Breach of Aadhaar Data – Lok Sabha Q&A
GOVERNMENT OF INDIA
MINISTRY OF ELECTRONICS AND INFORMATION TECHNOLOGY
STARRED QUESTION NO: 64
Breach of Aadhaar Data
Will the Minister of ELECTRONICS AND INFORMATION TECHNOLOGY be pleased to state:
(a)the number and the details of incidents/cases where Aadhaar data was leaked/breached;
(b)whether any investigation has been conducted against the agencies which were responsible for the breach/leakage of Aadhaar data;
(c)if so; the details thereof along with the action taken against them;
(d)the extent to which the database of Aadhaar is secured along with the steps taken by the Government to ensure the privacy/security of Aadhaar data; and
(e)the mechanism put in place for usage of Aadhaar Data by the Government agencies and the accountability of officials in case of negligence on their part in handling of such data?
Will the Minister of ELECTRONICS AND INFORMATION TECHNOLOGY be pleased to state:-
(a) to (e): A statement is laid on the Table of the House.
STATEMENT REFERRED TO IN REPLY TO LOK SABHA STARRED QUESTION NO.*64 FOR 07.02.2018 REGARDING BREACH OF AADHAAR DATA
(a): As on date, no incident of data breach has been reported from Central Identities Data Repository (CIDR) of Unique Identification Authority of India (UIDAI).
(b) and (c): Does not arise in view of (a) above.
(d): UIDAI has a well-designed, multi-layered robust security system in place and the same is being constantly upgraded to maintain the highest level of data security and integrity. UIDAI has adequate legal, organizational and technological measures in place for the security of the data stored with UIDAI. Data Protection measures have also been mandated for the requesting entities and ecosystem partners to ensure the security of data. Government is fully alive to the need to maintain highest level of data security, privacy and is deploying the necessary technology and infrastructure. The architecture of Aadhaar ecosystem has been designed to ensure non-duplication, data integrity and other related management aspects of security & privacy in Aadhaar database. Additionally, various policies and procedures have been defined clearly which are reviewed and updated periodically, thereby, appropriately controlling and monitoring security of data. Some of the security measures adopted by UIDAI are as under:
Information security policy has been established based on the ISO 27001:2013 standard. The policy covers all areas of Information Security such as Organization of Information Security, Asset management, Access control, Technical vulnerability management, Change management, Patch management, Encryption, Service continuity, Operations security, Communications security, Supplier security, Human resources security etc.