TEMPO.CO, Jakarta – The Convergence Digital Indonesia Innovative Synergy Association (Kondisi) has raised alarm over concerns regarding the Ministry of Communication and Digital (Komdigi) following the mishandling of sensitive applicant data amid their recent job vacancy announcements.
Recently, the Directorate General of Digital Infrastructure at the Komdigi Ministry announced the availability of nine individual service procurement (PJLP) positions via a letter (B-71/DJID.1/KP.03.01/01/2026) issued by Secretary Indra Maulana on January 8, 2026. However, the process has come under fire due to significant data security flaws.
Applicants were instructed to submit their documents through a link leading to a publicly accessible Google Drive, exposing critical personal data without any protective measures. This oversight was spotlighted by influencer Abil Sudarman, who shared details in an Instagram video that gained widespread attention on January 27, 2026.
Attempts by Tempo to verify the link on January 28, 2026, at 7:00 p.m. Western Indonesian Time revealed that the Google Drive folder had already been restricted. Damar Juniarto, Director of Kondisi, criticized the ministry for its negligence, deeming it a severe error necessitating swift correction.
Damar pointedly noted the irony of the ministry, which played a pivotal role in establishing the Personal Data Protection (PDP) Law, failing to adhere to its principles. He emphasized that if basic applicant data cannot be safeguarded, it raises concerns about the ministry’s capacity to secure sensitive national data.
Kondisi asserted that these events constitute a violation of Articles 16 and 35 of Law Number 27 of 2022 on Personal Data Protection. Article 16 requires data controllers to ensure integrity and confidentiality, while Article 35 mandates measures to prevent unauthorized access.
The ministry’s failure to secure applicant data breaches fundamental principles of Privacy by Design and Privacy by Default, as Damar highlighted. The availability of CVs, identification, and other personal information constitutes a direct violation of confidentiality standards required of data controllers.
Damar urged the Komdigi Ministry to conduct a formal audit and issue breach notifications as stipulated by the PDP Law, which mandates informing affected data subjects within 72 hours of a breach. He expressed concern that inaction regarding audits or public disclosures could set a dangerous precedent for data protection violations, undermining the rights of data subjects.
In addition to immediate compliance responsibilities, Kondisi identified a broader issue stemming from the absence of a specialized oversight authority for personal data protection. Damar noted that a draft regulation to establish such an authority has been pending the President’s signature since late 2025.
As of the time of publication, attempts by Tempo to reach Komdigi Minister Meutya Hafid and Secretary General Ismail for comment have gone unanswered. In his Instagram commentary, influencer Abil Sudarman mockingly referred to this incident as the “most peculiar job vacancy announcement of 2026,” criticizing the flawed application and data handling practices encountered by applicants.
Given the growing concerns around data security, this incident underscores the critical need for organizations to prioritize robust data protection practices. Business owners must remain vigilant against potential vulnerabilities that could expose sensitive information, ensuring compliance with data protection laws and protecting against breaches that could have long-lasting implications.
Read: The Origins of Prabowo Subianto’s Foreign Propaganda Bill
Click here to get the latest news updates from Tempo on Google News
