Article Per Year (5 Year)
p-Index From 2021 - 2026
0.23
P-Index
This Author published in this journals
All Journal Jurnal Pengabdian Masyarakat dan Riset Pendidikan
Ridho Rivantoro
Unknown Affiliation
Humanities Education Languange, Linguistic, Communication & Media Mathematics Other

Published : 1 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 1 Documents
Search

 1 
Tanggung Jawab Hukum Korporasi Atas Kebocoran Data Peserta BPJS Kesehatan Berdasarkan UU No. 27 Tahun 2022: Penelitian Ridho Rivantoro; Dyah Permata Budi Asri
Jurnal Pengabdian Masyarakat dan Riset Pendidikan Vol. 4 No. 3 (2026): Jurnal Pengabdian Masyarakat dan Riset Pendidikan Volume 4 Nomor 3 (Januari 202
Publisher : Lembaga Penelitian dan Pengabdian Masyarakat

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.31004/jerkin.v4i3.4575

Abstract

The massive data breach involving BPJS Kesehatan in 2021 revealed the vulnerability of Indonesia’s digital security ecosystem. Millions of citizens’ personal data appeared on online forums, raising concerns regarding privacy protection and institutional accountability. This incident underscored the urgent need for a comprehensive regulatory framework governing personal data protection. Law No. 27 of 2022 establishes clear obligations for data controllers and affirms the rights of data subjects, including individuals whose information is processed by public institutions such as BPJS Kesehatan. This study examines the legal responsibilities of BPJS Kesehatan as a public corporation in managing participants’ personal data, and explores the legal implications arising from negligence that results in data breaches. A normative legal approach is applied through statutory analysis and examination of academic literature. Findings show that BPJS Kesehatan bears substantial obligations as a data controller under the Personal Data Protection Law, including ensuring data security, maintaining transparency, and implementing proper data governance mechanisms. The 2021 breach demonstrated significant gaps in digital security infrastructure that affected public trust and exposed potential legal liabilities. The PDP Law provides administrative, civil, and criminal consequences for violations committed by data controllers. Strengthening of security, compliance, and internal audits is necessary to prevent recurrence of incidents.
Co-Authors Budi Asri, Dyah Permata