<![CDATA[The increasingly widespread problem of personal data leakage in Indonesia has become a concern for many parties, considering that protecting personal data is one of the human rights that must be protected. One sector that is vulnerable to being targeted by hackers is the financial technology sector or often called fintech. In 2020, a cyber attack occurred which caused a fintech platform called Cermati to experience a data leak which resulted in the leaking of 2.9 million users' data. This of course raises questions about how accountable the organizers are for this event. For this problem, the author will analyze in more depth using normative juridical methods regarding the form of accountability for the Cermati organizing body. The research results show that in fact Law Number 19 of 2016 concerning Electronic Information and Transactions, Law Number 27 of 2022 concerning Personal Data Protection, Law Number 4 of 2023 concerning Development and Strengthening of the Financial Sector, and Financial Services Authority Regulation Number 10/POJK.05/ 2022 of 2022 concerning Information Technology-Based Joint Funding Services has provided an accountability mechanism for personal data controllers, namely PT. Dwi Cermat Indonesia, where customers who experience losses can file civil lawsuits for material and non-material losses, as well as apply for administrative sanctions to PT. Dwi Cermat Indonesia due to the lack of complete and in-depth notification regarding the leak case that occurred. Apart from that, there needs to be direct education by other fintech organizing bodies to customers to prevent personal data leaks.]]>
