Adhere procedures to block data breach: CAG to UIDAI

Our Bureau Updated - March 29, 2023 at 03:33 PM.

UIDAI should deal with non-compliance strictly as per the Act and as per conditions in the agreement with Authentication User Agencies and e-KYC User Agencies, says CAG

A Comptroller and Auditor General (CAG) audit of the functioning of Unique Identification Authority of India (UIDAI) found out that the data stored in the Aadhar Data Vault of the institution is “vulnerable.” The report said any Aadhaar data were to be stored mandatorily on a separate Aadhaar Data Vault, but the UIDAI could not provide reasonable assurance that the “entities involved adhered to the procedures”.

The CAG asked the UIDAI to frame a suitable data archival policy to mitigate the risk of vulnerability to data protection and to reduce saturation of valuable data space due to redundant and unwanted data, by weeding out of unwanted data.

‘Enhance security’

The auditor reminded the UIDAI that Aadhaar number is a lifetime identity for Indians and as such unauthorised access to Aadhaar number can be misused in many ways. “Hence UIDAI may ensure the implementation of Aadhaar Data Vault by instituting periodic audit to enhance the security for the data stored by user organisations. It should deal with non-compliance strictly as per the Act and as per conditions in the agreement with Authentication User Agencies and e-KYC User Agencies.

The audit said an individual should reside in India for a period of 182 days or more in the twelve months immediately preceding the date of application for being eligible to obtain an Aadhaar. However, UIDAI has not prescribed any specific proof/ document or process for confirming whether an applicant has resided in India for the specified period and takes confirmation of the residential status through a casual self-declaration from the applicant.

“There was no system in place to check the affirmations of the applicant. As such, there is no assurance that all the Aadhaar holders in the country are ‘residents’ as defined in the Aadhaar Act,” the report said and urged the UIDAI to prescribe a procedure to confirm and authenticate the residence status of applicants.

The audit report said in 2018-19 more than 73 per cent of the total 3.04 crore biometric updates were voluntarily done by residents for faulty biometrics after payment of charges. “UIDAI may review charging of fees for voluntary update of residents’ biometrics, since they (UIDAI) were not in a position to identify reasons for biometric failures and residents were not at fault for capture of poor quality of biometrics,” the report added.

Published on April 6, 2022 14:49

This is a Premium article available exclusively to our subscribers.

Subscribe now to and get well-researched and unbiased insights on the Stock market, Economy, Commodities and more...

You have reached your free article limit.

Subscribe now to and get well-researched and unbiased insights on the Stock market, Economy, Commodities and more...

You have reached your free article limit.
Subscribe now to and get well-researched and unbiased insights on the Stock market, Economy, Commodities and more...

TheHindu Businessline operates by its editorial values to provide you quality journalism.

This is your last free article.