Technological advances have been able to give birth to services that facilitate daily activities such as the presence of internet banking services. However, there are still many problems related to the unprotection of customer personal data. The formulation of the problem from this study is how to legally protect the security of customer personal data by banks in internet banking services and how bank accountability in terms of personal data belonging to customers is not protected due to the use of internet banking services. The research method used in this thesis research is a normative type of legal research with a type of statutory and conceptual approach. The data sources used are prime, secondary, and tertiary data sources. The collection of legal materials is carried out through a library study. The results showed that the form of preventive legal protection was carried out by providing socialization through the platform to inform about the protection of customer personal data and the applicability of the ITE Law and the Telecommunications Law which provides a protection to prevent disputes against customers. The form of repressive legal protection is carried out through the existence of the Consumer Protection Law which is the basis for the fulfilment of consumption rights. The form of bank liability to customers in the event of a data leak is that the bank will provide compensation if it is proven that it is true that the data leak is not caused by the customer's negligence or mistake.