A Comptroller and Auditor General (CAG) audit of the functioning of Unique Identification Authority of India (UIDAI) found out that the data stored in the Aadhar Data Vault of the institution is “vulnerable.” The report said any Aadhaar data were to be stored mandatorily on a separate Aadhaar Data Vault, but the UIDAI could not provide reasonable assurance that the “entities involved adhered to the procedures”.
The CAG asked the UIDAI to frame a suitable data archival policy to mitigate the risk of vulnerability to data protection and to reduce saturation of valuable data space due to redundant and unwanted data, by weeding out of unwanted data.
‘Enhance security’
The auditor reminded the UIDAI that Aadhaar number is a lifetime identity for Indians and as such unauthorised access to Aadhaar number can be misused in many ways. “Hence UIDAI may ensure the implementation of Aadhaar Data Vault by instituting periodic audit to enhance the security for the data stored by user organisations. It should deal with non-compliance strictly as per the Act and as per conditions in the agreement with Authentication User Agencies and e-KYC User Agencies.
The audit said an individual should reside in India for a period of 182 days or more in the twelve months immediately preceding the date of application for being eligible to obtain an Aadhaar. However, UIDAI has not prescribed any specific proof/ document or process for confirming whether an applicant has resided in India for the specified period and takes confirmation of the residential status through a casual self-declaration from the applicant.
“There was no system in place to check the affirmations of the applicant. As such, there is no assurance that all the Aadhaar holders in the country are ‘residents’ as defined in the Aadhaar Act,” the report said and urged the UIDAI to prescribe a procedure to confirm and authenticate the residence status of applicants.
The audit report said in 2018-19 more than 73 per cent of the total 3.04 crore biometric updates were voluntarily done by residents for faulty biometrics after payment of charges. “UIDAI may review charging of fees for voluntary update of residents’ biometrics, since they (UIDAI) were not in a position to identify reasons for biometric failures and residents were not at fault for capture of poor quality of biometrics,” the report added.
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.