(a): Unique Identification Authority of India (UIDAI) is fully alive to the need to maintain highest level of data security and is deploying the necessary technology and infrastructure. The architecture of Aadhaar ecosystem has been designed to ensure privacy, non-duplication, data integrity and other related management aspects of security in Aadhaar database. Security is an integral part of the system from the initial design to the final stage. Security of Aadhaar data is monitored at all the times i.e. at rest, in transit and in storage. Privacy of personal data is fully ensured, without sacrificing the utility of the project. UIDAI has been declared ISO 27001:2013 certified by STQC with respect to Information Security which has added another layer of information security assurance. In pursuance of sub-section (1) of Section 70 of the IT Act 2000, UIDAI data has also been declared as protected system by National Critical Information Infrastructure Protection Centre.
Additionally, various policies and procedures have been defined clearly which are reviewed and updated continually thereby appropriately controlling and monitoring any movement of people, material and data in and out of UIDAI premises, particularly the data centres. Further, strengthening of security of data is an ongoing process, and all possible steps are being taken in this regard. Chapter VI (Protection of Information) of The Aadhaar (Targeted Delivery of Financial and other Subsidies, Benefits and Services) Act, 2016 (“The Aadhaar Act”) and the Aadhaar (Data Security) Regulations, 2016 framed there under have been specifically drafted keeping in account the various security requirements in respect of data collected by UIDAI.
Aadhaar data has not been categorised on the basis of age-group, religion, caste, community, class, ethnicity, income, health etc. of applicants. UIDAI data protection infrastructure protects all the data collected by UIDAI and is not specific to groups.
In addition to above, the Information Technology (IT) Act, 2000 provides legal framework for data protection. Section 43A of the Information Technology (IT) Act, 2000 establishes a legal framework for data privacy protection in India. The section provides for compensation to be paid to the victim in case of unauthorized access of information and leakage of sensitive personal information respectively. It mandates ‘body corporates’ to implement ‘reasonable security practices’ for protecting ‘sensitive personal information’ of individuals.
(b): There are no incidents reported of breach of Aadhaar data.
(c): Ministry of Electronics & Information Technology is working on a framework for Data Protection Law to protect personal data.
(d) and (e): There has been no leakage of Aadhaar data from UIDAI. Government has not set up any cross functional committee to check cyber crimes.
(f): Does not arise.
*******
Download PDF Files
