JAKARTA: Data operators could face up to five years in jail and a maximum fine of 5 billion rupiah (US$337,000) for leaking or misusing private information, according to Indonesia’s new data privacy bill set to be passed by parliament this week.

Institutions may collect personal information for a specific purpose but must erase the record once that purpose has been met, according to a copy of the draft law obtained by Bloomberg. Relevant parties have two years to comply with the rules once it becomes law.