Q.1 What are the possible criminal penalties envisaged against the fraud or unauthorized access to data?
Ans. Following are the criminal offences and penalties provided in the Aadhaar Act, 2016 (as amended):
Impersonation by providing false demographic or biometric information is an offence – imprisonment upto 3 years or a fine of Rs. 10,000 or both.
Appropriating the identity of an Aadhaar number holder by changing or attempting to change the demographic and biometric information of an Aadhaar number holder is an offence – imprisonment upto 3 years and a fine of Rs. 10,000.
Pretending to be an agency authorized to collect Identity information of a resident is an offence – imprisonment for 3 years and a fine of Rs. 10,000 for a person, and Rs. 1 lakh for a company.
Intentionally transmitting information collected during enrolment / authentication to an unauthorized person or in contravention of any agreement or arrangement under this Act is an offence – imprisonment for 3 years and a fine of Rs. 10,000 for a person, and Rs. 1lakh for a company.
Unauthorized access to the central identities data repository (CIDR) and hacking is an offence – imprisonment for 10 years and a fine of Rs. 10 Lakhs.
Tampering with data in the central identities data repository is an offence – imprisonment upto 10 years and a fine upto Rs. 10,000.
Unauthorised use of identity information of an individual by an requesting entity or Offline Verification Seeking Entity – imprisonment upto 3 years or fine upto Rs.10,000 in case of a individual and Rs.1 Lakh in case of a company.
Q.2 What are the Data protection and privacy measures taken by UIDAI ?keyboard_arrow_up
Ans. The UIDAI has the obligation to ensure the security and confidentiality of the data collected. The data will be collected on software provided by the UIDAI and encrypted to prevent leaks in transit. The UIDAI has a comprehensive security policy to ensure the safety and integrity of its data. There are security and storage protocols in place. UIDAI has published guidelines in this regard which is available on its website. Penalties for any security violation will be severe, and include penalties for disclosing identity information. There are civil and criminal penal consequences for unauthorised access to CIDR – including hacking, and penalties for tampering with data in the CIDR.
Q.3 What are the privacy protections in place to protect the right to privacy of the resident?keyboard_arrow_up
Ans. Protection of the individual and the safeguarding their information is inherent in the design of the UID project. From having a random number which does not reveal anything about the individual to other features listed below, the UID project keeps the interest of the resident at the core of its purpose and objectives.
- Collecting limited information
The UIDAI is collecting only basic data fields – Name, Date of Birth, Gender, Address, Parent/ Guardian’s (name essential for children but not for others) photo, 10 finger prints and iris scan. - No profiling and tracking information collected
The UIDAI policy bars it from collecting sensitive personal information such as religion, caste, community, class, ethnicity, income and health. The profiling of individuals is therefore not possible through the UID system. - Release of information – yes or no response
The UIDAI will not reveal personal information in the Aadhaar database – the only response will be a ‘yes’ or ‘no’ to requests to verify an identity - Convergence and linking of UIDAI information to other databases
The UID database is not linked to any other databases, or to information held in other databases. Its only purpose will be to verify a person’s identity at the point of receiving a service, and that too with the consent of the aadhaar number holder
The UID database will be guarded both physically and electronically by a few select individuals with high clearance. The data will be secured with the best encryption, and in a highly secure data vault. All access details will be properly logged.