DPR Asks For Clarity Of The Fate Of Public Personal Data After Cyber Attacks By PDNS 2

Illustration of digital data breach (ANTARA)

JAKARTA - The Indonesian House of Representatives asked the Government to provide clarity regarding the fate of public personal data after cyber attacks on the Temporary National Data Center (PDNS) 2 in Surabaya that occurred a few weeks ago. The DPR again questioned this because the government had not yet given a definite answer.

"Since the beginning of the cyber attack on PDNS 2, I have questioned whether there has been a leak of personal data. The people have the right to know about the data stored by the leaked government agency and which data is safe," said Member of Commission I DPR RI Sukamta, Monday, July 22.

Sukamta reminded that the government has the task of maintaining the security of public personal data that is confidential.

"If there really is a leak of personal data, it must be taken very seriously. This is the responsibility of the state in terms of ensuring the security rights of its citizens," said the legislator from the electoral district of the Special Region of Yogyakarta (DIY).

Sukamta assessed that efforts to restore infrastructure for the provision of national digital services after the attack on PDNS 2 which is being carried out by the Government are indeed important. However, the protection and security of public personal data should not be ignored.

"We should not only be busy with cybersecurity aspects and recovery after the ransomware attack. We must not forget the aspects of personal data protection," said Sukamta.

Sukamta assessed that the Government must update information to the public about data leakage in accordance with the mandate of the Republic of Indonesia Law Number 27 of 2022 concerning Personal Data Protection (UU PDP).

He explained, Article 46 of the PDP Law states that the personal data management must inform in writing the leaked data subjects and to the Personal Data Protection Supervisory Agency (PDP) within 3x24 hours. Meanwhile, now, said Sukamta, it is more than the specified time limit.

Although the current PDP institution has not yet been formed, Sukamta said that it does not mean that the Government ignores the obligation to provide information to the public.

"The institutions do not yet exist, but the obligations to the data subjects must still be carried out," he said.

The written notification as intended at least contains personal data that was revealed, when and how personal data was revealed, and efforts to handle and recover from the disclosure of personal data by Personal Data Controllers.

Therefore, Sukamta said the government must immediately provide clarity to the public. He also highlighted the Government which seems to underestimate the security of public personal data because it does not provide a definite explanation.

"Until now, there has been no official explanation from the Government regarding aspects of protecting people's personal data after cyber attacks on PDNS 2," said Sukamta.

"The government has not provided an adequate update on whether there is a data leak, what is being and has been done by the government and what is next," he added.

The member of the Commission in the DPR in charge of defense, communication and informatics affairs understands that there are data that cannot be disclosed to the public. Even so, he reminded the Government to continue to provide explanations to the public.

Therefore, public communication must be carried out properly. The people have the right to know the data stored by a leaked government institution and which data is safe. The government needs to be transparent, although not all of them are open," said Sukamta.

Sukamta also encouraged the PDNS governance audit to be followed up immediately according to President Joko Widodo (Jokowi)'s order to the Financial and Development Supervisory Agency (BPKP).

"BPKP should immediately complete the audit," he concluded.