Perhaps the most comprehensive data privacy standard to date for Indonesia, the Ministry of Communication and Informatics Rules (PeraturanMenteriKominfo) No.20/2016 presents a significant challenge for organizations that process the personal data of Indonesia citizens.

Thales e-Security can help you comply with the critical point 15.2, 21.1 and 28.eMinistry of Communication and Informatics rules related to:

The encryption of personal data.

The unauthorized access to personal data.

Detailed data access audit logs for audit purpose.


Ministry of Communication and Informatics Rules No.20/2016 Overview

Ministry of Communication and Informatics Rules No.20/2016is designed to improve personal data protections and increase organizational accountability for data breaches. If your organization is located in Indonesia, if it processes or controls the personal data of Indonesia residents, you need to be ready.

Specific Requirements

Some of the key provisions of theMinistry of Communication and Informatics Rules No.20/2016require organizations to:

“The encryption of personal data.” (15.2)

“The unauthorized access to personal data.” (21.1)

“Detailed data access audit logs.”(28.e)


Encrypt Both Structured and Unstructured Data

Vormetric file-based transparent encryption provides the kind of “state of the art” data protection the Ministry of Communication and Informatics Rules No.20/2016specifies. Using Vormetric’s encryption, your organization can render private data unintelligible to a cyber-intruder even in the event of a breach, thereby avoiding the breach notification requirement outlined in 15.2, 21.1, 28.e. The Article states that notification to the data subject shall not be required if the organization “has implemented appropriate technical and organizational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person who is not authorized to access it, such as encryption.”

In addition to avoiding a costly breach notification process, you can prevent substantial reputational damage resulting from a publicized breach.

Prevent Unauthorized Access to Personal Data

Thales e-Security products and solutions help our customers prevent unauthorized access to personal data, thus enabling compliance with 15.2, 21.1, 28.e. Specifically, our Vormetric Data Security Platform enables separation of duties between privileged administrators and data owners, and supports two-factor authentication. Our nShield HSMs also help customers set up high-assurance authentication of users and processes attempting to access personal data.

Test, Assess and Evaluate Data Security Effectiveness

Vormetric’s Security Intelligence produces detailed security event logs that are easy to integrate with Security Information and Event Management (SIEM) systems to produce the kind of security reports necessary for Ministry of Communication and Informatics Rules No.20/2016compliance. These enterprise network security information logs produce an auditable trail of permitted and denied access attempts from users and processes, delivering unprecedented insight into file access activities. These enterprise network security information logs can report unusual or improper data access and accelerate the detection of insider threats, hackers and the presence of advanced persistent threats that defeat perimeter security.

Related Resources

Data Sheets : Vormetric Data Security Platform

The Vormetric Data Security Platform makes it efficient to manage data-at-rest security across your entire organization. Built on an extensible infrastructure, Vormetric Data Security Platform products can be deployed individually, while sharing efficient, centralized key management


Brochures : nShield HSM Family Brochure

The Thales nShield family of general purpose hardware security modules (HSMs) enhances the security and performance of server-based applications that handle your most sensitive data


Research and Whitepapers : Addressing Key Provisions of the Permenkominfo No.20/2016

Data encryption and key management strategies to develop a compliant posture