Misuse of personal information from Aadhaar card and PAN card

Misuse of personal information from Aadhaar card and PAN card

2635. SMT. MAHUA MAJI

Will the Minister of ELECTRONICS AND INFORMATION TECHNOLOGY be pleased to state:

(a) whether Government has taken any steps to prevent the misuse of personal information from Aadhaar card and PAN card, stolen while filling up forms of various Government institutions and schemes, due to the negligence of departmental employees;

(b) if so, the details thereof; and

(c)   if not, the reasons therefor?

(a) and (b): The Unique Identification Authority of India provides digital identity and authentication services to all the residents of India. The Aadhaar (Authentication and Offline Verification) Regulations, 2021 read with regulation 4(2) of the Aadhaar (Sharing of Information) Regulations, 2016 require requesting entities (i.e., entities authorised to perform online authentication of Aadhaar numbers) to use or disclose identity information (i.e., Aadhaar data) only for the purpose specified to the Aadhaar number holder at the time of authentication and as per his/her consent. The Aadhaar (Authentication and Offline Verification) Regulations, 2021 also require requesting entities to keep the Aadhaar data of a resident collected during authentication confidential, secure and protected against access, use and disclosure not permitted under the Act and the regulations made thereunder. Regulation 22 thereof provides for data security and requires both requesting entities and offline verification-seeking entities to have their servers used for Aadhaar authentication request formation and routing to CIDR / offline verification to be located within data centers or cloud storage centers located in India. Further, the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016 provides penalties for non-compliance with various provisions of the Act and the regulations made thereunder.

Further, as per information received from Department of Revenue, Ministry of Finance, the PAN database is accessible to the Income-tax officials through intranet and is not linked to any external database. PAN module has two service providers namely M/s Protean eGov Technologies Limited and UTI Infrastructure Technology and Services Limited, which maintain the PAN card holders’ demographic database and they strictly adhere to the Government of India security guidelines. In order to ensure data security, audit is done on a regular basis. Further, the PAN database of service providers is also not linked to any external database. Besides, no breach of PAN card holders’ data has been reported from the database of PAN service providers.

(c): Do not arise in view of above.

*****