India to add privacy protection to Aadhaar
The Indian government introduced legislation this past week that will add a privacy protection framework to Aadhaar.
Aadhaar, recognized as the world’s largest universal civil ID program and biometric database, is currently used by the Indian government to provide social services. To date, Aadhaar has issued over 900 million Aadhaar numbers, and has enrolled approximately 850 million people, with a goal of ultimately enrolling 1.28 billion people.
The Indian government is anxious to register all Indian residents, in a bid to expand welfare services, along with opening the system up to private market applications.
As BiometricUpdate.com previously reported, a former government official predicts that Aadhaar will become a universal platform for financial transactions, which will spawn a software development boom for Aadhaar applications. BiometricUpdate.com also recently reported that the Indian government intends to open up Aadhaar for employment ID validation by private sector organizations.
With expected use of the database by third-parties proposed to grow exponentially, the government aims to introduce a law to have biometric information considered a sensitive and personal “electronic record”.
The proposed bill will demand that the Unique Identification Authority of India (UIDAI), the agency that administers Aadhaar, take all necessary steps to ensure the confidentiality of identity data within the system. This will include storing all Aadhaar data in a centralized database known as the “Central Identities Data Repository”.
UIDAI will not only be mandated to take all appropriate technical measures to secure the data in the central repository, but will also have to ensure that any third-party using Aadhaar data also follows the mandated security measures as well.
Unnamed government official told the Business Standard that the proposed bill will include imprisonment provisions and fines for both individuals and companies who disclose or share any core biometric information within the Aadhaar system.
The bill will also establish a high-level “oversight committee” consisting of the Cabinet Secretary and other secretaries within the Department of Legal Affairs and Department of Electronics and Information Technology to authorize any information disclosure from the Aadhaar system in the interest of national security.
The Business Standard report also noted that the bill will change the organizational structure of UIDAI. Under the new structure, UIDAI would now have a chairperson, two part-time members and a chief executive officer for a three year term, all eligible for reappointment.