Official promises end to security fears
To address privacy and security concerns over Aadhaar, the Centre is in the process of educating government agencies that sensitive data must not be made public, and is drafting amendments to the Information Technology (IT) Act to strengthen provisions for data protection and security.
Apart from privacy issues, the new IT law will quell security concerns related to digital payments, Aruna Sundararajan, Secretary, Union Electronics and Information Technology Ministry, told The Hindu. Her comments assume significance as Aadhaar’s original architect and former Infosys CEO, Nandan Nilekani, recently mooted the need for strong data protection and privacy laws to ensure citizen data in the Unique Identification (UID) database was not misused.
Plugging data leakage
Close to 135 million Aadhaar numbers and 100 million bank account numbers could have leaked from official portals dealing with government programmes of pensions and rural employment, according to a report by the Centre for Internet and Society (CIS) published on Monday. With Aadhaar being used to authenticate and authorise transactions, the financial risks presented by the disclosure of such data are greatly exacerbated, it said.
“Actually, Aadhaar has very strong privacy regulation built into it... But the area we are working on is enforcement,” Ms. Sundararajan said.
“People are not aware so a large number of government agencies are making available all this sensitive data. So now, the process is to educate them so that they become aware that Aadhaar data is not meant to be published like this freely,” she said.
“No Aadhaar data can be shared with anybody or be used for anything purpose other than for which it was collected. There are several limitations imposed by the Act,” she said.
As per the CIS report, the data in question has not been treated as confidential at all in several cases and the government agencies in question have, in fact, taken pains to publish them. “ These are wilful and intentional instances of treating Aadhaar numbers and other personally identifiable information (PII) as publicly shareable data by the custodians of the data,” the CIS report noted.
Legal changes
“Some of the amendments we are bringing to the IT Act should take care of the rest of the (privacy and data protection) concerns relating to Aadhaar,” Ms. Sundararajan said. The key focus of these amendments being drafted, she said, is strengthening data protection provisions and security, particularly in relation to digital payments.
