The Unique Identification Authority of India (UIDAI) has come up with new guidelines for Requesting Entities (REs) for carrying out Aadhaar authentications.
As per the guidelines, the UIDAI has asked the REs to obtain residents’ informed consent either on paper or electronically before carrying out Aadhaar authentications. Moreover, UIDAI has also asked the REs, which carry out online authentications, to ensure that residents understand the type of data being collected and the purpose of Aadhaar authentications.
“It has underlined that logs of authentication transactions including the consent taken are kept only for the period as prescribed in the Aadhaar Regulations. And purging of such logs after expiry of the said time period shall also be done as per the Aadhaar Act and its regulations,” reported PIB.
As per the PIB report, REs are responsible for submitting the Aadhaar number and demographic/ biometric OTP information to the Central Identities Data Repository for the purpose of authentication.
REs should be courteous to residents and assure them about the security and confidentiality of the Aadhaar numbers, which are being used for authentication transactions.
REs to immediately report to the UIDAI about any suspicious activity around authentications like suspected impersonation by residents, or any compromise or fraud by any authentication operator.
REs generally should not store Aadhaar either in physical or electronic form without masking or redacting the first 8 digits of the Aadhaar number. UIDAI has guided REs to store an Aadhaar number only if it is authorized to do so, and in the manner as prescribed by the UIDAI, the report added.