Changes coming in IT Act to address security concerns over Aaadhar

Official promises end to security fears

May 02, 2017 09:45 pm | Updated May 03, 2017 03:58 pm IST - NEW DELHI

NEW DELHI, 01/11/2016: Aruna Sundararajan, Secretary, Ministry of Electronics and Information Technology, at 'India Telecom 2016' conference in New Delhi on November 01, 2016. 
Photo: Kamal Narang

NEW DELHI, 01/11/2016: Aruna Sundararajan, Secretary, Ministry of Electronics and Information Technology, at 'India Telecom 2016' conference in New Delhi on November 01, 2016. Photo: Kamal Narang

To address privacy and security concerns over Aadhaar, the Union government is in the process of educating government agencies that sensitive data must not be made public, and is drafting amendments to the Information Technology (IT) Act to strengthen the provisions for data protection and security.

Aruna Sundararajan, Secretary, Union Electronics and Information Technology Ministry, told The Hindu that besides privacy issues, the new IT law would quell security concerns related to digital payments,

Her comments assume significance as Aadhaar’s original architect and former Infosys CEO, Nandan Nilekani, recently mooted need for strong data protection and privacy laws to ensure citizen data in the Unique Identification (UID) database is not misused.

Plugging data leakage

Close to 135 million Aadhaar numbers and 100 million bank account numbers could have leaked from official portals dealing with government programmes of pensions and rural employment, according to a report published on Monday by the Centre for Internet and Society (CIS). With Aadhaar being used to authenticate and authorise transactions, the financial risks presented by the disclosure of such data are greatly exacerbated, it said.

“Actually, Aadhaar has very strong privacy regulation built into it... But the area we are working on is enforcement,” Ms. Sundararajan said.

“People are not aware that so a large number of government agencies are making available all this sensitive data. So now, the process is to educate them so that they become aware that Aadhaar data is not meant to be published like this freely,” she said.

“No Aadhaar data can be shared with anybody or be used for anything purpose other than for which it was collected. There are several limitations imposed by the Act,” she pointed out.

As per the CIS report, the data in question has not been treated as confidential at all in several cases and the government agencies in question have, in fact, taken pains to publish them. ''These are wilful and intentional instances of treating Aadhaar numbers and other personally identifiable information (PII) as publicly shareable data by the custodians of the data,” the CIS report noted.

“Some of the amendments we are bringing to the IT Act should take care of the rest of the [privacy and data protection] concerns relating to Aadhaar,” Ms. Sundararajan said. The key focus of these amendments being drafted, she said, was strengthening data protection provisions and security, particularly in relation to digital payments.

“For security, draft regulations have already been framed for e-wallets. We expect to finalise those soon. And now, we are working on a data protection framework,” she said.   

While Aadhaar-enabled payments and the Bhim app are seeing the maximum growth in transactions, Ms Sundrarajan said there were still some challenges in making them easy to use. “We expect the next version of Bhim to be released by the National Payments Corporation of India [NPCI] in June. With each version, we are trying to make the user experience simpler,” she observed.

The CIS report, titled  Information Security Practices of Aadhaar (or lack thereof): A documentation of public availability of Aadhaar Numbers with sensitive personal financial information,’ pointed out that Aadhaar data leaked could be higher than its estimate.  

 “…Other major schemes, who have also used Aadhaar for direct benefit transfer [DBT] could have leaked PII similarly due to lack of information security practices. Over 23 crore beneficiaries have been brought under Aadhaar programme for DBT and if a significant number of schemes have mishandled data in a similar way, we could be looking at a data leak closer to that number,” it noted.  

Top News Today

Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in


Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.