Aadhar authentications cannot be performed without the Aadhar holders’ permission. Before conducting Aadhar authentications, Requesting Entities (Res) must get citizens’ informed consent either on paper or electronically, according to new guidelines published by the Unique Identification Authority of India (UIDAI).
It has urged REs, who conduct line authentications, to make sure that people are aware of the data being gathered and the reason behind Aadhar authentications. It has been emphasized that records of authentication transactions, including those involving consent, are only stored for the time frame allowed under the Aadhar Regulations.
After the prescribed time limit has passed, these logs must likewise be deleted in accordance with the Aadhar Act and its rules. Residents are in charge of delivering Aadhar authentication services to the residents and are accountable for giving the Central Identities Data Repository with the Aadhar number and demographic/biometric OTP information for authentication.
The UIDAI has highlighted that Res should be courteous to residents and assure them about the security and confidentiality of the Aadhar numbers, which are being used for authentication transactions.
Additionally, it has advised people to report to the UIDAI right away any suspicious conduct involving authentications, such as any suspicion of impersonation by residents or any compromise or fraud on the part of any authentication operator.
REs should generally avoid storing Aadhar in either physical or electronic form without concealing or redacting the initial 8 digits. Res must only store an Aadhar number if they are authorized to do so and in accordance with UIDAI guidelines, according to UIDAI guidance provided to Res.
It has further asked REs to provide effective grievance-handling mechanisms for residents and cooperate with the UIDAI and other agencies deputed by it for any security audit as required under the law and regulations.