The National ICT Entrepreneurs Association has reminded that the transfer of personal data from Indonesia to the United States (US) as stipulated in the trade agreement between the two countries must comply with Indonesia's Personal Data Protection Law.
"If the Indonesian government truly allows public data to be managed or stored in the US, there must be a minimum requirement: US companies must comply with Indonesia's Privacy and Data Protection Law and be audited by the Privacy and Data Protection Commission," said Alfons Tanujaya, Chairman of the Standing Committee for Cybersecurity Vigilance at APTIKNAS.
Additionally, Alfons said that transferred data must be encrypted and must not be accessed without explicit consent. The two countries also need to establish a bilateral agreement to prevent misuse by foreign authorities.
Data security, Alfons said, is not determined by where it's stored, but by the discipline and methods used to store it. With strong encryption, data security can be guaranteed regardless of where it's stored.
