critical Epistemological Framework for Legal Argumentation and Legal Development. Barelang Journal of Legal Studies, 4(1), 21–49. https://doi.org/10.37253/barjoules.v4i1.12379
Arbain, A., Fiancheto, D., Romadhon, R., & Sriadi, J. L. (2026). Personal Data Protection in the Banking Sector from the Perspective of Contextual Integrity: An Analysis on the Privacy Policies of State-Owned Banks. Jurnal Indonesia Sosial Sains, 7(4), 1269–1277. https://doi.org/10.59141/jiss.v7i4.2312
Ayunda, R., & Rusdianto, R. (2021). Perlindungan Data Nasabah Terkait Pemanfaatan Artificial Intelligence dalam Aktifitas Perbankan di Indonesia. Jurnal Komunikasi Hukum, 7(2), 663–677. https://doi.org/10.23887/jkh.v7i2.37995
Azza, A. A., & Taek, A. M. (2025). Batam City’s Competitive Position as an Investment Destination in the Southeast Asia Region in 2021-2022. Journal of World Trade Studies, 9(2), 15–28. https://doi.org/10.22146/jwts.v9i2.18357
Bodhi, S., & Tan, D. (2022). Keamanan data prıbadı dalam sıstem pembayaran e-wallet terhadap ancaman penıpuan dan pengelabuan (cybercrıme). UNES Law Review, 4(3), 297–308. https://doi.org/10.31933/unesrev.v4i3.236
Cele, N. N., & Kwenda, S. (2025). Do cybersecurity threats and risks have an impact on the adoption of digital banking? A systematic literature review. Journal of Financial Crime, 32(1), 31–48. https://doi.org/10.1108/JFC-10-2023-0263
Chairunnisa, S., Murwadji, T., & Harrieti, N. (2024). Perlindungan Hukum Terhadap Nasabah atas Kejahatan Phising dan Hacking pada Layanan Bank Digital Ditinjau Berdasarkan Hukum Positif Indonesia. HAKIM: Jurnal Ilmu Hukum dan Sosial, 2(1), 1–16. https://doi.org/10.51903/hakim.v2i1.1535
Delpiero, M., Reynaldi, F. A., Ningdiah, I. U., & Muthmainnah, N. (2021). Analisis Yuridis Kebijakan Privasi dan Pertanggungjawaban Online Marketplace Dalam Perlindungan Data Pribadi Pengguna Pada Kasus Kebocoran Data. Padjajaran Law Review, 9(1), 1–22.
Disemadi, H. S. (2022). Lenses of Legal Research: A Descriptive Essay on Legal Research Methodologies. Journal of Judicial Review, 24(2), 289. https://doi.org/10.37253/jjr.v24i2.7280
Fikri, M., & Rusdiana, S. (2023). Ruang Lıngkup Perlındungan Data Prıbadı: Kajıan Hukum Posıstıf Indonesıa. Ganesha Law Review, 5(1), 39–57. https://doi.org/10.23887/glr.v5i1.2237
Irmawati, E., Pieries, J., & Widiarty, W. S. (2024). Perlindungan Hukum Atas Data Pribadi Nasabah Bank Pengguna Mobile Banking dalam Perspektif Uu No 27 Tahun 2022 tentang Kebocoran Data. Jurnal Syntax Admiration, 5(1), 12–27. https://doi.org/10.46799/jsa.v5i1.964
Johri, A., & Kumar, S. (2023). Exploring Customer Awareness towards Their Cyber Security in the Kingdom of Saudi Arabia: A Study in the Era of Banking Digital Transformation. Human Behavior and Emerging Technologies, 2023, 1–10. https://doi.org/10.1155/2023/2103442
Judijanto, L., Solapari, N., & Putra, I. (2024). An Analysis of the Gap Between Data Protection Regulations and Privacy Rights Implementation in Indonesia. The Easta Journal Law and Human Rights, 3(01), 20–29. https://doi.org/10.58812/eslhr.v3i01.351
Katiandagho, V., Putong, D. D., & Melo, I. J. (2023). Undang Undang Perlindungan Data Pribadi Memperkuat Undang Undang Perbankan dalam Menjaga Rahasia Data Nasabah & untuk Melindungi Data Pribadi Masyarakat Indonesia. Jurnal Hukum to - ra, 9(1), 106–114. https://doi.org/10.55809/tora.v9i1.212
Kurniawan, D. A., Aliyah, R., & Rizqi, A. M. (2024). Tanggung Jawab Hukum Bank Digital terhadap Perlindungan Konsumen di Indonesia. JATIJAJAR LAW REVIEW, 3(2), 81. https://doi.org/10.26753/jlr.v3i2.1584
Kurniawan, K. D., Hehanussa, D. J. A., Setiawan, R., Susilowati, I., Sopian, S., & Helfisar, D. (2024). Criminal Sanctions and Personal Data Protection in Indonesia. Lex Publica, 11(2), 221–247. https://doi.org/10.58829/lp.11.2.2024.255
Manurung, S. A., Irawati, J., Sudirman, L., Agustianto, A., & Farahdina, F. (2025). Comparison of Agreement Law in Indonesia and Malaysia: Phenomenon of Standard Agreement Practices. SASI, 31(1), 60–69. https://doi.org/10.47268/sasi.v31i1.2683
Munawaroh, S., Mufidah, N. Z., Haryadi, W. T., & Tilman, A. M. (2025). The Urgency of Civil Code Reform That Is Responsive to the Needs of Modern Digital Business. Rechtidee, 20(2), 166–185. https://doi.org/10.21107/ri.v20i2.31551
Nagari, S. F., & Raharja, S. (2025). Cyber Security Awareness, Knowledge and Behavior of Digital Banking Users in Salatiga. Asia Pacific Fraud Journal, 10(1), 15–29. https://doi.org/10.21532/apfjournal.v10i1.398
Nasution, A. H. (2025). The Urgency of Customer Personal Data Protection in Digital Banking. Rechtsvinding, 3(1), 153–162. https://doi.org/10.59525/rechtsvinding.v3i1.814
Nurkholisah, S., Rismana, D., Nugroho, A. E., Munjiyah, A., & Ayunisa, Q. (2025). Deepfake Sebagai Bentuk Kejahatan Siber Baru: Tantangan Kriminalisasi Dalam Hukum Pidana Indonesia. JURNAL USM LAW REVIEW, 8(3), 2421–2445. https://doi.org/10.26623/julr.v8i3.13060
Purnama, T. D., & Alhakim, A. (2021). Pentingnya UU Perlindungan Data Pribadi sebagai Bentuk Perlindungan Hukum terhadap Privasi di Indonesia. Jurnal Komunitas Yustisa, 4(3), 1056–1064.
Putri, B. M. L., Rohaini, R., Nhung, P. H., & Putri, R. W. (2025). Analysis of Consumer Rights Protection Against the Misuse of Personal Data in Fintech Services. Lex Publica, 12(1), 32–62. https://doi.org/10.58829/lp.12.1.2025.286
Putri, D. D. F., & Fahrozi, M. H. (2021). Upaya Pencegahan Kebocoran Data Konsumen Melalui Pengesahan RUU Perlindungan Data Pribadi (Studi Kasus E-Commerce Bhinneka.Com). Borneo Law Review, 5(1), 46–68. https://doi.org/10.35334/bolrev.v5i1.2014
Putri, D. F., Andriani, A., Sari, W. R., & Nabbila, F. L. (2023). Analisis Perlindungan Nasabah Bsi Terhadap Kebocoran Data Dalam Menggunakan Digital Banking. Jurnal Ilmiah Ekonomi dan Manajemen, 1(4), 173–181. https://doi.org/10.61722/jiem.v1i4.331
Rahmawati, I. N., Ramadani, N., Heni, D. R., & Kevin, S. (2023). Pertanggung jawaban Pihak Bank terhadap Kebocoran Data Diri Nasabah. AUFKLARUNG : Jurnal Pendidikan, Sosial dan Humaniora, 3(2), 208–215.
Rosadi, S. D., Noviandika, A., Walters, R., & Aisy, F. R. (2023). Indonesia’s personal data protection bill, 2020: does it meet the needs of the new digital economy? International Review of Law, Computers & Technology, 37(1), 78–90. https://doi.org/10.1080/13600869.2022.2114660
Rumbruren, A., & Watofa, Y. (2025). Analysis of the Responsibilities of the Organizer of the Electronic System in Case of Data Breach. Awang Long Law Review, 7(2), 481–491. https://doi.org/10.56301/awl.v7i2.1549
Setiawan, H. B., & Najicha, F. U. (2022). Perlindungan Data Pribadi Warga Negara Indonesia Terkait Dengan Kebocoran Data. Jurnal Kewarganegaraan, 6(1), 976–982. https://doi.org/10.31316/jk.v6i1.2657
Shahrullah, R. S., Park, J., & Irwansyah, I. (2024). Examining Personal Data Protection Law of Indonesia and South Korea: The Privacy Rights Fulfilment. Hasanuddin Law Review, 10(1), 1–20. https://doi.org/10.20956/halrev.v10i1.5016
Silviani, N. Z., Shahrullah, R. S., Atmaja, V. R., & Hyun, P. J. (2023). Personal Data Protection in Private Sector Electronic Systems for Businesses: Indonesia vs. South Korea. Jurnal Hukum dan Peradilan, 12(3), 517. https://doi.org/10.25216/jhp.12.3.2023.517-546
Sriono, S., Risdalina, R., Kusno, K., M, I. K., & Syahyunan, H. (2024). Legal Protection for Digital Bank Customers in Indonesia: Analysis of Data Confidentiality Regulations and Bank Responsibility. LITIGASI, 25(2), 301–330. https://doi.org/10.23969/litigasi.v25i2.18538
Sudirman, L., Disemadi, H. S., & Jerryen, J. (2024). Bentuk Pengaturan Perbankan Digital di Negara Indonesia dan Singapura. Legal Spirit, 8(2), 325–340. https://doi.org/10.31328/ls.v8i2.5438
Sulistyandari, S., & Sutrisno, P. A. (2023). Legal Aspects and Role of Ojk In Bank Digital by Digital Banking Services During Post-Covid 19 Pandemic in Indonesia. Journal of Law and Sustainable Development, 11(12), e2364. https://doi.org/10.55908/sdgs.v11i12.2364
Tan, D. (2021). Metode Penelitian Hukum: Mengupas Dan Mengulas Metodologi Dalam Menyelenggarakan Penelitian Hukum. Nusantara: Jurnal Ilmu Pengetahuan Sosial, 8(8), 2463–2478. http://jurnal.um-tapsel.ac.id/index.php/nusantara/article/view/5601/3191
Waliullah, M., George, M. Z. H., Hasan, M. T., Alam, M. K., Munira, M. S. K., & Siddiqui, N. A. (2025). Assessing the Influence of Cybersecurity Threats and Risks on the Adoption and Growth of Digital Banking: A Systematic Literature Review. American Journal of Advanced Technology and Engineering Solutions, 01(01), 226–257. https://doi.org/10.63125/fh49az18
Wang, S., Asif, M., Shahzad, M. F., & Ashfaq, M. (2024). Data privacy and cybersecurity challenges in the digital transformation of the banking sector. Computers & Security, 147, 104051. https://doi.org/10.1016/j.cose.2024.104051
Weley, N. C., & Disemadi, H. S. (2022). Implikasi Hukum Pemasangan CCTV di Tempat Umum secara Tersembunyi terhadap Perlindungan Data Pribadi. Amnesti : Jurnal Hukum, 4(2), 79–93. https://doi.org/10.37729/amnesti.v4i2.2151
Wibowo, A., Alawiyah, W., & Azriadi. (2024). The importance of personal data protection in Indonesia’s economic development. Cogent Social Sciences, 10(1), 2306751. https://doi.org/10.1080/23311886.2024.2306751
Widiatedja, I. G. N. P., & Mishra, N. (2023). Establishing an independent data protection authority in Indonesia: a future–forward perspective. International Review of Law, Computers & Technology, 37(3), 252–273. https://doi.org/10.1080/13600869.2022.2155793
Widjaja, G. (2026). The Legal Implications of Personal Data Protection For Electronic Contracts From The Perspective of Indonesia Civil Law. International Journal of Social and Education (INJOSEDU), 3(1), 125–138. https://doi.org/10.5281/zenodo.19533508
Yuspin, W., Putri, A. O., Fauzie, A., & Pitaksantayothin, J. (2024). Digital Banking Security: Internet Phishing Attacks, Analysis and Prevention of Fraudulent Activities. International Journal of Safety and Security Engineering, 14(6), 1699–1706. https://doi.org/10.18280/ijsse.140605
Yuspin, W., Wardiono, K., Nurrahman, A., & Budiono, A. (2023). Personal Data Protection Law in Digital Banking Governance in Indonesia. Studia Iuridica Lublinensia, 32(1), 99–130. https://doi.org/10.17951/sil.2023.32.1.99-130
