News Focus

PDP Bill ratification urged amid rising reports of data breach

PDP Bill ratification urged amid rising reports of data breach

A security officer stands on guard in front of the headquarters of the National Cyber and Encryption Agency in Depok City, West Java Province, on Tuesday (September 13, 2022). (ANTARA PHOTO/Asprilla Dwi Adha/wsj/uyu)

Yogyakarta (ANTARA) - Alleged personal data leakages have been reported more frequently in Indonesia recently, prompting President Joko Widodo (Jokowi) to issue directives to address the issue immediately.

At a meeting with several ministers at the Merdeka Palace here on Monday (September 12, 2022), he urged relevant ministries and institutions to coordinate and further investigate the alleged breach of personal data, including the letters addressed to the president.

The step was deemed crucial to maintain public trust since the community was concerned about reports on alleged data breach, as several public activities required them to provide personal data through digital applications.

For instance, the people’s identity card number (NIK) is no longer a private property, as the data is often required for the registration process in various online apps.

In addition, various transactions need NIKs, for instance, if people are looking to buy train tickets, they must then provide their NIKs as one of the requirements.

Personal data is also requested to enjoy banking services, buy a Subscriber Identification Module (SIM) card, get vaccinated, as well as purchase subsidized fuel.

Moreover, Indonesia is entering the era of digitization, as currently almost every service is conducted online, which increases the utilization of personal data for digital applications.

However, regardless of whether they like it or not, people still have to follow the rules because if they refuse to give personal information, it will be difficult for them to access the services -- although the people are in fact concerned about their data being misused.

One of the examples of simple personal data breach that often occurs in everyday life of the community is the leak of mobile phone numbers.

People often receive messages on their cell phone that usually contain product promotions or scams without knowing who the senders are.

It is still unclear how the senders obtain data on the cell phone numbers.

Recently, several reports surfaced of a larger data leak. In August 2022, it was alleged that the identification numbers, names, addresses, as well as electricity consumption records of 17 million customers of state-run electricity providers PT PLN (Persero) were leaked.

Furthermore, the data of 26 million customers of IndiHome -- home telephone, internet, and digital televisions services of state-owned telecommunications enterprise PT Telekomunikasi Indonesia Tbk (Telkom Indonesia) -- were reported to be breached.

The leaked data included customers' names, emails, NIKs, and internet usage histories.

The data of 1.3 billion SIM card users, comprising NIK, family card numbers, addresses, and mobile phone numbers, were also allegedly leaked.

In early September of 2022, the data of 105 million people was allegedly breached from the database of the General Elections Commission (KPU). The leaked data comprised the voters’ NIKs, names, addresses, dates of birth, and polling places.

According to the Global Data Breach Stats released by Surfshark, a virtual private network (VPN) service company located in the Netherlands, Indonesia ranked third -- behind Russia and France -- as the country most affected by data breaches in the third quarter of 2022.

During the period, 12.7 million breached accounts in Indonesia were reported.

Related news: Government establishes task force for data security protection: Mahfud
Related news: Presidential secretariat clarifies no presidential data leak occurred



Urgency of PDP Bill ratification

The reports on allegedly data leakage are indeed quite a cause for concern since most of the Indonesians receive electricity through PT PLN, use SIM cards, and are registered in KPU’s database.

Hence, the government should immediately move to address the problem.

One of the strategies adopted by the government was establishing a data protection task force to safeguard data of the public and state, Coordinating Minister for Political, Legal, and Security Affairs Mahfud MD announced at a press conference here on Wednesday (September 14, 2022).

Establishment of the task force was discussed with Communication and Informatics Minister Johnny G. Plate, Head of the State Intelligence Agency (BIN) Budi Gunawan, Head of the National Cyber and Encryption Agency (BSSN) Hinsa Siburian, as well as Chief of National Police General Listyo Sigit Prabowo, he remarked.

Meanwhile, regarding data leakage that increasingly occurred in Indonesia lately, he said that the police and BIN were able to identify "Bjorka," a hacker, who reportedly leaked the data of several Indonesian government websites.

However, will the formation of the task force be sufficient to overcome the issue, especially without the implementation of adequate law?

Hence, it becomes increasingly urgent to ratify the Personal Data Protection (PDP) Bill to anticipate data leakage in the future and gain the trust of the people that their data will always be well-protected.

Earlier, after being discussed in six sitting periods by Commission I of the Indonesian House of Representatives (DPR RI) and Communication and Informatics Ministry, the bill was finally approved on Wednesday (September 9, 2022) to undergo the second level of discussion at the plenary session of the House.

Head of Commission I of DPR RI Meutya Hafid expects the PDP Bill to be ratified into law in September 2022 at the latest.

Currently, there are 32 laws that maintain the implementation of protection on personal data.

Hence, the ratification of the PDP Bill is expected to integrate all existing as well as additional regulations into one law.

Ratification of the bill is also expected to increase public awareness on personal data protection as well as encourage business actors and service providers to become more responsible in safeguarding the confidentiality of their customers’ data on account of several allegations of the misuse of customers’ personal data by e-commerce platform providers.

Hence, when the PDP Bill is approved to become the PDP Law, it is hoped to offer a new and better legal umbrella to protect the digital space, so as to ensure the people that their personal data is safe and will not be misused by anyone.

Related news: BIN, Police already identified hacker of some government sites
Related news: Data hack case: BSSN probing background of hacker
 

Comments