Tanggung Jawab Hukum Korporasi Atas Kebocoran Data Peserta BPJS Kesehatan Berdasarkan UU No. 27 Tahun 2022

Penelitian

Authors

  • Ridho Rivantoro Universitas Esa Unggul
  • Dyah Permata Budi Asri Universitas Esa Unggul

DOI:

https://doi.org/10.31004/jerkin.v4i3.4575

Keywords:

BPJS Kesehatan, Personal Data, Data Breach, Corporation, PDP Law

Abstract

The massive data breach involving BPJS Kesehatan in 2021 revealed the vulnerability of Indonesia’s digital security ecosystem. Millions of citizens’ personal data appeared on online forums, raising concerns regarding privacy protection and institutional accountability. This incident underscored the urgent need for a comprehensive regulatory framework governing personal data protection. Law No. 27 of 2022 establishes clear obligations for data controllers and affirms the rights of data subjects, including individuals whose information is processed by public institutions such as BPJS Kesehatan. This study examines the legal responsibilities of BPJS Kesehatan as a public corporation in managing participants’ personal data, and explores the legal implications arising from negligence that results in data breaches. A normative legal approach is applied through statutory analysis and examination of academic literature. Findings show that BPJS Kesehatan bears substantial obligations as a data controller under the Personal Data Protection Law, including ensuring data security, maintaining transparency, and implementing proper data governance mechanisms. The 2021 breach demonstrated significant gaps in digital security infrastructure that affected public trust and exposed potential legal liabilities. The PDP Law provides administrative, civil, and criminal consequences for violations committed by data controllers. Strengthening of security, compliance, and internal audits is necessary to prevent recurrence of incidents.

References

Aditya Nugraha, D., Nurfitroh, R., Dhiya Ul-Haq, N., Purnama Dika, R., Novebriana Lagontang, S., Studi Teknik Informatika, P., & Tinggi Teknologi Wastukancana, S. (2025). KEBOCORAN DATA BPJS KESEHATAN: ANCAMAN TERHADAP KEAMANAN INFORMASI PUBLIK DI ERA DIGITAL. Integrative Perspectives of Social and Science Journal, 2(3), 4685.

Annan, A. (2024). Tinjauan yuridis perlindungan data pribadi pada sektor kesehatan berdasarkan UU No. 27 Tahun 2022. SYNERGI Jurnal Ilmiah Multidisiplin, 1(4), 247. https://e-journal.naureendigition.com/index.php/sjim

CNBC Indonesia. (2021a, May 21). Kominfo blokir situs yang jual data diduga milik BPJS. Https://Www.Cnnindonesia.Com/Teknologi/20210521123238-185-646963/Kominfo-Blokir-Situs-Yang-Jual-Data-Diduga-Milik-Bpjs.

CNBC Indonesia. (2021b, May 23). Heboh! Situs klaim jual 279 juta data penduduk RI. Https://Www.Cnbcindonesia.Com/Tech/20210523092159-37-247634/Heboh-Situs-Klaim-Jual-279-Juta-Data-Penduduk-Ri.

Detik.com. (2021, May 22). Kominfo: Data pribadi WNI yang bocor identik data BPJS Kesehatan. Https://News.Detik.Com/Berita/d-5577462/Kominfo-Data-Pribadi-Wni-Yang-Bocor-Identik-Data-Bpjs-Kesehatan.

Gani, T. A. (2023). Kedaulatan data digital untuk integritas bangsa. Syiah Kuala University Press.

Marzuki, P. M. (2017). Penelitian Hukum. Kencana Prenada Media.

Maulida, O., & Utomo, H. (2023). Pertanggungjawaban Badan Penyelenggara Jaminan Sosial (BPJS) Kesehatan Atas Kebocoran Data Pribadi Pengguna dalam Perspektif Hukum Pidana. Indonesian Journal of Law and Justice, 1(2), 10. https://doi.org/10.47134/ijlj.v1i2.2011

Nasution, A. (2021). Perlindungan Data Pribadi Di Era Digital. RajaGrafindo Persada.

Pase, A. T. (2025). Civil Liability In Business Contract Disputes: Implications For Investor Confidence Tanggung Jawab Perdata Dalam Sengketa Kontrak Bisnis: Implikasi Terhadap Kepercayaan Investor. In Jurnal Hukum Sehasen (Vol. 11, Issue 1).

Pemerintah Republik Indonesia. (2022). Undang-Undang Nomor 27 Tahun 2022 tentang Perlindungan Data Pribadi.

Pinondang, E. A. M., & Thalib, E. F. (2024). Tinjauan yuridis perlindungan data pribadi dalam tindakan doxing berdasarkan UU Nomor 27 Tahun 2022. Jurnal Darma Agung, 32(5), 421–433.

Rinjani, M. A., & Firmansyah, R. (2025). Hambatan Implementasi UU 27/2022 dan Strategi Penguatan Perlindungan Data Pribadi di Indonesia. Jurnal Analisis Hukum, 8(1), 70–83. https://doi.org/10.38043/jah.v8i1.6793

Saly, J. N., Artamevia, H., Kheista, K., Gulo, B. J. S., Rhemrev, E. A., & Christie, M. (2023). 4.+064P-Jeane+Neltje-Revisi.docx. Jurnal Serina Sosia Humaniora, 3, 145.

Solove, D. J., Marshall, J., Research, H., & Washington, G. (2023). The Limitations of Privacy Rights. Note Dame Law Review, 975–1036. https://scholarship.law.nd.edu/ndlr

Downloads

Published

02-01-2026

How to Cite

Ridho Rivantoro, & Dyah Permata Budi Asri. (2026). Tanggung Jawab Hukum Korporasi Atas Kebocoran Data Peserta BPJS Kesehatan Berdasarkan UU No. 27 Tahun 2022: Penelitian. Jurnal Pengabdian Masyarakat Dan Riset Pendidikan, 4(3), 16034–16040. https://doi.org/10.31004/jerkin.v4i3.4575