New Delhi, Jan 23 (PTI) Entities are required to obtain residents' informed consent either on paper or electronically before carrying out Aadhaar authentications, the Unique Identification Authority of India (UIDAI) said in its new guidelines for Requesting Entities (REs).
UIDAI has urged Requesting Entities, which carry out online authentications, to ensure that residents understand the type of data being collected and the purpose of Aadhaar authentications, according to a release.
UIDAI, as part of these norms, has outlined that REs are required to obtain residents’ informed consent before conducting Aadhaar authentication.
Further, it has pointed out that logs of authentication transactions including the consent taken, have to be kept only for the period as prescribed in the regulations.
"And purging of such logs after expiry of the said time period shall also be done as per the Aadhaar Act and its regulations," the UIDAI release added.
Requesting Entities are engaged in providing Aadhaar authentication services to residents. They are responsible for submitting the Aadhaar number and demographic/ biometric OTP information to the Central Identities Data Repository for the purpose of authentication.
UIDAI also said REs should be courteous to residents and assure them about the security and confidentiality of the Aadhaar numbers, which are being used for authentication transactions.
It has also urged such entities to immediately report to the UIDAI any suspicious activity around authentications like suspected impersonation by residents, or any compromise or fraud by any authentication operator.
According to UIDAI, REs generally should not store Aadhaar either in physical or electronic form without masking or redacting the first 8 digits of the number.
UIDAI has guided REs to store an Aadhaar number only if it is authorised to do so, and in the manner as prescribed by it.
It has further asked the REs to provide effective grievance handling mechanisms for residents and cooperate with UIDAI and other agencies deputed by it for any security audit as required under the law and regulations. PTI MBI MBI ABM ABM