Bawaslu Header

Cyber Security in Indonesia Post Establishment of The Personal Data Protection Law

--

Farah Diba Tanzilla, Margaretha Hanita, Bondan Widiawan

National Resilience Study, SKSG, University of Indonesia, Jakarta, Indonesia Salemba Raya street no. 4, Jakarta, Indonesia 10430 Corresponding author: [email protected]

Abstract – Cyber Security plays an important role in a country’s national cyber security and defense efforts. With strong cyber security, Indonesia will be able to handle cybercrime problems and be able to survive potential cyber threats in the future which are increasingly diverse in form and mode. Protecting personal data is part of efforts to safeguard the cyber domain which has become a new commodity in the current technological era. The Indonesian government has just passed the Personal Data Protection Law at the end of 2022 which requires a two-year socialization and transition period until the end of 2024. During the socialization period, This law found that personal data leaks in Indonesia are increasing, which is important for further research. Therefore this study will aim to obtain an overview of the condition of cyber security in Indonesia, especially after the passage of the Personal Data Protection Law, find the core problem of the issue of data leakage, and outline suggestions that can be made by the Indonesian government as a form of support for efforts to strengthen cybersecurity in Indonesia. 

This research uses a qualitative analytical descriptive approach, data was collected through literature study and interviews as primary data sources. From this research, it was found that Indonesia is still in a precarious state of cybersecurity, where cyber threat issues still occur, including personal data leaks. Four factors cause the problem of data leakage as well as a perspective in suggestions for solving problems in cyber security in Indonesia, namely Policies, Procedures, Equipment, and People.

Keywords – Cyber Security, Personal Data Protection, Personal Data Leakage.

 

I. INTRODUCTION

In general, based on Law Number 27 of 2022 concerning the Protection of Personal Data, it is stated that ”Protection of personal data is one of the contents of human rights which is part of personal self-protection, therefore a legal basis is needed to provide security for personal data based on The 1945 Constitution of the Republic of Indonesia”. Personal data protection aims to guarantee citizens’ rights to personal protection as well as to raise public awareness and guarantee recognition and respect for the importance of protecting personal data itself. The Personal Data Protection Act includes 76 articles that should guarantee data subjects the security of their data from parties who can access and use the data outside their control or illegally [1].

In Chapter 1 Article 1 of Law Number 27 of 2022 concerning the Protection of Personal Data, it is defined that personal data is data from a person or individual that can be identified independently or combined with other information that directly or indirectly goes through systems, both electronic and non-electronic. Information can be defined as ideas, statements, messages, data, facts, and explanations that can be processed by sight, and hearing, and presented in a format adapted to the development of information and communication technology. While the definition of personal data protection, is all efforts to protect personal data in a series of personal data processes, to guarantee the constitutional rights of personal data subjects. The subject of personal data is a person or individual whose personal data is attached to it, it is also defined that everyone is an individual or a corporation. In Article 2 it is explained that this law applies to everyone, public bodies and international organizations that carry out legal actions and are covered by the requirements: 1) are within the jurisdiction of the Republic of Indonesia, 2) are outside the jurisdiction of the Republic of Indonesia but has legal consequences in the jurisdiction of the Republic of Indonesia, 3) the subject of personal data of Indonesian citizens is outside the jurisdiction of the Republic of

Indonesia. It is emphasized that this law cannot be enforced in the processing of personal data by individuals in personal or household activities [1].

The digital revolution creates innovation and the ability to obtain, store, transmit, and manipulate data in real-time, complex, extensive, and even undetectable. The digital revolution is said to be synonymous with the data revolution because the digital revolution has resulted in the phenomenon of massive data collection without considering what type of data will be useful in the future. Therefore, various parties compete to collect almost all the data that can be obtained, both the government and the private sector compete to increase the capacity of data storage systems and do very little to delete data. Data managers are aware that data now has value and is a tangible and usable asset. This increases the need for personal data protection for data subjects or the public who own personal data [2].

Proper cyber-security requires preparation and strategic steps to run quickly and on target. Reflecting on countries that have had legal regulations in the form of personal data protection laws even decades ago, but until now they are still trying to strengthen the resilience of their cyberspace. Indonesia is now in a better phase and position compared to previous years in the field of cyber-security. In 2017 Indonesia was ranked 70th in the Global Security Index (GCI), increased in 2018 to rank 41, and ranked 24th in 2020 out of 194 countries in the world [3]. However, this title is not a guarantee of cyber security and resilience and Indonesia should continue to strive to strengthen its national cyber defense as well as be prepared for the potential for non- traditional crimes in the cyber sphere, which are now increasingly in various forms, especially those related to personal data protection.

II. RESEARCH METHODOLOGY

This research was conducted using descriptive-analytical methods and a qualitative approach. Data was collected through literature study and interviews by researchers directly with several sources who are experts and observers in the field of cyber security and cyber security in Indonesia. In the research process, researchers collected data on cases of cybercrime in Indonesia, especially on the issue of leakage of personal data from 2020-2023, cases that occurred before the enactment of the Personal Data Protection Law until after it was enacted and during the socialization period of the law. new law. The large number of cases of personal data leakage in Indonesia after the enactment of the Personal Data Protection Law deserves more attention, especially because until 2024 there will be a transition and socialization period which will become a benchmark for cyber defense preparations after the socialization period.

Tag
Share
Berita Terkini
Berita Terpopuler
Berita Pilihan