<![CDATA[Despite the constitutional mandate of the Indonesian state of law and the strict requirement for bank secrecy under Law No. 10 of 1998, a significant legal paradox has emerged as highlighted by the Surabaya District Court Decision Number 615/Pdt.G/2023/PN Sby, where banking personnel leaked sensitive customer information—including names, addresses, and customer information file (CIF) numbers—into a public messaging group. This institutional failure reveals a critical disregard for the principle of prudence and exposes a substantial legal vacuum concerning the formulation of comprehensive civil liability for banking institutions to restore the material and immaterial losses suffered by victims of personal data breaches. This study uses a normative legal research method that focuses on the study of legal documents to find the truth of the coherence between legal norms and the legal reality related to personal data protection. The results of the study indicate the need for new legal formulations through changements to the Banking Law that include a special civil law regime to bridge the gap between substantive law and conventional formal law. In addition, it was found that there is an urgent need to strengthen the judicial and evidentiary processes through amendments to the Banking Law for banking institutions regarding data leaks committed by internal employees in order to provide fair compensation for customers and the continuity of banking law in Indonesia.]]>
Copyrights © 2026
