Question : PROTECTION FROM MISUSE OF DATA



(a) whether a mechanism has been evolved to determine which bodies/persons would have access to the information collected by the Unique Identification Authority of India;

(b) if so, the details thereof;

(c) whether procedures have been established to protect misuse of this data; and

(d) if so, the details thereof?

Answer given by the minister


MINISTER OF STATE FOR PLANNING, SCIENCE & TECHNOLOGY AND EARTH SCIENCES (DR. ASHWANI KUMAR)

(a): No access of UIDAI data base is provided to any external person or organization, except in accordance with the policies laid down by UIDAI from time to time.

(b): Does not arise, in view of (a) above.

(c) & (d): In order to ensure that confidentiality of the data is maintained, UIDAI does not allow download of the data from its CIDR and will answer queries only in ‘Yes’ or ‘No’ .

A number of processes have been put in place to ensure that the data collected by UIDAI is not accessed in unauthorized manner. These include the encryption of data at source, immediately on completion of enrolment; transfer of data to the data centre in encrypted and zipped format which is tamper proof; putting standard security infrastructure such as virtual providers, firewalls and intrusion prevention system in place and limiting physical access to UIDAI infrastructure and data to authorized personnel only. UIDAI has also issued data protection and security guidelines for Registrars, Enrolment Agencies, Logistics Service Providers, UIDAI Employees, Authentication User Agencies, and Data Centre Service Providers.