The Bjorka case and the enactment of Indonesia’s Personal Data Protection Law

“Data is the new oil.” This phrase implies that in today’s digital world, data is a very valuable asset for those who can make use of it. The Bjorka case, which was followed by the enactment of Indonesia’s Personal Data Protection Law (PDP law), is a prime example of why the phrase rings true.

Recently, the news of a hacker under the alias “Bjorka” stunned the Indonesian public. He claimed to have hacked into the data of various, prominent Indonesian figures and organizations, including President Joko Widodo, the Ministry of Communication and Information, and even the National Intelligence Agency (BIN). However, the parties involved have denied these claims.

This major event can mean several things. The first is that data has transformed into a valuable commodity. The second is that there is still ample room for improvement when it comes to Indonesia’s data security system. Third, there is an urgent need for a legal framework that can safeguard personal data.

The benefits of data for business

In principle, there are two types of personal data: (1) general data, such as names, dates of birth, and places of residence, and; (2) specific data, such as finances, health, criminal records, and so on.

Like oil, data is not inherently or immediately useful. To be useful, data needs to be processed and extracted appropriately.

Processed data becomes a fundamental element that supports various businesses. For instance, the collection of large datasets, or what is often called big data, is very useful in the marketing field of a company’s business.

Here are some of the benefits of processed data for companies:
– It is an essential element for a business to connect with its users
– It can be an effective tool to understand market demand
– It can pose as an element that can help determine company policies
– It is correlated with the effectiveness and efficiency of the company’s budget
– It can be used as a reference to minimize the risk of loss
– It can play a role in business innovation

Protecting personal data

The protection of personal data can be a major paradox, as several entities fight to dig up the personal data of various parties through different techniques, while many data owners are unaware of the “worth” of their own data. In such circumstances, there are still numerous parties that are willing to supply data to other parties.

In fact, in addition to being exploited by a variety of commercial interests, leaked personal data has the potential to create financial and non-financial damages to data owners when misused by irresponsible individuals. The most frequent kind of abuse of personal data is fraud.

According to a Kompas article, in a poll performed at the end of January 2022 with 1,014 respondents spanned over 34 provinces in Indonesia, 59% had never examined the data security policies in the digital apps that they used. This result is supported by a Microsoft survey that ranked Indonesia 29th out of 32 nations in terms of digital socialization awareness, including awareness of personal data protection.

This is one sign of the fundamental lack of awareness concerning personal data protection, particularly among Indonesians. According to the National Cyber Security Index (NCSI), Indonesia’s cybersecurity capability is inadequate, with a score of 38.96 percent—lower than the worldwide average.

The recent passage of the Personal Data Protection Law (UU) by the DPR filled a significant gap in the protection of Indonesian citizens’ personal data. However, the legislation has not been able to ensure the overall protection of personal data.

There is still a need for shared awareness about the importance of protecting personal data. This awareness begins with safe and proper digital conduct.

Here are some tips for protecting personal data:

1. Only provide personal data for official purposes that can be accounted for.
2. Make it a habit to destroy copies of personal data that are no longer needed.
3. Protect One-Time Passwords (OTP) so that other parties do not have access to them.
4. Change passwords regularly with strong characters that are not easy to guess.
5. Avoid accessing and using public WiFi.
6. Perform regular data backups.
7. Prioritize storing data in the Cloud rather than on devices that are prone to be misplaced or getting damaged.
8. Use two-way verification to log into a personal account.

ADT

Shutterstock/Roman Chazov