NEW DELHI: Consent of Aadhaar holders will be required before carrying out Aadhaar authentications.
The Unique Identification Authority of India (UIDAI) has highlighted in its new guidelines for Requesting Entities (REs) that they are required to obtain residents' informed consent either on paper or electronically before carrying out Aadhaar authentications.
It has urged REs, which carry out online authentications, to ensure that residents understand the type of data being collected and the purpose of Aadhaar authentications. It has underlined that logs of authentication transactions, including the consent taken, are kept only for the period as prescribed in the Aadhaar Regulations. Purging of such logs after expiry of the said time period shall also be done as per the Aadhaar Act and its regulations.
Engaged in providing Aadhaar authentication services to residents, REs are responsible for submitting the Aadhaar number and demographic/biometric OTP information to the Central Identities Data Repository for the purpose of authentication.
The UIDAI has highlighted that REs should be courteous to residents and assure them about the security and confidentiality of the Aadhaar numbers, which are being used for authentication transactions. It has also urged REs to immediately report to the UIDAI about any suspicious activity around authentications like suspected impersonation by residents, or any compromise or fraud by any authentication operator.
REs generally should not store Aadhaar either in physical or electronic form without masking or redacting the first 8 digits of the Aadhaar number. The UIDAI has guided REs to store an Aadhaar number only if they are authorised to do so, and in the manner as prescribed by the UIDAI.
It has further asked REs to provide effective grievance handling mechanisms for residents and cooperate with the UIDAI and other agencies deputed by it for any security audit as required under the law and regulations.