Citizens will have the choice to never disclose their 12-digit Aadhaar number even to government agencies mandated by the law to store the unique identity number, according to a top official in the central agency which announced a series of measures to strengthen the security of personal information stored on its database.
“Even to the income tax department or other agencies required by law to map Aadhaar, people don’t have to give their Aadhaar number and can authenticate using the Virtual ID,” Ajay Bhushan Pandey, CEO of the Unique Identification Authority of India (UIDAI) told ET in an exclusive interview. The new measures come into effect from June of this year. “Aadhaar will not come on the front-end device unless the customer gives it by choice,” said Pandey. Even during activities such as filing for tax returns online, giving the virtual ID number in lieu of Aadhaar will make the transaction go through.
In one of the most significant security upgrades by the eight-year old agency, the UIDAI announced the creation of a “virtual ID” which can be used in lieu of the 12-digit Aadhaar number at the time of authentication for any service. It also limited the information visible to authentication agencies. The measures are expected to strengthen privacy and prevent profiling of people by combining dozens of databases linked to Aadhaar in the country.
The citizens will also have the choice for the reverse — which is to not generate their virtual IDs and continue using their Aadhaar numbers each time.
“(But) we have ensured that even service providers who are not supposed to store Aadhaar will be able to authenticate using it but their networks will not be able to save the information in any form.” Pandey added that in case service providers resort to unscrupulous means of retrieving the Aadhaar number, they will be conducting a “criminal offence” and will be punished by the law.
On Wednesday, UIDAI also introduced a feature of limited KYC for its authentication agencies to restrict full access of the demographic data. The agency will confirm the exact information required by over 350 of its authentication agencies.
“We will question them under which law they require the KYCs that they are asking for. Finally, the government and the law will define which service providers should be provided how much data. If an agency needs only name and address, why should they be given more?” said Pandey.
UIDAI will conduct these discussions over the next few weeks and will ready its own systems by March. “By June 1, all the authentication agencies will have to implement the new system, if they don’t do this, their licence will be revoked and they will be relisted only when they are ready.” #KhabarLive