Centre for Internet & Society

The Centre has put in new safeguards following a number of cases of Aadhaar data leaks on government websites. All ministries are being asked to encrypt all Aadhaar data and personal financial details. Also, officials are being "sensitised" about legal consequences of data breach. And every government department is to now have one official responsible for Aadhaar data protection.

The article by Nidhi Sharma was published in the Economic Times on June 2, 2017.

The ministry of electronics and information technology has written to all departments on better data security. ET has reviewed the new guidelines. Aadhaar, a 12-digit unique identity number issued on the basis of biometric data, is linked to a person's bank account and used by government agencies to directly transfer benefits of several social welfare schemes.

Senior officials, who spoke off record, told ET all departments have been asked to immediately review their website content to check if personal data is on display.


A set of 27 dos and 9 don'ts has been circulated on data handling. This includes instructions on masking Aadhaar data and bank details as well as encrypting data. The government has mandated regular audits to check safety of personal data.

The ministry letter says, "It has come to notice there have been instances wherein personal identity or information of residents, along with Aadhaar numbers and demographic information, and other sensitive personal data ... have been published online."

The letter also spells out legal consequences of such data breach and warns the government departments to check future leaks. "Publishing identity information, i.e. Aadhaar number along with demographic information is in clear contravention of the provisions of the Aadhaar Act 2016 and constitutes an offence punishable with imprisonment up to 3 years. Further, publishing of financial information including bank details, being sensitive personal data, is also in contravention of provision under IT Act 2000 with violations liable to pay damages by way of compensation to persons affected."

The move to protect personal data comes after reports that data of 130 million Aadhaar cardholders has been leaked from four government websites. Reports, based on a study conducted by the Centre for Internet and Society (CIS) said Aadhaar numbers and details have been leaked.