Jumping into damage control mode following incidents involving massive leak of Aadhaar data on government websites, the Centre has put in new safeguards as part of attempts to save further embarrassment.
Measures rolled out by the government include encrypting Aadhaar data and financial details by all ministries, sensitizing officials about legal consequences of data breach and fixing responsibility of Aadhaar data protection with one official at each ministry.
The Ministry of Electronics and Information Technology has written to all departments on better data security listing out new guidelines, Economic Times reported. As an immediate measure, all ministries and departments have also been asked to review the content of their websites to ensure no personal data is on display.
As per the report, a set of 27 dos and 9 don’ts are being circulated within ministries to educate officials on how to handle data better. This list includes instructions on masking and encryption of Aadhaar data and bank details. The government has also mandated regular audits to check safety of personal data.
"It has come to notice there have been instances wherein personal identity or information of residents, along with Aadhaar numbers and demographic information, and other sensitive personal data ... have been published online," the letter says.
The list of dos include reading the Aadhaar Act carefully and ensuring that data norms are complied with; creating awareness about the consequences of data breach and ensuring swift action on breach. The guidelines also ask officials to control display of full Aadhaar number and all displays must be masked. The guidelines also mandate encryption while storing Aadhaar data and ensuring that the encryption keys are also protected.
The guidelines strictly advise against storing Aadhaar data in unprotected devices like laptops, PCs, smartphones etc., and asks officials to refrain altogether from storing biometric information of Aadhaar holders collected for authentication.
The ministry, in its communication with all ministries, has also informed officials of the legal ramifications in case of reoccurrence of such an incident.
"Publishing identity information, i.e. Aadhaar number along with demographic information is in clear contravention of the provisions of the Aadhaar Act 2016 and constitutes an offence punishable with imprisonment up to 3 years. Further, publishing of financial information including bank details, being sensitive personal data, is also in contravention of provision under IT Act 2000 with violations liable to pay damages by way of compensation to persons affected," the ET report quoted the ministry’s letter saying.
Aadhaar, a 12-digit unique identity number issued on the basis of biometric data, is linked to a person's bank account and used by government agencies to directly transfer benefits of several social welfare schemes.
The government’s latest move comes after reports that data of 130 million Aadhaar cardholders has been leaked from four government websites. Reports, based on a study conducted by the Centre for Internet and Society (CIS), said Aadhaar numbers and details have been leaked.
Unique Identification Authority of India (UIDAI) chairman J. Satyanarayana has also sought to put to rest the concerns about security and privacy of Aadhaar data.
"Concerns about security and privacy can be totally set at rest because the very architecture is designed for security and privacy," he said on Thursday.
He claimed that Aadhaar Act and the regulations were also designed to ensure security and privacy of the data. "As citizens of this country we need not be worried about this. How best to utilise and take advantage of this and make it more efficient and more productive should be our goal," he said.
Satyanarayana said the Aadhaar base was making a huge difference to the country as it was empowering people as single digital platform to prove identity.
He said out of 128 crore population in the country, Aadhaar numbers had been issued to over 115 crore. Over 98 percent of the adult population has Aadhaar number.
"Cumulatively over 700 crore authentications have taken place. Almost 3 to 4 crore identifications are happening every day," he said.
(With agency inputs)