Jakarta – The Advocacy Coalition for the Protection of Private Data (KA-PDP) is calling on the House of Representatives (DPR) to immediately enact the Draft Law on the Protection of Private Data (RUU PDP). The call was made following the leak of data on 6 million Covid-19 patients held by the Ministry of Health.
According to KA-PDP member and Institute for Public Research and Advocacy (Elsam) Executive Director Wahyudi Djafar, this is becoming urgent and the RUU PDP must be immediately deliberated by the House because existing legal instruments are not enough to provide optimal protection of private data.
"The various regulations do not yet fully adopt the principles of private data protection, and tend to overlap with each other, which results in uncertainty over protection", said Djafar in a press release on Saturday January 8.
These are regulations such as Government Regulation Number 46/2014 on Healthcare Information Systems and Government Regulation Number 71/2019 on System Organisation and Electronic Transactions.
Then there is Communication and Information Ministry Regulation 20/2016 the Protection of Private Data in Electronic Systems and Presidential Regulation Number 95/2018 on Electronic Based Administration Systems (SPBE)
Djafar explained that there are several data protection issues which do not appear in these regulations.
First, the protection of sensitive data. Second, clarity on the protection of the subject of data, including rehabilitation mechanisms if a data leak occurs.
"The other big challenge in dealing with cases of private data leaks in the public sector is that there has almost never been an investigation process carried out in an accountable manner", he said.
In Djafar's view, this fact shows that the government is not ready to deal with cases of data leaks which continue to occur repeatedly.
Djafar said that by enacting the RUU PDP, the instruments for the protection of private data can be more comprehensive so private data leaks can be minimised.
"In order to ensure its effectiveness in its implementation later, it is also important for this legislation to designate a private data protection authority which is independent", he said.
As has been reported, it is suspected that the data of some 6 million Covid-19 patients held by the Health Ministry were put up for sale on the online forum Raid Forums.
The seller was a forum member with an account named "Astarte". Meanwhile the data being sold amounted to as much as 720 GB.
The leaked data is suspected to include radiology examination results, photographs and the identity of patients, CT scan results, Covid-19 test results, the hospital of origin and the time the pictures were taken.
[Translated by James Balowski. The original title of the article was "Koalisi Perlindungan Data Pribadi Minta DPR dan Pemerintah Segera Sahkan RUU PDP".]