Cybersecurity and Data Breaches in Indonesia

Legal Updates
Cybersecurity and Data Breaches in Indonesia
6 February 2020

The Indonesian legal framework for cybersecurity is varied, depending on the context of the crime. However, the main reference would be the Electronic Information Law, Government Regulation 82 regarding the Implementation of Electronic Systems and Transactions, and Minister of Communication and Informatics (MOCI) Regulation 20 regarding the Pro­tection of Personal Data in Electronic Systems (jointly referred to as the PDP Regulations), which broadly dis­cuss the privacy of personal data and electronic communica­tions.

Aside from the PDP Regulations, there are other key laws regarded as the basis for cybersecurity. For example, with regard to intellectual property, the Ministry of Law and Human Rights, along with the Ministry of Communication and Informatics, jointly issued Decree No. 14 of 2015 and No. 26 of 2015 regarding the Implementation of Closing Down Content and/or a User's Right to Access over Copyright Infringement and/or Related Rights in an Electronic System. The joint decree elaborates the procedure to file a report on copyright infringement in an electronic system, the verification procedure for reports, and the procedure for closing down content and/or access rights pertaining to copyright infringement.

The MOCI is considered the key regulator for matters relat­ing to data protection and cyber activities, while the police have formed its own unit to handle cybercrimes.

In addition to the above, the government has established other bodies specifically to oversee cybersecurity and IT security, namely the Cyber Body and National Encryption Agency (Badan Siber dan Sandi Negara or "BSSN") and the Indonesia Security Incident Response Team on Internet and Infrastructure (ID-SIRTII).

The Indonesian Financial Services Authority (OJK) is also regarded as a key regulator for any matter relating to the protection of the personal data and/or infor­mation of consumers in relation to the payment transaction process or general financial service activities.

This first appeared in the 2019 Chambers Data Protection and Cyber Security Guide, published by Chambers and Partners. 

This publication is intended for informational purposes only and does not constitute legal advice. Any reliance on the material contained herein is at the user's own risk. You should contact a lawyer in your jurisdiction if you require legal advice. All SSEK publications are copyrighted and may not be reproduced without the express written consent of SSEK.

For More Information, Please Contact
Back to Indonesia Law Blog
Related Articles
Categories: