The Unique Identification Authority of India (UIDAI) refined new guidelines for ‘Requesting Entities’ that state citizens must be aware of how much and what personal information they disclose when being authenticated with their personal Aadhaar national ID number.
Entities are required to seek consent of residents with a Aadhaar ID before authentication into a corporate or government system which leverages their personal information.
The Aadhaar Act also emphasises that all logs of authentication attempts have an expiry date when any record of personal information or consent given should be deleted.
Requesting entities such as government services, local administration councils and enterprises that provide Aadhaar authentication services have a duty to disclose biographic, biometric or demographic information to the Central Identities Data Repository. Every residents personal Aadhaar number used to authenticate and prove genuine users should be confidential and secured during authentication.
The UIDAI called for entities to report suspicious attempts around authentication such as impersonation or theft of user identities and false pretences of being the ID holder.
The release continued to state that requesting entities should not allow a Aadhaar number to be read either electronically or on a physical document without obscuring the first 8 digits and Aadhaar numbers should be erased unless with authorisation to be maintained.
“These entities need to be courteous to residents and assure them about the security and confidentiality of their Aadhaar while conducting offline verification”.
Aadhaar is residents’ digital ID, and it works as a single source of online and offline identity verification for residents across the country.