Department of Technology issues guidelines for protecting Aadhaar data months after information leaks

On 22 May, the government issued “general guidelines” for protecting the identity and “sensitive personal data or information” of people with Aadhaar cards.

“The objective of this document is to assist the various government departments that collect, receive, posses, store, deal or handle personal information including sensitive personal information or identity information,” said the document.

The document naturally contains some information obvious but crucial for protecting the privacy and identity of Aadhaar card holders.

For example, it instructs government departments not to “publish any personal identifiable data including Aadhaar in public domain/websites etc.”

It also asks them not to “store any Aadhaar based data in any unprotected endpoint devices”, not to “capture/store/use Aadhaar data without consent of the resident as per Aadhaar act”, not to disclose any Aadhaar-linked information to any unauthorised agency and not to permit any authorised persons to get access to stored Aadhaar data and authentication license key.

Apart from the fact that such guidelines are rather obvious, one cannot help but think about whether the government should have given these guidelines long before 22 May.

After all, the instances of data leak on official websites, including a portal of the Jharkhand government displaying Aadhaar numbers of lakhs of pension beneficiaries, took place before the guidelines were issued. The breach of the Jharkhand government portal involved Aadhaar, mobile numbers and bank details.

There had also been media reports that the website of the Food and Civil Supplies Department of Chandigarh publicised Aadhaar numbers of PDS beneficiaries.

Earlier, cricketer MS Dhoni’s personal Aadhaar details too were leaked.

Whether these incidents could have been avoided if the guidelines had been issued earlier is debatable. But the issuance of these guidelines at the earliest would have at least given the impression that the government does care about privacy and identity protection.


[Copyright By IST]