Data theft and the law on protection of personal data: A thematic analysis
Keywords:
Data Theft, Data Protection, Criminal Law, Adaptive LawAbstract
Introduction to the Problem: Data theft and leakage have severe consequences and can harm individuals, organizations, and society. Such problems also frequently occur in Indonesia massively.
Purpose/Study Objectives: This study aims to analyze the efficacy of legal measures, particularly Law Number 27 of 2022, in addressing these issues and explores challenges hindering effective enforcement.
Design/Methodology/Approach: This study employs a qualitative approach, specifically thematic analysis, to examine the legal landscape of personal data protection in Indonesia, utilizing Law Number 27 of 2022 as the primary document for analysis. The data was then transferred to Nvivo 12 Plus for coding, classification, and coding based on units of analysis, including theme identification and text search to find words, phrases, or text patterns.
Findings: The study reveals that substantial steps, including the enactment of the Personal Data Protection law, have been taken to address data theft in Indonesia. The law establishes criminal consequences, encompassing imprisonment, fines, restitution, or a combination thereof. However, despite these measures, challenges persist, including limited law enforcement capacity, insufficient awareness of data protection, constrained inter-agency cooperation, and the swift pace of technological advancements. Furthermore, issues such as limited digital evidence, sluggish legal processes, low reporting rates, ineffective penalties, and difficulties in enforcing laws in cyberspace compound the challenges faced by law enforcement in Indonesia.
Paper Type: Research Article
References
Abidin, M. A. Z., Nawawi, A., & Salin, A. S. A. P. (2019). Customer data security and theft: A Malaysian organization’s experience. Information and Computer Security, 27(1), 81–100. https://doi.org/10.1108/ICS-04-2018-0043
Abouelmehdi, K., Beni-Hessane, A., & Khaloufi, H. (2018). Big healthcare data: Preserving security and privacy. Journal of Big Data, 5(1), 1–18. https://doi.org/ 10.1186/s40537-017-0110-7
Akman, E., İdil, Ö., & Çakır, R. (2023). An investigation into the levels of digital parenting, digital literacy, and digital data security awareness among parents and teachers in early childhood education. Participatory Educational Research, 10(5), 248–263. https://doi.org/10.17275/per.23.85.10.5
Al-Harrasi, A., Shaikh, A. K., & Al-Badi, A. (2023). Towards protecting organisations’ data by preventing data theft by malicious insiders. International Journal of Organizational Analysis, 31(3), 875–888. https://doi.org/10.1108/IJOA-01-2021-2598
Alam, M. K. (2021). A systematic qualitative case study: Questions, data collection, NVivo analysis and saturation. Qualitative Research in Organizations and Management: An International Journal, 16(1), 1–31. https://doi.org/10.1108 /QROM-09-2019-1825
Almaraz-Rivera, J. G., Cantoral-Ceballos, J. A., & Botero, J. F. (2023). Enhancing IoT network security: Unveiling the power of self-supervised learning against DDoS attacks. Sensors, 23(21), 8701. https://doi.org/10.3390/s23218701
Andraško, J., Mesarčík, M., & Hamuľák, O. (2021). The regulatory intersections between artificial intelligence, data protection and cyber security: Challenges and opportunities for the EU legal framework. AI and Society, 36(2), 623–636. https://doi.org/10.1007/s00146-020-01125-5
Aulianisa, S. S., & Indirwan, I. (2020). Critical review of the urgency of strenghthening the implementation of cyber security and resilience in Indonesia. Lesrev (Lex Scientia Law Review), 4(1), 33–48. https://doi.org/https: //doi.org/10.15294 /lesrev.v4i1.38197
Baharuddin, T., Qodir, Z., & Loilatu, M. J. (2022). Government website performance during Covid-19 : Comparative Study Yogyakarta and South Sulawesi , Indonesia. Journal of Governance and Public Policy, 9(2), 109–123. https://doi .org /10.18196/jgpp.v9i2.11474
Bechara, F. R., & Schuch, S. B. (2020). Cybersecurity and global regulatory challenges. Journal of Financial Crime, 28(2), 359–374. https://doi.org/10.1108/JFC-07-2020-0149
Boerman, S. C., Kruikemeier, S., & Zuiderveen Borgesius, F. J. (2021). Exploring motivations for online privacy protection behavior: Insights from panel data. Communication Research, 48(7), 953–977. https://doi.org/10.1177/00936502 18800915
Bossler, A. M. (2020). Cybercrime legislation in the United States. In T. J. Holt & A. M. Bossler (Eds.), The Palgrave Handbook of International Cybercrime and Cyberdeviance (pp. 257–280). Palgrave Macmillan, Cham. https://doi.org/10 .1007/978-3-319-78440-3_3
Braga, A. A., Weisburd, D., & Turchan, B. (2018). Focused deterrence strategies and crime control: An updated systematic review and meta-analysis of the empirical evidence. Criminology and Public Policy, 17(1), 205–250. https://doi.org/10. 1111/1745-9133.12353
Chatterjee, S. (2019). Is data privacy a fundamental right in India?: An analysis and recommendations from policy and legal perspective. International Journal of Law and Management, 61(1), 170–190. https://doi.org/10.1108/IJLMA-01-201 8-0013
Clough, J. (2011). Data theft? cybercrime and the Increasing criminalization of access to data. Criminal Law Forum, 22(1–2), 145–170. https://doi.org/10.1007/ s10609-011-9133-5
Cobbe, J. (2019). Administrative law and the machines of government: Judicial review of automated public-sector decision-making. Legal Studies, 39(4), 636–655. https://doi.org/10.1017/lst.2019.9
Daly, A. (2018). The introduction of data breach notification legislation in Australia: A comparative view. Computer Law and Security Review, 34(3), 477–495. https:// doi.org/10.1016/j.clsr.2018.01.005
Eboibi, F. E., & Richards, N. U. (2020). Electronic taxation and cybercrimes in Nigeria , Kenya and South Africa : Lessons from Europe and the United States of America. Commonwealth Law Bulletin, 0(0), 1–26. https://doi.org/10.1080/03050718 .2020.1726786
Feldman, E. A. (2012). The genetic information nondiscrimination act (GINA): Public policy and medical practice in the age of personalized medicine. Journal of General Internal Medicine, 27(6), 743–746. https://doi.org/10.1007/s11606-012-1988-6
Freitas, P. M. F., & Gonçalves, N. (2015). Illegal access to information systems and the directive 2013/40/EU. International Review of Law, Computers and Technology, 29(1), 50–62. https://doi.org/10.1080/13600869.2015.1016278
Gill, M. (2022). The handbook of security. The Handbook of Security, 1–1029. https:// doi.org/10.1007/978-3-030-91735-7
Goddard, M. (2017). Viewpoint: The EU general data protection regulation (GDPR): European regulation that has a global impact. International Journal of Market Research, 59(6), 703–706. https://doi.org/10.2501/IJMR-2017-050
Gootman, S. (2016). OPM hack: The most dangerous threat to the federal government today. Journal of Applied Security Research, 11(4), 517–525. https://doi.org/ 10.1080/19361610.2016.1211876
Gottschalk, P., & Tcherni-Buzzeo, M. (2017). Reasons for gaps in crime reporting: the case of white-collar criminals investigated by private fraud examiners in norway. Deviant Behavior, 38(3), 267–281. https://doi.org/10.1080/01639625 .2016.1196993
Gupta, C. M., & Kumar, D. (2020). Identity theft: A small step towards big financial crimes. Journal of Financial Crime, 27(3), 897–910. https://doi.org/10.1108/ JFC-01-2020-0014
Hallinan, D., Friedewald, M., & McCarthy, P. (2012). Citizens’ perceptions of data protection and privacy in Europe. Computer Law and Security Review, 28(3), 263–272. https://doi.org/10.1016/j.clsr.2012.03.005
Holtfreter, K., Reisig, M. D., Pratt, T. C., & Holtfreter, R. E. (2015). Risky remote purchasing and identity theft victimization among older Internet users. Psychology, Crime and Law, 21(7), 681–698. https://doi.org/10.1080/1068316 X.2015.1028545
Hoofnagle, C. J., Sloot, B. van der, & Borgesius, F. Z. (2019). The European Union general data protection regulation: What it is and what it means. Information and Communications Technology Law, 28(1), 65–98. https://doi.org/10.1080/136 00834.2019.1573501
Hutchings, A., & Holt, T. J. (2017). The online stolen data market: Disruption and intervention approaches. Global Crime, 18(1), 11–30. https://doi.org/10.1080/ 17440572.2016.1197123
Ibrahim, A. H. H., Baharuddin, T., & Wance, M. (2023). Bibliometric analysis of e-government and trust : A lesson for Indonesia. Jurnal Borneo Administrator, 19(3), 269–284. https://doi.org/10.24258/jba.v19i3.1303
Isabella, Alfitri, Saptawan, A., Nengyanti, & Baharuddin, T. (2024). Empowering digital citizenship in Indonesia : Navigating urgent digital literacy challenges for effective digital governance. Journal of Governance and Public Policy, 11(2), 142–155. https://doi.org/https://doi.org/10.18196/jgpp.v11i2.19258
Jarrett, A., & Choo, K. R. (2021). The impact of automation and artificial intelligence on digital forensics. WIREs Forensic Science, 3(6), 1–17. https://doi.org/10.1002 /wfs2.1418
Jones, A. (2008). Industrial espionage in a hi-tech world. Computer Fraud and Security, 2008(1), 7–13. https://doi.org/10.1016/S1361-3723(08)70010-1
Kesari, A. (2022). Do data breach notification laws reduce medical identity theft? Evidence from consumer complaints data. Journal of Empirical Legal Studies, 19(4), 1222–1252. https://doi.org/10.1111/jels.12331
Le, D.-N., Kumar, R., Mishra, B. K., Khari, M., & Chetterjee, J. M. (2019). Cyber security in parallel and distributed computing: Concepts, techniques, applications and case studies. In John Wiley & Sons. John Wiley & Sons, Ltd. https://doi.org /10.1002/9781119488330.ch6
Lee, D. S., & McCrary, J. (2017). The deterrence effect of prison: Dynamic theory and evidence. Advances in Econometrics, 38, 73–146. https://doi.org/10.1108/ S0731-905320170000038005
Levi, M. (2017). Assessing the trends, scale and nature of economic cybercrimes: Overview and Issues: In cybercrimes, cybercriminals and their policing, in crime, law and social change. Crime, Law and Social Change, 67(1), 3–20. https://doi. org/10.1007/s10611-016-9645-3
Mantelero, A. (2016). Personal data for decisional purposes in the age of analytics: From an individual to a collective dimension of data protection. Computer Law and Security Review, 32(2), 238–255. https://doi.org/10.1016/j.clsr.2016.01.01 4
Matthess, M., & Kunkel, S. (2020). Structural change and digitalization in developing countries: Conceptually linking the two transformations. Technology in Society, 63, 101428. https://doi.org/10.1016/j.techsoc.2020.101428
McGee, J. A., & Byington, J. R. (2015). Corporate identity theft: A growing risk. Journal of Corporate Accounting & Finance, 26(5), 37–40. https://doi.org/https:// doi.org/10.1002/jcaf.22061
Mohammed, A., Kumar, S., Mu’Azu, H. G., Kumar, R., Shah, P., Memoria, M., Rawat, A., & Gupta, A. (2022). Data security and protection: A mechanism for managing data theft and cybercrime in online platforms of educational institutions. 2022 International Conference on Machine Learning, Big Data, Cloud and Parallel Computing, COM-IT-CON 2022, 758–761. https://doi.org/10.1109/COM-IT-CON54601.2022.9850702
Mugarura, N., & Ssali, E. (2020). Intricacies of anti-money laundering and cyber-crimes regulation in a fluid global system. Journal of Money Laundering Control, 24(1), 10–28. https://doi.org/10.1108/JMLC-11-2019-0092
Mulgund, P., Mulgund, B. P., Sharman, R., & Singh, R. (2021). The implications of the California Consumer Privacy Act (CCPA) on healthcare organizations: Lessons learned from early compliance experiences. Health Policy and Technology, 10(3), 100543. https://doi.org/10.1016/j.hlpt.2021.100543
Mulyadi, & Rahayu, D. (2019). Indonesia national cybersecurity review: Before and after establishment national cyber and crypto agency (BSSN). 2018 6th International Conference on Cyber and IT Service Management, CITSM 2018, 1–6. https://doi.org/10.1109/CITSM.2018.8674265
Mustaufiatin Ni’Mah, A., & Syufa’at. (2021). Legalitas impor vaksin Covid-19 perspektif maqashid syariah. Volksgeist: Jurnal Ilmu Hukum Dan Konstitusi, 4(1), 11–24. https://doi.org/10.24090/volksgeist.v4i1.4695
Nagar, A., Elluri, L., & Joshi, K. P. (2021). Automated compliance of mobile wallet payments for cloud services. 7th IEEE International Conference on Big Data Security on Cloud (BigDataSecurity 2021) Automated, 38–45. https://doi.org/ 10.1109/BigDataSecurityHPSCIDS52275.2021.00018
Njoku, I. S., Njoku, B. C., Chukwu, S. A. J., & Ravichandran, R. (2023). Fostering cybersecurity in institutional repositories: A case of Nigerian universities. African Journal of Library Archives and Information Science, 33(1), 1–21.
Nurhadi. (2022, September 8). Inilah 7 kasus dugaan kebocoran data pribadi sepanjang 2022. Tempo.Co. https://nasional.tempo.co/read/1632043/inilah-7-kasus-dugaan-kebocoran-data-pribadi-sepanjang-2022
Okeke, R. I., & Eiza, M. H. (2022). The application of role-based framework in preventing internal identity theft related crimes: A qualitative case study of UK Retail Companies. Information Systems Frontiers, 25, 451–472. https://doi.org/ 10.1007/s10796-022-10326-w
Ometov, A., Molua, O. L., Komarov, M., & Nurmi, J. (2022). A survey of security in cloud, edge, and fog computing. Sensors, 22(3), 1–27. https://doi.org/10.3390/s220 30927
Ozili, P. K. (2022). Central bank digital currency in Nigeria: Opportunities and risks. Contemporary Studies in Economic and Financial Analysis, 109, 125–133. https://doi.org/10.1108/S1569-37592022000109A008
Purtova, N. (2018). The law of everything. Broad concept of personal data and future of EU data protection law. Law, Innovation and Technology, 10(1), 40–81. https://doi.org/10.1080/17579961.2018.1452176
Rashighi, M., & Harris, J. E. (2017). Privacy in the Age of Medical Big Data. Physiology & Behavior, 176(3), 139–148. https://doi.org/10.1053/j.gastro.2016.08.014. CagY
Reyns, B. W., & Randa, R. (2017). Victim reporting behaviors following identity theft victimization: Results from the national crime victimization survey. Crime and Delinquency, 63(7), 814–838. https://doi.org/10.1177/0011128715620428
Rodríguez, R. J., & Garcia-Escartin, J. C. (2017). Security assessment of the Spanish contactless identity card. IET Information Security, 11(6), 386–393. https://doi.org/10.1049/iet-ifs.2017.0299
Roy, J. (2016). Secrecy, security and digital literacy in an era of meta-data: Why the Canadian westminster model falls short. Intelligence and National Security, 31(1), 95–117. https://doi.org/10.1080/02684527.2014.941250
Salahudin, S., Nurmandi, A., & Loilatu, M. J. (2020). How to Design qualitative research with NVivo 12 plus for local government corruption issues in Indonesia? Jurnal Studi Pemerintahan, 11(3), 469–498. https://doi.org/10.18196/jgp.113124
Shi, Y. (2022). Earth observation applications and the right to privacy: Within and beyond the COVID-19 Pandemic. Jurnal Media Hukum, 29(2), 107–119. https://doi.org/https://doi.org/10.18196/jmh.v29i2.14435
Simpson, S. S., Galvin, M. A., Loughran, T. A., & Cohen, M. A. (2022). Perceptions of white-collar crime seriousness: Unpacking and translating attitudes into policy preferences. Journal of Research in Crime and Delinquency, 1–41. https://doi.org /10.1177/00224278221092094
Solami, E. Al, Kamran, M., Alkatheiri, M. S., Rafiq, F., & Alghamdi, A. S. (2020). Fingerprinting of relational databases for stopping the data theft. Electronics (Switzerland), 9(7), 1–20. https://doi.org/10.3390/electronics9071093
Strom, K. J., & Smith, E. L. (2017). The future of crime data: The case for the national incident-based reporting system (NIBRS) as a primary data source for policy evaluation and crime analysis. Criminology and Public Policy, 16(4), 1027–1048. https://doi.org/10.1111/1745-9133.12336
Sudarwanto, A. S., & Kharisma, D. B. B. (2022). Comparative study of personal data protection regulations in Indonesia, Hong Kong and Malaysia. Journal of Financial Crime, 29(4), 1443–1457. https://doi.org/10.1108/JFC-09-2021-0193
Supriyadi, D. (2023). The Regulation of Personal and Non-Personal Data in the Context of Big Data. Journal of Human Rights, Culture and Legal System, 3(1), 33–69. https://doi.org/10.53955/jhcls.v3i1.71
Talesh, S. A. (2018). Data breach, privacy, and cyber insurance: How insurance companies Act as “compliance managers” for businesses. Law and Social Inquiry, 43(2), 417–440. https://doi.org/10.1111/lsi.12303
Thaduri, A., Aljumaili, M., Kour, R., & Karim, R. (2019). Cybersecurity for eMaintenance in railway infrastructure: risks and consequences. International Journal of System Assurance Engineering and Management, 10(2), 149–159. https://doi. org/10.1007/s13198-019-00778-w
Toma, T., Décary-Hétu, D., & Dupont, B. (2023). The benefits of a cyber-resilience posture on negative public reaction following data theft. Journal of Criminology, 1–24. https://doi.org/10.1177/26338076231161898
Trepte, S., Teutsch, D., Masur, P. K., Eicher, C., Fischer, M., Hennhöfer, A., & Lind, F. (2015). Do people know about privacy and data protection strategies? towards the “online privacy literacy scale” (OPLIS). In S. Gutwirth, R. Leenes, & P. de Hert (Eds.), Reforming European Data Protection Law (pp. 333–365). Springer, Dordrecht. https://doi.org/10.1007/978-94-017-9385-8_14
Vajjhala, N. R., & Strang, K. D. (2023). Cybersecurity for Decision Makers. Cybersecurity for Decision Makers, 1–393. https://doi.org/10.1201/9781003319887
van de Weijer, S. G. A., Leukfeldt, R., & Bernasco, W. (2019). Determinants of reporting cybercrime: A comparison between identity theft, consumer fraud, and hacking. European Journal of Criminology, 16(4), 486–508. https://doi.org/10.1177/ 1477370818773610
van de Weijer, S. G. A., & Moneva, A. (2022). Familial concentration of crime in a digital era: Criminal behavior among family members of cyber offenders. Computers in Human Behavior Reports, 8, 100249. https://doi.org/10.1016/j.chbr.2022. 100249
Viano, E. C. (2017). Cybercrime: Definition, typology, and criminalization. In Cybercrime, Organized Crime, and Societal Responses (pp. 3–22). Springer. https://doi.org/10.1007/978-3-319-44501-4
Wachter, S. (2018). Normative challenges of identification in the Internet of Things: Privacy, profiling, discrimination, and the GDPR. Computer Law & Security Review, 34(3), 436–449. https://doi.org/https://doi.org/10.1016/j.clsr.2018. 02.002
Wang, Y. (2023). CNS: Research on data security technology and network data security regulations driven by digital economy. International Journal of Cooperative Information Systems, 32(4), 2024. https://doi.org/10.1142/S02 1884302150009X
Warikandwa, T. V. (2021). Personal data security in South Africa’s financial services market: The protection of personal information act 4 of 2013 and the european union general data protection regulation compared. Potchefstroom Electronic Law Journal, 24, 17159. https://doi.org/10.17159/1727-3781/2021/v24i0a 10727
Warkentin, M., & Willison, R. (2009). Behavioral and policy issues in information systems security: The insider threat. European Journal of Information Systems, 18(2), 101–105. https://doi.org/10.1057/ejis.2009.12
Wicki-Birchler, D. (2020). The Budapest convention and the general data protection regulation: Acting in concert to curb cybercrime? International Cybersecurity Law Review, 1, 63–72. https://doi.org/10.1365/s43439-020-00012-5
Zimmerle, J. C., & Wall, A. S. (2019). What’s in a Policy? evaluating the privacy policies of children’s apps and websites. Computers in the Schools, 36(1), 38–47. https://doi.org/10.1080/07380569.2019.1565628
Zulu, C. L., & Dzobo, O. (2023). Real-time power theft monitoring and detection system with double connected data capture system. Electrical Engineering, 105(5), 3065–3083. https://doi.org/10.1007/s00202-023-01825-3
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Jurnal Hukum Novelty
This work is licensed under a Creative Commons Attribution 4.0 International License.
This work is licensed under a Creative Commons Attribution 4.0 International License.