(a) whether a mechanism has been evolved to determine which bodies/persons would have
access to the information collected by the Unique Identification Authority of India;
(b) if so, the details thereof;
(c) whether procedures have been established to protect misuse of this data; and
(d) if so, the details thereof?
MINISTER OF STATE FOR PLANNING, SCIENCE & TECHNOLOGY AND EARTH SCIENCES (DR. ASHWANI KUMAR)
(a): No access of UIDAI data base is provided to any external person or organization,
except in accordance with the policies laid down by UIDAI from time to time.
(b): Does not arise, in view of (a) above.
(c) & (d): In order to ensure that confidentiality of the data is maintained, UIDAI
does not allow download of the data from its CIDR and will answer queries only in ‘Yes’ or ‘No’ .
A number of processes have been put in place to ensure that the data collected by
UIDAI is not accessed in unauthorized manner. These include the encryption of data at
source, immediately on completion of enrolment; transfer of data to the data centre in
encrypted and zipped format which is tamper proof; putting standard security infrastructure
such as virtual providers, firewalls and intrusion prevention system in place and limiting
physical access to UIDAI infrastructure and data to authorized personnel only. UIDAI has
also issued data protection and security guidelines for Registrars, Enrolment Agencies,
Logistics Service Providers, UIDAI Employees, Authentication User Agencies, and Data
Centre Service Providers.