Data Leak Prevention Infographic

Telkom University has issued a University Regulation on Data Leak Prevention as a shared reference for protecting the confidentiality, integrity, and availability of information on campus. Based on SNI ISO/IEC 27001:2022 best practices and aligned with the Personal Data Protection Law, this policy applies to all academics and partners who manage or have access to information assets. This article reviews who is affected, the scope of the regulation (data classification, data lifecycle, user and unit obligations, and third-party compliance), and 7 simple preventative steps that can be implemented immediately. Also included is a guide for reporting incidents through the PuTI e-Ticket, the official channel for handling information security incidents. Use this guide as a brief socialization tool in work units, start labeling documents according to classification, use official sharing channels, and ensure access is via Telkom University Wi-Fi or VPN. Data is protected, academic services are maintained.

Peraturan Pencegahan Kebocoran Data Telkom University (1)
Peraturan Pencegahan Kebocoran Data Telkom University (1)
Peraturan Pencegahan Kebocoran Data Telkom University (3)
Peraturan Pencegahan Kebocoran Data Telkom University (3)
Peraturan Pencegahan Kebocoran Data Telkom University (4)
Peraturan Pencegahan Kebocoran Data Telkom University (4)
Peraturan Pencegahan Kebocoran Data Telkom University (2)
Peraturan Pencegahan Kebocoran Data Telkom University (2)

Telkom University issued Telkom University Regulation No. PU.018/LGL03/PTI/2025 concerning Data Leak Prevention as an umbrella for information security governance. This article explains why this regulation is important, who is affected, our obligations, practical preventive measures, how to report incidents via the Telkom University e-Ticket , and how work units and partners can comply without hampering productivity.

Table of Contents

Why is this regulation important?

The real impact of data leaks

Data breaches aren’t just about “files leaking.” They can disrupt academic services, disrupt teaching and learning, impact an institution’s reputation, trigger legal sanctions, and even undermine public trust. On campus, incidents often start with simple things: sharing documents through unauthorized channels, installing unauthorized apps, using a work device without a lock screen, or using an account without dual authentication.

“Protecting personal data is the right of every citizen and the obligation of every data controller.” — Law No. 27 of 2022 concerning Personal Data Protection (PDP)

Telkom University adopts best practices based on SNI ISO/IEC 27001:2022 —the international standard for Information Security Management Systems (ISMS)—which emphasizes a risk-based approach, technical and organizational controls, and continuous improvement in protecting the confidentiality , integrity , and availability of information.

Who is Affected?

Coverage of community members and partners

This regulation applies to all members of the academic community —lecturers, administrative staff, students—and partners who manage or have access to university information assets. If you have a Tel-U account, access campus email, store research data, manage student data, or use internal applications, you are subject to this policy.

Types of information assets protected

  • Personal data (students, lecturers, educational staff, alumni, partners)
  • Academic and administrative documents
  • Research and innovation data
  • Account credentials, API keys, service tokens
  • Communication archives (emails, ticket systems, meeting minutes, etc.)

What Does the Regulations Say?

1 Data classification: Public, Internal, Confidential

Classification helps determine how to store, share, and protect data.

  • Public : information that is safe to publish (e.g. official press releases).
  • Internal : only for academics/employees, not for the public (e.g. internal memos, SOPs).
  • Confidential : sensitive information (e.g. personal data, student grades, NDAs, unpublished research results).

“Data controllers are required to ensure the security of the personal data they process.” — PDP Law, processing security principles

Practical tip: add a classification label to the file name or metadata (example: Konfidensial_[NamaDokumen].pdf).

2 Data life cycle from inception to destruction

Regulations emphasize end-to-end control :

  1. Collection : collect data as necessary, inform the purpose of processing.
  2. Storage : use official media (university drive/unified storage), encrypt if necessary.
  3. Usage & Sharing : official channels (Tel-U email, NDE/limited access), principle of least privilege .
  4. Disclosure to third parties : a data processing/NDE agreement is required.
  5. Destruction : delete/archive according to retention schedule and secure procedures.

3 User and work unit obligations

  • Maintain credentials and implement dual authentication where available.
  • Mark and protect data according to classification.
  • Using campus VPN/Wi-Fi to access internal systems.
  • Do not install unofficial applications on work devices.
  • Report incidents/suspicions to e-Ticket PuTI without delay.

4 External party compliance (partners/vendors)

All external parties processing Telkom University data are required to comply with this policy, sign an NDE/NDA or data processing agreement, and comply with established security standards.

7 Easy Steps to Prevent Data Leaks (1 Minute Read)

  1. Protect sensitive data with encryption or passwords.
  2. Share confidential documents only through official channels (Tel-U/NDE email).
  3. Apply a classification label to each file (Public/Internal/Confidential).
  4. Avoid downloading/installing unofficial apps on work devices.
  5. Enable automatic screen lock on your work laptop/phone.
  6. Store data on official university devices & storage.
  7. Use Tel-U Wi-Fi or official VPN when accessing internal data.

“Information security is a shared responsibility—every individual plays a role.” — Telkom University PuTI Directorate

How to Report an Information Security Incident

1 What is meant by an incident?

Any event that has the potential to compromise the confidentiality, integrity, or availability of data/systems. Examples:

  • Sensitive email/content was sent to the wrong recipient.
  • Account feels hacked (suspicious login, unrecognized changes).
  • Device lost/stolen.
  • Important files deleted/encrypted ( ransomware ).
  • Suspicious links/phishing that you click on or receive.

2 Official channels: PuTI e-Ticket Application

  • Address : https://satu.telkomuniversity.ac.id
  • What needs to be prepared : summary of the incident, time of incident, system/account affected, initial steps taken (if any), screenshot evidence if safe.
  • Do not send personal data via email/WA replies—just refer to the ticket number.

3 Principles of 3T during an incident: Calm, Prevent, Ticket

  1. Calm down – stop risky activities, do not share any further sensitive information.
  2. Counter – change password, disconnect from public network if necessary, enable remote wipe on lost device.
  3. Ticket – create a report in PuTI e-Ticket for structured handling.

Devices, Accounts, and Apps: Hassle-Free Security Habits

1 Account and authentication

  • Use a strong password (mix of letters, numbers, symbols, length ≥12).
  • Enable MFA if available.
  • Don’t use the same password on multiple systems.
  • Be wary of unrecognized login notifications.

2 Email & collaboration

  • Discuss confidential data via Tel-U email or official collaboration channels.
  • Double- check the recipient’s address ; use a 1–2 minute delay send to prevent misdirection.
  • Use restricted access when sharing files; periodically review who has access rights.

3 Work devices

  • Only install trusted apps and update them regularly.
  • Enable firewall & antivirus .
  • Separate personal and work data as much as possible (separate profiles/accounts).
  • When presenting, turn off notifications to avoid displaying sensitive information.

Work Unit Responsibilities: From Policy to Daily Practice

1 Appointment of PIC of information security unit

It is recommended that each faculty/directorate/UPT appoint an information security PIC to:

  • Coordinate short socializations (≤10 minutes) at unit meetings.
  • Consolidate questions/complaints to PuTI.
  • Monitor daily compliance checklist (VPN, classification, shared channels, etc.).
  • Managing least privilege lists and periodic reviews.

2 Integration into work processes

  • Add data classification to the document template.
  • Distribute infographic posters on internal channels (intranet, bulletin boards).
  • Include a security reminder in the monthly meeting agenda.
  • Use the acknowledgement form to let staff know they have read the rules.

Partners and Vendors: Together We Maintain the Chain of Security

Terms for third parties

  • Sign the NDE/NDA and data processing agreement when accessing Tel-U data.
  • Implement equivalent security controls (encryption, access control, auditing).
  • Report security incidents involving Tel-U data without delay through official channels.

FAQ

Q1. What’s the difference between “Internal” and “Confidential”?
Internal is for staff only and is safe within the internal environment; Confidential has a high impact if leaked (personal data, strategies, sensitive research) and requires extra protection (encryption, restricted access).

Q2. Can I share files through private services?
Not recommended. Use official university repositories . If you must collaborate with external parties, request access guidance from the PIC/PuTI and ensure appropriate agreements are in place.

Q3. I was mistakenly sent an email containing sensitive data. What should I do?
Immediately revoke access /retract the message if possible, contact the recipient to delete it, and then create an incident ticket. Don’t delay.

Q4. Is the data on my personal device included?
If a personal device is used for campus work (BYOD), the duty of care still applies. Enable screen locks, encryption, and use only authorized channels.

Q5. Can I store research data in public cloud services?
Follow the official storage policies . For confidential/copyrighted data, consult the research unit and PuTI; ensure that access controls and data location are in place.

Brief Case Study: “A Near-Fatal Misdelivery”

A staff member sent a spreadsheet containing participant data to an external email address due to the auto-complete feature . Fortunately, the file was labeled Confidential and password- protected . The staff member immediately reported it through PuTI’s e-Ticket , contacted the recipient to delete the file, and changed the password. The PuTI team closed the incident after verifying the deletion.
Lesson learned: label + password + fast ticket = minimal impact.

Unit Compliance Checklist (Printable)

Every week:

  • Review shared folder access rights.
  • Random test of password quality (length, uniqueness).
  • Make sure system updates & antivirus are running.
  • Whitelist the applications that can be installed (whitelist ) .
  • Remind team: Tel-U VPN/Wi-Fi for internal access .

Each month:

  • 10 minute socialization (classification & sharing channel).
  • Quick audit of link sharing: remove unnecessary access.
  • Phishing awareness simulation (in collaboration with PuTI).
  • Secure archiving/destruction of expired documents according to retention.

How Does This Regulation Align with Standards and Laws?

ISO/IEC 27001:2022 (SNI)

This standard requires organizations to implement a risk-based Information Security Management System (ISMS) . Essential elements include risk assessment, Annex A controls (policy, access, cryptography, vendor, resilience), and the Plan-Do-Check-Act cycle .

“ISO/IEC 27001 specifies the requirements for establishing, implementing, maintaining and continually improving an ISMS.” — ISO/IEC 27001:2022, overview

Personal Data Protection Act (PDP Act)

The Personal Data Protection Law requires transparency, purpose limitation, data minimization, accuracy, retention limits, integrity and confidentiality, and accountability. For universities processing academic staff’s personal data, these obligations are particularly relevant—from the legal basis for processing, data subject rights , to reporting incidents to authorities if they meet certain criteria.

“Data controllers are required to notify any failure in the protection of personal data.” — PDP Law, incident notification obligation

With this university regulation, Telkom University emphasizes internal compliance with global best practices and national provisions.

What Has Changed for Us Every Day?

  • Be more disciplined in choosing channels : stop sharing important data via private channels; use official channels.
  • More classification awareness : all documents/units adopt standard labels.
  • Faster reporting : e-Ticket as a single door for reporting and coordination.
  • More streamlined access management : access rights are reviewed periodically; least privilege applies.
  • It’s safer to collaborate with partners : contracts and controls are clear from the start.

Facing Common Challenges

“It slows down the process.”
Use document templates , structured folders with labels, and access rights automation. Once you get used to it, your work speed actually increases because the risk of errors is reduced.

“Lots of legacy applications.”
Prioritize access control, network segmentation, and a phased migration plan. Always install compensating controls (audit, logging, and functional restrictions).

“I often work mobile.”
Use Tel-U VPN/Wi-Fi, enable screen lock & device encryption, and save work files in official, synced storage.

Official Sources & References

  • Telkom University Regulation Number PU.018/LGL03/PTI/2025 concerning Data Leak Prevention – (official campus short link).
  • SNI ISO/IEC 27001:2022 – Information security, cybersecurity and privacy protection — ISMS (summary on ISO website; full document licensed).
  • Law No. 27 of 2022 concerning Personal Data Protection (PDP Law) – an official document of the government of the Republic of Indonesia.
  • Directorate of Information Technology Center (PuTI) Telkom University – socialization channel & e-Ticket :https://satu.telkomuniversity.ac.id.

Note : Some standard documents (e.g., ISO/IEC 27001) are paid materials. Summaries/overviews are publicly available, while the full text is available through official/licensed channels.

Call to Action

  1. Read the full rules and save the link.
  2. Download & share the infographic to your unit/faculty channel.
  3. Label the documents you manage starting today.
  4. Check work devices : screen lock, antivirus, latest updates.
  5. 10-minute socialization at the nearest unit meeting.
  6. Report the incident immediately via PuTI e-Ticket .

Information security doesn’t depend on a single system or team. It relies on small habits repeated daily—by all of us. With shared discipline, Telkom University can continue to provide reliable academic services, uphold its scientific integrity, and protect the rights of its academic community.

Contact Information

  • Helpdesk & Reporting : https://satu.telkomuniversity.ac.id(e-Ticket PuTI)
  • Management Unit : Directorate of Information Technology Center (PuTI) Telkom University

Conclusion:
Let’s make information security a part of Tel-U’s work culture. Protected data means a secure academic future .

Tags
ManMuTI PuTI
ManMuTI PuTI

https://dataverse.telkomuniversity.ac.id/

Articles: 61

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Discover more from Direktorat Pusat Teknologi Informasi

Subscribe now to keep reading and get access to the full archive.

Continue reading

Secret Link