(a): As per Section 3(1) of the Aadhaar Act, 2016, every resident shall be entitled to obtain an Aadhaar number by submitting his demographic information and biometric information by undergoing the process of enrolment. During enrolment for Aadhaar, only following minimum information is collected as per regulations 3, 4 and 5 of Aadhaar (Enrolment and update) Regulations 2016:-
1. Biometric Information - (i) Facial image (ii) All ten fingerprints; and (iii) Scans of both irises.
2. Demographic Information: (i) Name (ii) Date of Birth (iii) Gender (iv) Residential Address (v) Mobile number (optional) and (vi) Email address (optional).
(b), (c) and (d): There has not been any instance of data breach from Aadhaar database (Central Identities Data Repository). For security of Aadhaar data centres, Unique Identification Authority of India (UIDAI) has a well-designed, multi-layer robust security system in place and the same is being constantly upgraded to maintain highest level of data security and integrity. The architecture of Aadhaar ecosystem has been designed to ensure security and privacy, which is an integral part of the system from the initial design to the final stage.
Comprehensive Information Security Policy and Procedures are in place which are reviewed and updated regularly, ensuring appropriate monitoring and control on movement of people, material and data in and out of UIDAI premises, particularly the data centres.
UIDAI data is fully secured/ encrypted at all times i.e. at rest, in transit and in storage. For further strengthening of security, security audits are conducted on regular basis.
Additionally, there are multiple layers of security at physical level in UIDAI Data Centres and is being managed by armed CISF personnel round the clock.
The security assurance of Aadhaar ecosystem has been strengthened with enactment of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 and subsequently the Aadhaar and Other Laws (Amendment) Act, 2019, which has stringent penalties/punishments for offenders.
UIDAI has been declared ISO 27001:2013 certified with respect to information security which has added another layer of IT security assurance. In pursuance of sub-section (1) of Section 70 of the IT Act 2000, UIDAI has also been declared as Protected System by National Critical Information Infrastructure Protection Centre.
Aadhaar database has only minimal information given at the time of enrolment and update by the resident to establish his identity. No information relating to bank account, shares, mutual funds, financial and property details, health records, family, caste, religion, education etc. is stored in Aadhaar database.
******
Download PDF Files
