New Delhi, October 16: Aadhaar number is a 12-digit unique identity number that is issued to all citizens of India by the Unique Identification Authority of India (UIDAI). The residents of India have to satisfy the verification process laid down by the UIDAI. Any individual, irrespective of age and gender, who is a resident of India, can get an Aadhaar card. An individual willing to get an Aadhaar has to provide minimal demographic and biometric information during the enrolment process which is totally free of cost.

The uniqueness is achieved through the process of demographic and biometric de-duplication. However, there are several questions related to the security and privacy of the UIDAI system that usually cross our minds. The protection of the individual, and the safeguarding their information is a top priority of the government. From having a random number which does not reveal anything about the individual to other features listed below, the UID project keeps the interest of the resident at the core of its purpose and objectives. Aadhaar Myth Buster: Can Someone Hack Your Bank Account if They Get to Know Your 12-Digit Unique Aadhaar Number? Here’s the Fact.

Here's How The UIDAI Protect Your Biometric Information?

Collecting limited information: The data collected by UIDAI is purely to issue Aadhaar, and confirm the identity of Aadhaar holders. The UIDAI collects basic data fields to establish identity this includes Name, Date of Birth, Gender, Address, Parent/ Guardian's name essential for children but not for others, mobile number and email id is optional as well. The UIDAI collects biometric information to establish uniqueness therefore collecting photo, 10 finger prints and iris.

No profiling and tracking information collected: UIDAI policy bars it from collecting sensitive personal information such as religion, caste, community, class, ethnicity, income and health. The profiling of individuals is therefore not possible through the UID system, since the data collected is limited to that required for identification and identity confirmation. The UIDAI had dropped the place of birth data field part of the initial list of information it planned to collect based on feedback from CSOs that it could lead to profiling.

The UIDAI also does not collect any transaction records of the individual. The records of an individual confirming their identity through Aadhaar will only reflect that such a confirmation happened. This limited information will be retained for a short period time in the interest of the resident, to resolve any disputes.

Release of information - yes or no response: The UIDAI is barred from revealing personal information in Aadhaar database the only response permitted is yes or no to requests to verify an identity The only exceptions are the order of a High court , or the order of a secretary, in case of national security . This is a reasonable exception and is clear and precise. This approach is also in line with security norms followed in US and Europe on access to data in case of a security threat.

Data protection and privacy: The UIDAI has the obligation to ensure the security and confidentiality of the data collected . The data will be collected on software provided by the UIDAI and encrypted to prevent leaks in transit. Trained and certified enrollers will collect the information, who will not have access to the data being collected. The UIDAI has a comprehensive security policy to ensure the safety and integrity of its data. It will publish more details on this, including the Information Security Plan and Policies for the CIDR and mechanisms for auditing the compliance of the UIDAI and its contracting agencies.

In addition, there will be strict security and storage protocols in place. Penalties for any security violation will be severe, and include penalties for disclosing identity information . There are penal consequences for unauthorised access to CIDR including hacking , and penalties for tampering with data in the CIDR under the Aadhaar Act, 2016 .

Convergence and linking of UIDAI information to other databases: The UID database is not linked to any other databases, or to information held in other databases. Its only purpose will be to verify a person's identity at the point of receiving a service, and that too with the consent of Aadhaar holder. The UID database will be guarded both physically and electronically by a few select individuals with high clearance. It will not be available even for many members of the UID staff and will be secured with the best encryption, and in a highly secure data vault. All access details will be properly logged.

The unique identity number gives nationwide portability as it can be authenticated anywhere online by individuals. This is critical as millions of Indians migrate from one state to another or from rural area to urban centers etc. The uniqueness of Aadhaar is achieved through process of demographic and biometric de-duplication. An individual needs to enroll for Aadhaar only once and after de-duplication only one Aadhaar shall be generated. In case, the resident enrolls more than once, the subsequent enrolments will be rejected.

(The above story first appeared on LatestLY on Oct 16, 2020 02:20 PM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website