In the last few months several reports indicated a breach of Aadhar database which has established the scope for widespread data leakage in the future also. Dismissing such reports, the UIDAI confirmed that there has been no breach of Aadhar data or creation of parallel databases. It has said that the personal (biometric) data of an individual in possession of the UIDAI is completely safe and secure. There is no misuse of Aadhar biometrics leading to identity theft or financial loss, as per the media reports.
Taking into account the significance of Aadhar, India lost out on a big opportunity to pass security laws for data which are present in the developed countries to maintain such huge databases. This can be attributed to the fact that there is little societal consensus and understanding of privacy. People are not aware of the privacy laws and their right to privacy in general.
But it should be noted that any collection of a large amount of sensitive data concerned with individual identity in the form of biometrics is always vulnerable due to the increasing technical capabilities of state and non-state actors (generally state sponsored). But the reports of data breach must be seen with a pattern of individual incident or mass leakage.
- Surprisingly, in case of breach of data, an individual cannot approach the judiciary for violation of its privacy rights. It is the exclusive domain of the UIDAI to approach the court for the delivery of justice.
- Looking as per legal terminologies, the Section 43 of Information Technology Act mandates the corporate body (in-charge) for the maintenance and security of all the sensitive information in such cases. Similarly, in this case, UIDAI or their agencies must be held responsible and liable for security of the data where they should be criminally prosecuted in case of a violation of the above provision. Surprisingly, these provisions are absent in the Aadhar Act.
- Aadhar Act has no provision for compensation also for the person whose data is breached.
Benefits of Aadhar
- It is an important tool to pursue the objectives of good governance and empowerment of people.
- It has already helped more than 4.47 crore people to open their bank accounts through Aadhaar e-KYC and participate in the financial inclusion drive of the government.
- It has enabled the Union Government to prevent leakages from multiple social sector schemes through Direct Benefit Transfers such as LPG subsidy. It has helped the exchequer save over Rs 49,000 crore during the last two and half years.
- Public distribution systemsbased on Aadhar technology has enabled the government to ensurethat the food grain entitlements are given only to the deserving beneficiaries and are not usurped by ghost claimants.
- The provisions for security of data are not covered under the Aadhar Act.
- As Aadhar Act was passed as the money bill so the UIDAI has not been given the corporate entity status for them to be liable and prosecuted.
- As the biometric details of the individual are permanent in character, therefore, in case of breach of date even once, it will invite a serious compromise on citizen’s security. We should note that it cannot be changed like bank data such as ATM pin or net banking passwords.
Actions taken by UIDAI
- UIDAI is continuously updating its security parameters and looks for the new threats in the cyber space.
- It has recently decided to have registered devices for capturing biometrics data and ensure that such biometrics will be encrypted at the point of capture itself.