Examining Indonesian Government Accountability And Mitigation Measures In The 2024 Taxpayer Identification Number Data Breach

Authors

  • Hamzah Haikal Riziq Alwi Alatas Universitas Tarumanagara Jakarta, Indonesia
  • Gunawan Djajaputra Universitas Tarumanagara Jakarta, Indonesia

DOI:

https://doi.org/10.46924/jihk.v7i2.385

Keywords:

Personal Data Protection, NPWP Breach, PDP Law, Government Accountability, Legal Liability

Abstract

This study examines the Indonesian government’s accountability for the 2024 Taxpayer Identification Number (NPWP) data breach and evaluates the implementation of personal data protection obligations under the Personal Data Protection Law (PDP Law). Using a normative legal research method with statutory, conceptual, and case-based approaches, the study finds that the Directorate General of Taxes (DGT) has not fully met its duties as a Personal Data Controller. The large-scale breach, involving more than six million records, reveals weaknesses in access control, Data Protection Impact Assessments (DPIAs), privacy-by-design practices, and breach notification procedures. The PDP Law provides administrative, civil, and criminal liability mechanisms for negligent actors, all of which may be applied cumulatively. The findings indicate a significant gap between legal norms and administrative practice, undermining public trust and limiting the effectiveness of the PDP Law in safeguarding personal data.

Downloads

Download data is not yet available.

References

Journals

Ali, Muhammad, Ni Putu Yundari, dan Ahnaf Tsaqif. “Analisis Risiko Keamanan Siber dalam Transformasi Digital Pelayanan Publik di Indonesia.” Cosmos: Jurnal Ilmu Pendidikan, Ekonomi, dan Teknologi 6, no. 2 (2025): 1–12. https://doi.org/10.7454/jkskn.v6i2.10082.

Arrasuli, Beni Kharisma, dan Khairul Fahmi. “Perlindungan Hukum Positif Terhadap Kejahatan Penyalahgunaan Data Pribadi.” Unes Journal of Swara Justisia 7, no. 2 (2023): 369–92. https://doi.org/10.31933/ujsj.v7i2.351.

Dachlan, Andrew Ardiyanto, Alya Nabila, Nabilatul Alimah Putri, dan Nabilah Nurmasitha. “Pertanggungjawaban Hukum Pemerintah Dalam Kebocoran Data Pribadi Pada Penyelenggaraan Pusat Data Nasional.” Jurnal Hukum Samudra Keadilan 20, no. 1 (2025): 109–24. https://doi.org/10.33059/jhsk.v20i1.11279.

G, Silawati Dayang, Sandra Putri Olivia Lase, dan Anandya Kyara Putri K. “Urgensi Pembentukan Lembaga Pengawas dalam Pembaharuan Hukum Perlindungan Data Pribadi Menurut Undang-Undang PDP.” Locus Journal of Academic Literature Review 4, no. 2 (2025): 106–13. https://doi.org/10.56128/ljoalr.v4i2.433.

Junaedi, Asep Mahbub. “Urgensi Perlindungan Data Pribadi Dalam Era Digital: Analisis Undang-Undang Nomor 27 Tahun 2022 Tentang Perlindungan Data Pribadi.” Knowledge Jurnal Inovasi Hasil Penelitian dan Pengambangan 5, no. 2 (2025): 247–57. https://doi.org/10.51878/knowledge.v5i2.5269.

Khair, Filal, dan Sidi Ahyar Wiraguna. “Data Protection Impact Assessment (DPIA) sebagai Instrumen Kunci Menjamin Kepatuhan UU PDP 2022 di Indonesia.” Politika Progresif Jurnal Hukum, Politik dan Humaniora 2, no. 2 (2025): 246–54. https://doi.org/10.62383/progres.v2i2.1821.

Kholis, Ilman Maulana. “Perlindungan Data Pribadi dan Keamanan Siber di Sektor Perbankan: Studi Kritis atas Penerapan UU PDP dan UU ITE di Indonesia.” Staatsrecht Jurnal Hukum Kenegaraan dan Politik Islam 4, no. 2 (2024): 275–300. https://doi.org/10.14421/t5sfe747.

Maduwu, Benyamin, Nancy Nopeline, dan Martin Luter Purba. “Analisis Pengaruh Pengguna Internet dan Transaksi E-Commerce Terhadap Pertumbuhan Ekonomi Indonesia Tahun 2011-2023.” Jurnal Eknomi dan Bisnis Islam 4, no. 3 (2025): 389–405. https://doi.org/10.62668/attariiz.v4i03.1712.

Matheus, Juan, and Ariawan Gunadi. “Pembentukan Lembaga Pengawas Perlindungan Data Pribadi Di Era Ekonomi Digital: Kajian Perbandingan Dengan KPPU.” JUSTISI 10, no. 1 (2024): 20–35. https://doi.org/https://doi.org/10.33506/jurnaljustisi.v10i1.2757.

Pradana, Muhammad Akbar Eka, dan Horadin Saragih. “Prinsip Akuntabilitas dalam Undang-Undang Perlindungan Data Pribadi Terhadap GDPR dan Akibat Hukumnya.” Innovative: Journal Of Social Science Research 4, no. 4 (2024): 3412–25. https://doi.org/10.31004/innovative.v4i4.13476.

Ramadhani, Wyanda Kinanti Syauqi, dan Sidi Ahyar Wiraguna. “Implementasi Pelindungan Data Pribadi dalam Sistem Informasi pada Perusahaan Jasa Keuangan.” Appisi: Perspektif Administrasi Publik dan Hukum 2, no. 2 (2025): 158–75. https://doi.org/10.62383/perspektif.v2i2.248.

Salsabila, Shafa, dan Sidi Ahyar Wiraguna. “Pertanggungjawaban Hukum atas Pelanggaran Data Pribadi dalam Perspektif Undang-Undang Pelindungan Data Pribadi Indonesia.” Konsensus: Jurnal Ilmu Pertahanan, Hukum dan Ilmu Komunikasi 2, no. 2 (2025): 145–57. https://doi.org/10.62383/konsensus.v2i2.736.

Sitorus, Hizkia Roland Prawyra, Dewi Pika Lumbanbatu, Daniel David Sidebang, Dules Ery Pratama, dan Risky Sakti Lumban Gaol. “Tinjauan Hukum dan Upaya Pencegahan terhadap Kasus Kebocoran Data NPWP.” Aspirasi: Publikasi Hasil Pengabdian dan Kegiatan Masyarakat 3, no. 4 (2025): 14–18. https://doi.org/10.61132/aspirasi.v3i4.1851.

Waruwu, Severius, dan Amelia Anggriany Siswoyo. “Data Pribadi Sebagai Aset Bisnis: Sinergi Hukum Rahasia Dagang dan Perlindungan Data.” Lex Lectio Law Journal 3, no. 2 (2024): 118–29. https://doi.org/10.61715/jll.v3i2.118.

Zamzam, Muhammad Ilham Mahrudin, Rofanda Mina Arsyada, dan Nadya Eka Amalia Al’Azza. “Keabsahan Hubungan Kontraktual Secara Elektronik Dalam E-Commerce Dan Pertanggungjawaban Hukum Atas Kebocoran Data Pribadi Pengguna.” Jurnal Suara Hukum 5, no. 2 (2023): 130–48. https://doi.org/10.26740/jsh.v5n2.p130-148.

Books

Efendi, Jonaedi, dan Johnny Ibrahim. Metode Penelitian Hukum : Normatif dan Empiris. 1 ed. Jakarta: Prenadamedia Group, 2016.

Iskandar, Dedy Dwi Putra, Alifa Irna Yasin, dan Khairan. Cyber Smart Campus: Cakap Digital & Aman Siber. Jambi: PT. Sonpedia Publishing Indonesia, 2025.

Regulations

DPR RI. Undang-Undang Republik Indonesia Nomor 27 Tahun 2022 Tentang Perlindungan Data Pribadi, Pub. L. No. 27, 1 (2022). https://jdih.setkab.go.id/PUUdoc/176837/Salinan_UU_Nomor_27_Tahun_2022.pdf.

Pemerintah Republik Indonesia. “Undang-Undang Dasar Negara Republik Indonesia Tahun 1945 Pasal 27 Ayat (2).” Jakarta: Pemerintah Republik Indonesia, n.d.

Webpages

Bestari, Novina Putri. “NPWP Jokowi, Gibran, dan 6 Juta Data Pajak Warga RI Dijual di Internet.” cnbcindonesia.com, 2024. https://www.cnbcindonesia.com/tech/20240918175353-37-572797/npwp-jokowi-gibran-dan-6-juta-data-pajak-warga-ri-dijual-di-internet.

Rakhmayanti, Intan. “6 Juta Data NPWP Bocor, Kapan Lembaga PDP Hadir?” cnbcindonesia.com, 2024. https://www.cnbcindonesia.com/tech/20241001183527-37-576176/6-juta-data-npwp-bocor-kapan-lembaga-pdp-hadir.

Downloads

Published

2025-12-11

Issue

Vol. 7 No. 2 (2026): Jurnal Ilmu Hukum Kyadiren

Section

Articles

License

Copyright (c) 2025 Hamzah Haikal Riziq Alwi Alatas, Gunawan Djajaputra

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Authors who publish with this journal agree to the following terms:

  1. Copyright on any article is retained by the author(s).
  2. The author grants the journal, the right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgment of the work’s authorship and initial publication in this journal.
  3. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal’s published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
  4. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.
  5. The article and any associated published material is distributed under the Creative Commons Attribution 4.0 International License

How to Cite

Examining Indonesian Government Accountability And Mitigation Measures In The 2024 Taxpayer Identification Number Data Breach. (2025). JIHK, 7(2), 1234-1248. https://doi.org/10.46924/jihk.v7i2.385