<![CDATA[This study aims to analyze the criminalization of doxing within the perspective of Indonesian criminal law and to examine whether existing legal provisions are sufficient or whether a specific criminal offense is required. The research addresses the normative gap in regulating the unauthorized disclosure of personal data in the digital era, which has increasingly threatened individual privacy and security. The study is significant in the context of management science and information technology because digital governance, data protection compliance, and cybersecurity management require a clear legal framework to mitigate cyber risks. This research employs normative juridical methods supported by qualitative analysis of statutory regulations, including the Criminal Code (KUHP), the Electronic Information and Transactions Law (UU ITE), and the Personal Data Protection Law (UU PDP), as well as recent scholarly literature. The findings indicate that doxing can be partially qualified under existing offenses such as defamation and privacy violations; however, these provisions do not comprehensively capture the elements of unauthorized data acquisition, dissemination, and malicious intent. The study concludes that a specific criminal offense regulating doxing explicitly is necessary to ensure legal certainty, enhance victim protection, and strengthen digital governance. The research recommends legislative reform to integrate criminal law adaptation with technological developments in the digital ecosystem.]]>
