Indonesia to Pass New Law in Response to Data Breaches

September 15, 2022 | 4 minutes read
Indonesia to Pass New Law in Response to Data Breaches

As data breaches and cybercrimes continue to become daily occurrences around the world due to the unregulated nature of the internet, many governments are looking for new ways to protect the personal data and privacy of their respective citizens. To this point, legislators within Indonesia have announced that they are in the process of enacting a new data protection law known as the Personal Data Protection Bill that would impose significant civil and criminal penalties against businesses and organizations should they infringe upon the privacy rights of the nation’s millions of residents. Likewise, Indonesia will become the fifth Southeast Asian country to pass a comprehensive data privacy law in the past decade, joining the ranks of Thailand, the Philippines, Singapore, and Malaysia.

Moreover, the impetus for the enactment of the new data privacy legislation in the Republic of Indonesia is a sharp increase in data breaches that have taken place in the past few years. More specifically, “the country’s National Cyber and Encryption Agency said it’s investigating an alleged data leak of 105 million Indonesians. Earlier this month, authorities were investigating a data leak relating to mobile phone SIM cards that involved more than two million lines of data being released.” As a result of this alleged data breach, in addition to many others, regulators within Indonesia are facing mounting pressure to improve the cybersecurity infrastructure that currently exists within the country.

What are the proposed provisions of Indonesia’s new privacy law?

While Indonesia’s Personal Data Protection Bill is still a draft bill that must be officially ratified into law, the proposed provisions of the law are in line with other data privacy legislation that has been enacted around the region of Southeast Asia in recent years. Subsequently, the provisions of the law would require businesses to obtain consent from data subjects prior to collecting their personal information, and would also mandate that said businesses delete the personal data of their customers after the specified purpose for which such information has been collected is complete. Moreover, the law would also require that businesses take certain steps to ensure that the personal data of their customers remain protected at all times, including technical safeguards and measures, among other things.

Indonesia’s growing economy

On top of the threat that data breaches have been posing to consumers within Indonesia, another leading factor that has influenced the passing of newfound data protection legislation is the projected growth of the Indonesian economy in the next five years. In a report released by “Alphabet Inc.’s Google, Singapore’s Temasek Holdings Pte. and global business consultants Bain & Co.”, the nation’s digital economy is expected to balloon to $146 billion by as early as 2025. For this reason, the Personal Data Protection Bill will also serve to facilitate the growth of Indonesia’s digital economy, as effective and efficient cybersecurity measures are needed to give businesses the assurance that they will be able to operate without issue when engaging in commerce with the country’s citizens.

What are the penalties for violating the law?

As it concerns the regulation and enforcement of Indonesia’s Personal Data Protection Bill, businesses that fail to comply with the proposed provisions may be subject to steep penalties. To illustrate this point further, a copy of the draft law that has been obtained by Bloomberg News has confirmed that “Leaking or misusing private information may cause data operators up to five years in jail and a maximum fine of 5 billion rupiah ($337,000).” This is in addition to any further fines or penalties that may be implemented at a later date, as the Indonesian government will also be establishing an independent regulatory body that will be responsible for administering the sections of the law.

From social media platforms to financial account details, there are a number of different means by which consumers in our current marketplace share their personal information with businesses and organizations. As a result of these new channels of business and communication, governments must implement protocols that can be used to guarantee that interactions between businesses and consumers run smoothly, as any discrepancies or issues, including but not limited to data breaches, that may arise during such transactions can result in disastrous consequences for all parties involved. With all this being said, Indonesia’s Personal Data Protection Bill stands to completely alter the ways in which citizens of the country can secure the information they disclose to businesses and organizations on a global scale.

Related Reads

Blurring Faces from Videos and The Truth About Body-Worn Camera Privacy
September 06, 2023 | 4 minutes read
Blurring Faces from Videos and The Truth About Body-Worn Camera Privacy

Body-worn cameras are an essential piece of equipment for law enforcement officers and the redaction of faces from BWC footage is necessary to protect the privacy of individuals.

Learn More »
Sensitive Information, Protected: Patient Privacy, HIPAA, And You
August 30, 2023 | 4 minutes read
Sensitive Information, Protected: Patient Privacy, HIPAA, And You

HIPAA compliance ensures patient privacy. Often making the consequences of non-compliance severe, so how do you avoid that?

Learn More »
Protecting Privacy in the Healthcare Field: PII, PHI & PCI
July 12, 2023 | 5 minutes read
Protecting Privacy in the Healthcare Field: PII, PHI & PCI

Healthcare professionals handle a wide range of sensitive data that is crucial for delivering quality care. But protecting that data is getting harder.

Learn More »
FISA Section 702, Is The US Government Monitoring You?
June 26, 2023 | 6 minutes read
FISA Section 702, Is The US Government Monitoring You?

Is there a give-and-take relationship that must be accepted when it comes to keeping the country safe? Should U.S. persons be okay with the incidental collection of their conversations in the name of national security under FISA Section 702? Even when it violates their constitutional rights? Well, that’s up to Congress to decide.

Learn More »
The Gap You Won’t Want to Close: Air-Gapped Systems
June 05, 2023 | 6 minutes read
The Gap You Won’t Want to Close: Air-Gapped Systems

An air-gapped system is a computer, or network that is physically isolated from any external connections and networks which includes the Internet. It operates in total isolation with neither wired nor wireless connections to other devices.

Learn More »
Using Redaction for Privacy Maintenance as An Investigator
May 31, 2023 | 5 minutes read
Using Redaction for Privacy Maintenance as An Investigator

These oaths emphasize upholding the law, serving the public, and protecting the rights of individuals. One of these many rights is privacy. An investigator must adhere to the legal and ethical guidelines within the jurisdiction and perform their investigation within those specifically set boundaries.

Learn More »