Chairman of the Indonesian Cyber Research Institute CISSReC Pratama Persadha, Monday (25/10) assessed that the leakage of KPAI data was evidence that the level of information security of government institutions in Indonesia was still weak. Given that data leaks have occurred repeatedly, CISSRec calls on the government and the House of Representatives (DPR) to agree to quickly pass the Personal Data Protection Bill (RUU).
“Because the data circulating from the leak is data that does belong to the community. Personal data which if in the hands of irresponsible people can be used to commit crimes against the owner of the data, namely the community,” said Pratama. .
Pratama added that the leaked KPAI data is very sensitive and has the potential to be misused by irresponsible parties. Among them there are the identities of victims who are still underage, the complainant and so on. Therefore, he urged KPAI together with other stakeholders to immediately find a solution for the data leak.
In general, according to Pratama, KPAI data sold on the RaidForums website contains online complaint reports on the KPAI official website from 2016 until now. From the reporting column only, the data that can be obtained is the identity of the reporter such as name, identity number, nationality, cell phone number, religion, occupation, education, address, to gender, city of residence and age of the reporter. Then there is also a monthly income column, case summary, mediation results, reporting process, and many others.
According to Pratama, what is somewhat worrying about the leaked data is the data on victims of domestic violence or sexual violence. The number is around four thousand and the victims are still minors.
There, the data is complete, starting with the victim’s name, age, school address, what grade, residential address, teacher’s name and others.
Perpetrators Can Be Charged with Criminal Sanctions
Separately interviewed by a consultant from the Lentera Anak Foundation, Reza Indragiri Amriel, the perpetrators of leaking KPAI data could be subject to criminal penalties.
“Just spreading the child’s secret identity is already a criminal matter. If then we talk about the misuse of the data for what? All kinds of things, the simplest is to extort. -Expand it,” said Reza.
Reza added that if anyone could access the data, children who were victims of violence in the KPAI data could become victims of ridicule, stigmatized, extortion and others. At an extreme level, children can commit suicide because they can’t stand the shame of their shame being known to the public. Not to mention the misuse of data for insurance or medical claims and so on.
If it is found that negligence by the leader of the government institution that resulted in data leakage, then according to Reza, the sanctions are not only ethical or administrative but there must be criminal sanctions. He also pushed for the immediate ratification of the Personal Data Protection Bill.
KPAI, he added, can also activate ethical and criminal mechanisms for KPAI leaders and staff; and submit accountability to Commission VIII of the DPR.
KPAI Has Reported Data Theft
Through a written statement, KPAI Chairman Susanto confirmed that data theft had occurred at his institution. Therefore, on October 18, KPAI reported the case to the Directorate of Cyber Crimes at the Criminal Investigation and Investigation Agency of the Indonesian National Police Headquarters.
A day later, KPAI also informed the theft of the data to the National Cyber and Password Agency (BSSN) and the Minister of Communications and Informatics.
Susanto said the Cyber Directorate of Police Headquarters and BSSN had coordinated with KPAI, while KPAI itself had taken mitigation measures to maintain data security. He stressed that the data theft did not interfere with the KPAI complaint service. [fw/em]