I’m a big believer in small steps. Making progress every day, even just a bit, keeps me going.

Right now, that means immersing myself in my future project for KIPP: ‘Data Security for State Institutions in Indonesia.’ Still, I’m grappling with exactly which aspect of data management I should focus on.

The backbone of my research is the Personal Data Protection Law (UU No. 27 Tahun 2022), which outlines several key security standards for managing personal data. Among these are:

1. Data Protection Impact Assessments – Requires data controllers to conduct risk assessments for large-scale data processing, automated decision-making, new technology, and any processing that restricts data subjects’ rights.
2. Operational Security Measures – Data controllers must ensure data protection through suitable technical measures and security levels aligned with the data’s risk level.
3. Monitoring and Unauthorized Access Prevention – Data controllers should safeguard data confidentiality, oversee third-party involvement, and maintain a robust security system.
4. Purpose-Limited Processing – Ensures data is processed accurately and responsibly to protect the rights of data subjects.
5. Transparency and Accountability – Guarantees open processing practices, provides data access to subjects, and clearly communicates processes in an accessible manner.

For my project, I’m zeroing in on points 2 and 3. I think my ‘future expertise’ could help organizations create a framework for data management practices by Payment Service Providers (we called is as PJP) in Indonesia. Plus, it would establish protocols for monitoring and preventing unauthorized access to meet PDP Law requirements.

Explaining the benchmarking research on BoE: To deepen my understanding, I’ve done some initial benchmarking on data privacy and security management with central banks, specifically the Bank of England, which has been my host during my time here. In the UK, the Information Commissioner’s Office (ICO) oversees Payment Service Providers, similar to how data privacy is regulated by Indonesia’s Ministry of Communication. However, considering recent data breaches back home, it’s clear we have some catching up to do.

Back to the topic! When it comes to PSP oversight and data security standards, BoE has laid out several significant steps:

1. Outsourcing and Third-Party Risk Management [link]:
   • Data Protection in Outsourcing Agreements: Banks and PSPs must define, document, and understand their responsibilities related to data transfers.
   • Rights to Access, Audit, and Information: Banks have the right to access and audit third-party service providers, ensuring their adherence to data security standards.
   • Sub-outsourcing: Banks must ensure that any subcontractors also meet data protection standards.
2. Operational Resilience [link]: BoE emphasizes that PSPs should have resilient systems capable of withstanding disruptions, including personal data breaches.
3. Privacy Policy Commitments [link]: BoE is committed to protecting individual privacy, ensuring personal data processing aligns with established principles.

This benchmarking exercise will be instrumental in shaping my project. I’m likely to cover the following aspects:

• Security Standards Identification
• Framework Design
• Audit and Monitoring Procedures
• Best Practices in Technology and Procedures

I think these steps could serve as practical guidelines not only for the office but also for PJP data protection practices across Indonesia.

“It’s better to make a bit of progress each day than to let things pile up,” is a quote I’d probably coin if I were someone important. But, alas, I’m not (yet). Still, I’m no fan of last-minute rushes either! I’m all about installments, step by step. That brings me to my latest deep dive: data management.

This week, I managed to squeeze in a quick chat with one of my seniors at work, who’s practically a data management guru. “I’m planning to bring up data management as a topic; any insights? Especially for state institutions, and ideally with some added value for our office.” Given his packed schedule—working in a department that’s practically open 25 hours a day—he got right to the point: “Have you checked out the PDP Act? We’re starting to draft derivative regulations that apply to Payment Service Providers (PJP).”

So, I looked it up, and suddenly it all seemed familiar! The PDP Act incorporates sections ‘adopted’ from the GDPR, the data protection law used across the EU. Naturally, my thoughts shifted to my research focus: Could this be the core of my study? Data Management, specifically Data Security, for citizens whose personal data is registered with PJPs in Indonesia—now that could be something impactful.

Hours went by, and my senior hadn’t replied. Maybe it was the seven-hour time difference, or maybe he got pulled back into office chaos. Either way, I decided not to wait around and started diving into references on my own to get things moving.

It seems I’m steering toward “Development of a Data Security Framework for Payment Service Providers (PJP) in Indonesia based on the PDP Law.” In further stages, I’m thinking of exploring:

1. Identification of Security Standards
2. Framework Design
3. Audit and Monitoring Procedures
4. Review of Leading Technologies and Best Practices

I think this won’t just stop at meeting campus or office needs but could become a practical guide with concrete steps for PJPs across Indonesia. Here’s to making steady progress, one day at a time!

Honestly, I haven’t made much progress this week. With so many college assignment deadlines looming, it’s been a bit hectic! But hey, my commitment is to keep making progress every week, no matter what.

So, what’s on the agenda for the blog this week? No, I’m not talking about Liam Payne (again), but I have two topics that I hope won’t bore you:

1. Data Governance in Central Banks

To kick off my research, I need to dive into best practices from central banks around the world, especially when it comes to Data Governance. I found some interesting references [link] that explain how strategic data governance involves things like Data Catalogues, Data Warehouses, Data Virtualization, Data Marts, Data Lakes, and Data Lakehouses.

After reading up on this, I started exploring what my organization is doing in terms of data governance. I reached out to some senior colleagues and learned that we have a data factory (focused on content and use case/analytic apps) and data solution analytics, which includes a data lake, data virtualization, data catalog, data preparation, analytics tools, and visualization portals. From what I gathered, my organization is doing pretty well in its data governance efforts since we cover all the essential aspects. This might mean that my research topic should shift focus away from data governance and lean more into other areas of data management.

2. Research Method

During our last meeting, our lovely Prof. Cleire encouraged us to think about the research methods we might use. Honestly, I only know about qualitative and quantitative methods, but that doesn’t really cover it! ChatGPT has become my go-to buddy for this, and today we had a friendly debate about the best research method for my dissertation. It’s still early to make a final decision, but it never hurts to start brainstorming, right?

After our 15-minute discussion, I found two research approaches that caught my interest:

• Mixed Methods: This could allow me to combine both quantitative and qualitative research. For the quantitative part, I might benchmark against several related organizations. The qualitative side is where it gets tricky; I’d love to conduct in-depth interviews with professionals in the field of data management. The challenge? I’m not super active on LinkedIn, so my professional network is still pretty small. But I’m determined to make it happen—hopefully, some of the awesome professors at my campus can help me out!
• Case Study: I’m a bit unsure about this one because it feels somewhat similar to quantitative research. I would select several related organizations and conduct observations within them. Don’t worry, once I nail down my research topic, I’ll dive deeper into this method so it’s clearer.

So, what’s next for me? Definitely not sleeping—how dare you suggest that! It’s time to start thinking seriously because data management is a vast topic. I need to focus on specific aspects to explore, whether it’s about data storage, the use of digital signatures, data access, or something else entirely.

That’s it for now, folks! Let’s catch up next week, okay?

When I was little, I dreamed of becoming a dentist. A few years later, that dream shifted to becoming a singer. But finally, at the age of 26, God gave me the chance to become a central banker. Yes, not as an economist, but entrusted with a role in governance.

Over the past four years, I’ve experienced so many new things that I never imagined. One of them was being “hacked”—something I usually only hear about in mafia movies. Not at the level of Bong Joon Ho or Martin Scorsese, just your typical Indonesian director that I enjoy watching, haha. Back to the “hack” story: I clearly remember sitting in front of my laptop, doing my usual tasks, preparing documents for the Board Meeting, when suddenly my laptop froze. In about five minutes, all my Microsoft Word document formats had changed. Gone were the familiar “docx” or “pptx” extensions, replaced by five random letters filled with x, y, and z. I thought I was safe since I had backed everything up to my office OneDrive (thanks to automatic syncing). But, surprise! Everything on OneDrive was gone as if it had been swallowed by the earth.

You know what really annoyed me? I had completed four sets of meeting minutes that I hadn’t submitted to my supervisor for review yet. Did I have to start over? Absolutely. What made it challenging was that my notes were also gone. So where was I supposed to begin? Considering that during the Board Meeting, no voice or video recordings were allowed at all. At that moment, I was truly stressed. I wondered whose fault it was. Was it the IT department that failed to maintain our office’s security? Or was it Microsoft’s fault for being so easily hackable? Or was it my fault for trusting this tech stuff too much?

In the end, I started over from scratch with the help of my supervisor who was there with me… aka “what else could I do?”

Organizations that have migrated to cloud-based data storage and collaboration tools must reassess their information security strategies and may find that their on-premises security technologies cannot protect data stored in the cloud (Lang et al., 2023). I completely agree with this. However, it seems my organization has implemented some effective measures, as we haven’t experienced any ransomware attacks in the past three years (let’s hope it stays that way). One of the steps being implemented is the use of Multi-Factor Authentication (MFA) whenever employees log into their Microsoft 365 accounts. Unfortunately, some boomers still protest this, seeing it as just an added burden to their workload.

From what I’ve read, many cloud providers now support Data Loss Prevention (DLP) to classify and control various data, and they offer “always-on encryption” through Information Rights Management (IRM), which governs what authorized users can do and prevents all files from being stolen without a valid login. Vendors are currently developing sophisticated integrated approaches, called Extended Detection and Response (XDR).

Perhaps these reflections provide some context for why I chose data management as the topic for my KIPP project. I believe many organizations, especially in Indonesia, overlook the importance of data management, which is foundational to institutional governance. Recently, Indonesia was shocked by a ministry that failed to back up data containing personal information of its citizens. This question sparked my curiosity during our Future Governance class.

The “what-if” scenarios commonly used in fiction, particularly science fiction, serve as tools to explore new ideas while disregarding current realities (Dunne and Raby, 2023). This notion seems to fuel my desire to delve deeper into this topic. I hope that through my daily reflections on this blog, I can progressively share the research process regarding data management in organizations.

Alright, it’s time to scroll back through Twitter to find some more inspiration. Besides checking out the news about Liam Payne’s passing, I need a breather from Google Scholar, my bestie.

Reference:

Michael Lang, Lena Connolly, Paul Taylor, and Phillip J. Corner. 2023. The Evolving Menace of Ransomware: A Comparative Analysis of Pre-pandemic and Mid-pandemic Attacks. Digital Threats 4, 4, Article 52 (December 2023), 22 pages. https://doi.org/10.1145/3558006

DUNNE, A., & RABY, F. (2013). Speculative Everything: Design, Fiction, and Social Dreaming. The MIT Press. http://www.jstor.org/stable/j.ctt9qf7j7

“Hello darkness, my old friend.”

Disturbed recently re-released The Sound of Silence, and hearing it reminded me of the intensive two days I just had in the Future Governance course.

“Prof, I would like to ask… What if a country launched a program that seems obvious but ends up making the middle class suffer even more?”

This question popped into my head: what happens when policymakers make the wrong decisions?

Then came a discussion about Wicked Problems. It turns out, it’s not just personal matters that are complicated—wicked problems also affect entire countries. Often, we wonder, “How can the government make such a confusing program?” But after learning about wicked problems, I now try to see both sides without jumping to conclusions. The housing crisis, for example, is one wicked problem that urgently needs solving.

Rittel and Webber, in Dilemmas in a General Theory of Planning (1972), describe wicked problems as issues that create new problems when solutions are applied.

In this intensive week, we discussed housing issues in UK, which reminded me of Indonesia’s Tapera program. Tapera (People’s Housing Savings) requires participants to contribute savings that can later be used for housing. Given Indonesia’s low wages and corruption, many—including myself—are skeptical about this program. For the middle class, another cut to an already tight salary is hard to accept.

Rather than delve into Tapera itself, I want to highlight how it fits into the concept of wicked problems.

Why is this problem wicked?

• Many Stakeholders: Different groups have conflicting needs. Low-income workers want affordable housing, while developers focus on profits.
• Widespread Social and Economic Impacts: Housing inequality or program failures could worsen overall inequality.
• Limited Resources: Material and financial resources are scarce, and corruption and bureaucracy complicate things further.
• Long-term Uncertainty: Questions about Tapera’s sustainability persist, especially with potential political changes.
• Public Resistance: Many workers view Tapera as an additional burden, with no immediate benefits.

No public policy can satisfy everyone, but siloed data—policies that focus on narrow agendas without strong data—can lead to poor outcomes. For instance, this link illustrates how government programs can lack reason.

Hmmm.. earlier i said seeing from the two sides, right? i’m so sorry because i still processing the benefit aspect—which is nowhere to find (for now, i’m begging). Opening Indonesia’s open data site was another disappointment. Its inefficiency shows why governments need to embrace open data and open government. Wicked problems don’t have clear right or wrong solutions—only good or bad ones. Hopefully, future policies will be built on stronger data, so citizens can feel more confident and less skeptical.

Reference:

Horst and Webber, M.M. (1972). Dilemmas in a General Theory of Planning.

Starting the week with a reading list can be challenging for someone like me who doesn’t enjoy reading. But I’ve realized how interconnected everything is. Every morning, my phone is right there—whether I’m tweeting, scrolling Instagram, or replying to my boss. And guess what? It all shapes my political views and influences policy formation. Politics is no longer just about people in suits making decisions behind closed doors.

From “The Tools of Government in the Information Age”, we’re witnessing a transformation. And the punchline? It’s Us! Everyday citizens and netizens play a bigger role, whether inside or outside organizations.

The article explores the tools of government, focusing on the impact of the Information Age on conventional governance. Three conventional tools are explained: government tools as institutions, politics driving tool selection, and a generic catalog of tools. While Salomon argues that government tools are seen as organizations central to the new governance, these three classifications don’t cover all the possible ways of understanding state instrumentalities. Still, it explains its focus well. In the broader reading, I believe that future governance will be driven by three main factors:

1. Technology and Data: Both are seen as very essential tools, formulating more responsive and accurate policy. AI helps analyze economic trends in my workplace, showing how technology supports decision-making.
2. Policy: As IT becomes more integrated, policies must evolve. Governance should be evaluated at every stage. Data security, especially with rising ransomware attacks, is crucial.
3. Communication: Although not explicitly discussed, several parts of the article highlight the importance of public communication, especially in terms of openness and transparency. In Indonesia, “Netizens” play a big role in shaping policy, though the result isn’t always in their side. I think media will continue to shape public perceptions, and innovation in communication will be key.

These readings helped me understand key challenges for future governance:

1. IT tools in policy-making: Managing internal data within institutions remains a challenge despite IT’s importance.
2. Continuous evaluation: While ideal, it’s hard to implement with short decision-making deadlines. Older generations believed IT could solve everything, but that’s not always the case – “hyper-modernist”.
3. Business process: As IT supports the organization, it’s essential for the government to review business flow for better efficiency. This technology will decentralize power and control, especially in non-hierarchical societies.

The article gave a clear view of how technology fosters more responsive policies and offered additional insights: (i) Good leadership: Effective planning leads to better governance, improving productivity, and ensuring well-organized processes and (ii) Change management: Transitioning to IT requires effective change management to bridge generational gaps.

Although the articles aren’t recent, it provides a clear view of earlier hopes for governance in the digital age. Some scholars stated that IT changes the governance structure, but others believe that this is only a reflection of previous things without revolutionizing them. The world is evolving, though IT development in my country is still “stuck” in governance. I believe each region adapts differently, but governance is about “fairness”, thus every country should strive for the same progress.

Reading Source:

Hood, Christopher, The Tools of Government in the Information Age’, in Robert Goodin, Michael Moran, and Martin Rein (eds), The Oxford Handbook of Public Policy (2008; online edn, Oxford Academic, 2 Sept. 2009)

I’m Nadia, a girl from Indonesia, and this is my first time studying abroad for an extended period. With a background in industrial engineering, many people might wonder, “Why choose governance for my master’s and why the University of Edinburgh?” Well, this year marks my 4th year working at Bank Indonesia, and it’s my 3rd year in the Department of Strategic Management and Governance. Hopefully, that explains why I chose governance for my PGT. As for Edinburgh, it’s the only university offering courses on governance with a focus on the future and the digital age, which made it the perfect fit for me.

After just one week of studying Future Governance, I want to share three key takeaways. Oh, by the way, I’ll often use “3” in my writing because I come from a workplace culture that uses the “rule of three” to make explanations clearer and more efficient. So, here we go:

It’s Never Too Late to Learn Programming—

Honestly, even though I’ve never fully understood programming, the Insights Through Data (ITD) class is one I was really looking forward to! Before coming to Edinburgh, I took an R Programming course, but, yup—you guessed it—I forgot most of it. After two ITD sessions, I discovered that I wasn’t alone in starting from scratch. Many of my classmates, including some more experienced than me, were also struggling. It felt like learning to ride a bike for the first time, but it was so exciting! Thankfully, with the help of Kate (from Cultural Heritage) and Eric, I survived Pairing Week. So, how’s Nadia x Programming coming along? Stay tuned for updates in my next post!

 Love What You Don’t Love—

Who would have thought I’d be writing a blog? And yes, that means I have to start loving reading too! As someone who doesn’t naturally enjoy reading, being a master’s student has been quite the challenge. But, I’m grateful, because this has brought me closer to AI tools that are actually here to help. Special thanks to Jake for inspiring me with his experience on how to write a good blog, especially for someone like me, whose first language isn’t English. Using AI to improve my English has been a lifesaver! Also, a shoutout to Microsoft Word for its Dictation feature—it made me fall in love with typing. [Credit to Emma Radmilovic for introducing me to dictation, see her here]

As for reading, so far I’ve tackled six items from the reading list. To be honest, I don’t always fully understand them right away, but ChatGPT has been a huge help. Whenever I don’t get something, I just ask, and while I know it’s not as smart as my lecturers, it makes me feel less alone! It’s been a real comfort for someone studying far from home.

Over-glorifying and Early Judgments Are Bad Habits—

My first assignment here was to read an article titled The Tools of Government in the Information Age. It’s been stuck in my head like a catchy song. Not because I can’t move on from it, but because of one particular term that intrigued me: hyper-modernists. This word carries so much meaning. We live in an age where digital technology is expected to solve everything, yet there’s a generation gap that complicates things. Seniors often think, “Oh, this is easy, just use technology abcde (insert trendy tech here),” but it’s not always that simple! You can’t glorify technology without first understanding the entire business process. That said, during my second week, I started to rethink my stance. Is it possible that technology really can solve almost everything?

Two weeks isn’t enough time to answer all the questions buzzing in my mind. Through this blog’s weekly journal, I’ll continue exploring what I’ve learned here. Up next, we’ll dive deeper into hyper-modernists and the role of digital technology in my organization. Stay tuned!