<![CDATA[The 2022 incident involving the leakage of 1.3 billion SIM card registration data severely undermined public trust in personal data security in Indonesia. This incident revealed weaknesses in data governance and the suboptimal implementation of legal protection for digital privacy. This study aims to analyze the criminal liability of perpetrators involved in the hacking of SIM card registration data based on Law Number 1 of 2024 concerning Electronic Information and Transactions (EIT Law) and Law Number 27 of 2022 concerning Personal Data Protection (PDP Law). The research employs a normative juridical method with statutory and case approaches. The findings indicate that both laws have different scopes and approaches yet are mutually complementary: the EIT Law emphasizes unauthorized access and disruption of electronic systems, while the PDP Law focuses on the unlawful misuse and disclosure of personal data. The combination of both laws provides a crucial legal foundation to prosecute data hacking perpetrators, although in practice, challenges remain in digital evidence collection, normative disharmony, and inter-agency coordination. Effective law enforcement requires harmonization in the application of both laws, the strengthening of digital forensic capacity, and the establishment of a strong and independent data protection authority.]]>
Copyrights © 2025
