Last updated on July 15th, 2023 at 03:52 pm
The Unique Identification Authority of India (UIDAI) has highlighted that entities are required to obtain residents’ informed consent either on paper or electronically before carrying out Aadhaar authentications in its new guidelines for Requesting Entities (REs).
The UIDAI has urged REs to ensure that residents understand the type of data being collected and the purpose of Aadhaar authentications.
It is highlighted that logs of authentication transactions including consent taken are kept only for the period prescribed in the Aadhaar Regulations. And after the expiry of the said time period, the rectification of such log shall also be done in accordance with the Aadhaar Act and its regulations.
Residents are being provided with Aadhaar authentication services by REs. The Central Identities Data Repository is responsible for authentication and requires the Aadhaar number and demographic/ biometric OTP information to be submitted by the RE.
The UIDAI has urged REs to be courteous to residents and assure them of the security and confidentiality of the Aadhaar numbers being used for authentication transactions.
The UIDAI has urged REs to immediately report any suspicious activity around authentications, such as suspected impersonation by residents, or any compromise or fraud by any authentication operator.
The first 8 digits of an Aadhaar number should not be stored in physical or electronic form without masking or redacting them. The UIDAI has advised REs to only store an Aadhaar number if it is authorized to do so, and in the manner prescribed by the UIDAI.
It has asked REs to provide effective grievance management mechanisms for residents and cooperate with UIDAI and other agencies deputed by it for any security audits required under the law and regulations.
