Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Protecting Data Privacy
1. Protecting Data Privacy:
Perlindungan Data Pribadi Pengguna Sistem
Elektronik
RUDI LUMANTO
-ID-SIRTII-
10 October 2012
Indonesia Information Security Forum (IISF 2012)
Hotel Hilton, Bandung, Indonesia
4. Defining Privacy
According to Ruth Gavison (Law and Human Right
Professor), there are three elements in privacy: secrecy,
anonymity and solitude. It is a state which can be lost,
whether through the choice of the person in that state or
through the action of another person
The Calcutta Committee in the United Kingdom said that,
"nowhere have we found a wholly satisfactory statutory
definition of privacy." But the committee was satisfied that it
would be possible to define it legally and adopted this
definition in its first report on privacy:
The right of the individual to be protected against intrusion
into his personal life or affairs, or those of his family, by
direct physical means or by publication of information
5. Data Privacy : what is to be protect ?
What is actually personal data? personal data means any information
concerning commercial transactions stored or recorded and which can
be managed automatically or as a file system (Under Section 4 of the
PDPA Malaysia)
Generally, personal data has a very wide scope, covering sensitive and
personal information such as blood type, health records and descriptions,
political and religious beliefs, mental or physical conditions, or any other
data needed by the authority from time to time.
Normal personal data also involves details on bank accounts, credit cards,
telecommunication links like telephone or any other information
stipulated by the minister under the PDPA from time to time.
When you purchase an item online :
◦ your credit card data is online as well.
◦ Your banking activities precipitate the storage, retrieval as well as the
movement of your credit and debit records
Reff : Protecting your personal data By DATUK SERI DR RAIS YATIM
6. What is to be mentioned ?
on the rights and liabilities pertaining to
information;
protection of information from unlawful
use;
the right to information;
the status of information belonging to
individuals and
the overall issues pertaining to the future
of online trade and commerce using other
people’s data.
Reff : Protecting your personal data By DATUK SERI DR RAIS YATIM
7. How to protect ?
Organizationally
Tecnologically : Encryption, PKI, e-ID etc
Legally
Socially : mindset and habit
◦ Kompetisi Cyber Jawara (ID-SIRTII)
◦ Amazing drill test
◦ Forensic dan anti forensic
◦ Seminar Indonesia cyber army – Aptikom
◦ dll
8. Lesson Learned from Malaysia
The Personal Data Protection Act 2010 (PDPA) is one of the cyber
legislations aimed at regulating the processing of personal data in
commercial transactions.
The Act was passed by Parliament in May 2010 and the Personal
Data Protection Department was created a year later
While the PDPA functions in the commercial environment, abuse
of telephony communication networks or other channels through
violations of personal data are also closely associated with the
Communications and Multimedia Act (CMA) 1998.
For example, a person who intentionally infiltrates and gets
without permission any information, including data through
telephony or other means of communications under S.234 of the
CMA, can be jailed up to one year or fined up to RM50,000 or
both, if convicted.
Reff : Protecting your personal data By DATUK SERI DR RAIS YATIM
9. Cyber threat to data privacy
Low of security awareness of internet
users (non obscurity model)
Vulnerabilties
Social engineering
So many free tools and techniques for
retrieving information (search engines,
crawling techniques etc)
Malware
E-KTP 180 juta an data penduduk !!!
10. SOCIAL ENGINEERING
the strength of a chain depends
on the weakest link
The art of manipulating people into
performing actions or divulging
confidential information.
Exploiting Human Vulnerabilities.
A non-technical kind of intrusion that
relies heavily on human interaction
11. Malware threats
• Symantec blocked a total of over 5.5 billion malware
attacks in 2011, an 81% increase over 2010.
• Web based attacks increased by 36% with over 4,500 new
attacks each day.
• 403 million new variants of malware were created in 2011,
a 41% increase of 2010.
• 39% of malware attacks via email used a link to a web
page.
Reff: norton symanted security threat report 2011
13. Indonesia Internet Profile
YEAR INTERNET USER
2000 2 Million
2006 20 Million
2007 25 Million
2008 31 Million
2009 40.4 Million
2010 48,7 Million
2011 55 Million
Source : IDC, PT Telkom, Nokia Siemens Network.
User growth within 10 years, 2600 % increase !!!
14. Indonesia Internet Profile :
the Value is Increase !!
The value of trade transactions conducted via the
Internet or online this year(2011) is estimated to
reach U.S. $ 4.1 billion, growing at about 20.5% of
the value of online transactions in the last year.
Indonesian People communicate differently today, people do
transaction and trade differently today, and it drives today's threats
and crime !!
18. SAMPLE BIG CASE
(2012) Aneka Tambang (ANTAM) Tbk data
leak. PT ANTAM (Persero) Tbk. Antam is a
vertically integrated, export-oriented,
diversified mining and metals company. Land
mines data leak caused by internal employee
(2012) Telco Operator customer data leak,
hundreds of customer email id and passwd
leaks, caused by external intrusion.
(2011) 25 million customer data leak from
Telco Operator that cause many spam emails
19. Thank you Contact ID-SIRTII :
http://www.id-sirtii.or.id
email : info@id-sirtii.or.id
TEL : 021-319305556