Aadhaar and Data Security : The Questions You Might Have
Ever since the Aadhar system for personal identification rolled out, government has remained stringent about its norms and usage for availing various financial services and governmental benefits. For those who are still not well acquainted with Aadhar, here is a brief explanation. Aadhar is a 12 digit unique identification number issued by the Unique Identification Authority of India (UIDAI) to Indian residents. The number is issued after completing a verification process laid down by the UIDAI that involves submission of address proof, date of birth, bio-metrics and IRIS scan.
Table of Contents
- 1 Guest Tips : Data Security
- 2 Privacy protection Norms to Ensure Confidentiality of The Resident
- 3 Collecting limited information
- 4 Tracking or Profiling Information is Not Collected
- 5 Information Release
- 6 No Linking of UIDAI information database to other databases
- 7 Steps Taken By UIDAI for Data Protection
- 8 Criminal Penalties for Unauthorized Access to UIDAI Data
- 9 Security Concerns That Are Still Unaddressed
- 10 You may also read
Guest Tips : Data Security
Getting your Aadhar card has become extremely important as government has made it mandatory for carrying out financial transactions and to take benefit of several social schemes. But, the extreme involvement of third parties in collecting data for Aadhar card verification has left people skeptical about the safety and protection of all the personal information being shared to unknown sources.
Even though UIDAI has mentioned several times that people should not worry about the safeguarding and protection of their personal information as it is their obligation to ensure complete confidentiality and safety of whatever data they are collecting, people are not entirely convinced with their claim.
So, to end all the queries that you might be having about to know Aadhaar card status & data security, here are the protective measures UIDAI is taking to keep your information confidential.
Privacy protection Norms to Ensure Confidentiality of The Resident
Protecting the information of an individual is inherently available in the design of the UID project, which is primarily done by the allocation of random 12 digit numbers that do not reveal anything about an individual. In addition to this, there are several other measures UID has taken to safeguard the interests of the residents and to fulfill their objective of data security and collection. Some of the primary data security measures are:
Collecting limited information
The information collected by UIDAI is based on basic fields like name, gender, date of birth, address, parents/guardians name, fingerprints, IRIS scan, and photograph.
Tracking or Profiling Information is Not Collected
As per the policy designed by UIDAI, no data collection agency can collect sensitive information about an individual like religion, caste, class, income, community, income, and ethnicity. Thus it is impossible for anyone to profile individuals using the UID system.
The only response that anyone would receive from the UIDAI system for verifying the identity will either be ‘yes’ or ‘no’. The system is designed in a way that it will not reveal anything from the database other than this.
No Linking of UIDAI information database to other databases
The UIDAI database is not linked to any other database or system in any way which may threaten the safety of the information collected. The only purpose of Aadhaar database is to verify the identity of an individual while getting any service, which shall only be provided after the consent of the Aadhaar holder.
The UIDAI database is heavily guarded both electronically as well as physically with exception to a few individuals with extremely high clearance. The best in class encryption features are being used to protect the data in a highly secured vault and every access to that vault is properly logged for future reference.
Steps Taken By UIDAI for Data Protection
As we have already mentioned that UIDAI is obligated to ensure confidentiality and security of data collected, the organization has taken up all the stringent and comprehensive steps to ensure safety and integrity of the information they are collecting. Protocols for security and storage have been established and the UIDAI security guidelines are published on their website.
The severe penalty will be imposed on any kind of security violation or disclosure of the identity information. Also, a penal of consequences is also established for unauthorized access of CIDR that includes tracking and hacking. There will be penalties for tampering with the data available in the CIDR of UIDAI database.
If you have any concerns regarding the penalties envisaged against the unauthorized access to UIDAI data or for any possible fraudulent activity, then below is the answer to your concern:
- Impersonating your identity by providing false demographic and biometric information is a criminal offense for which a fine of Rs.10,000 along with imprisonment for 3 years will be imposed on the perpetrator.
- Appropriating the identity of an Aadhaar holder by changing the biometric or demographic information is an offense for which the penalty of Rs. 10,000 and 3 years imprisonment will be imposed.
- Presenting yourself as an agency associated with UIDAI for data collection will lead to the imprisonment of 3 years along with Rs. 1 lakh fine will be levied on the company and the fine of Rs.10,000 will be imposed on an individual.
- Transmitting someone’s personal information collected for UIDAI enrolment intentionally to someone else will be a criminal offense attracting a penalty of Rs.10,000 along with imprisonment of 3 years for an individual and Rs. 1 lakh for a company.
- Any kind of unauthorized access to CIDR that includes hacking of information is an offense that attracts a penalty of Rs. 1 crore along with 3 years of imprisonment.
- Tampering with CIDR repository leads to the imprisonment of 3 years and a monetary fine of Rs.10,000.
- Sharing biometric data of someone else can lead to imprisonment of 3 years and fine of Rs.10,000.
Security Concerns That Are Still Unaddressed
Despite having a stringent security system in place and criminal penalties imposed on all kind of data security breach, the concerns over data security are still very there because of the involvement of third parties in collecting such confidential data. However, a majority of experts time and again have backed the security claims made by UIDAI stating that several governmental agencies like Passport Authority of India have been using third-party agencies for collecting biometric and demographic information.
If we take this into perspective, it can be said that the involvement of third-party agencies is not something that is happening with government services for the first time. In addition to that, the government has kept some legal status in place that prevents third-party agencies from breaching the security of Aadhaar data information. They are only given the responsibility of collecting and transmitting the encrypted data to UIDAI directly and receive acknowledgment for their service. Also, UIDAI has well-placed measures for security and data protection that prevents any kind of security breach to confidential data.
You may also read
But, as some experts say, you can ever rule out the possibility of a mischief or error as ultimately what we are using is a system. Hence, whether it is run by a government or a private agency the risk of human error will always be there.
If You have any doubt then Comment Box is open.
People may also want to know : Aadhar Card Apply, Data Security, Aadhar Card Update, New Aadhar Card Apply,