Aadhaar is a unique 12-digit Identification Number issued to Indian citizens. The data collected for the generation of unique ID includes name, biometric details and demographic details of an individual. Also, it has become compulsory for all the citizens to get an Aadhaar number to avail certain government services. Further, as per recent court approval, in Budget 2017, Aadhaar number can be mandatory for income tax filings and opening a bank account.
Presently, Aadhaar is considered as a valid ID proof while availing various government services like a LPG connection or subsidized ration etc. Few weeks ago, the security and privacy of the citizens was questioned, as there were reports of Public availability of Aadhaar number related details on some government websites.
As a consequence of the reports indicating to the leakages of Aadhaar number on several governments service websites, The Centre for Internet & Society, India has published a research document “Information Security Practices of Aadhaar (or lack thereof)”. The report consist the details of the vulnerable websites and the nature of data available with them for public view.
“Based on the numbers available on the websites looked at, estimated number of Aadhaar numbers leaked through these 4 portals could be around 130-135 million and the number of bank accounts numbers leaked at around 100 million from the specific portals we looked at,” read the report.
Aadhaar is one of the largest databases owned by the Government. The size and nature of information is critical and must be safeguarded properly. As of 31st March 2017, there had been 1.133 billion Aadhaar number issued. Hence, an enormous amount of Personally Identifiable Information (PII) related to Indian citizens had been generated.
Why is PII so sensitive?
PII is any information that relates to an individual which is unique to a person. It can be a person’s Date of Birth, address, driver license details, biometric data and much more. While the individual may be cautious in sharing or disclosing personal details; it is the responsibility of the holder of that information to be vigilant about its use and access.
There can be various ways in which data can be compromised:
- Human Error
- Lack of adequate data security policies
Irrespective of how data is compromised or lost, the consequences of not protecting PII can be daunting. The cost of data breach can be huge. Hence, a combination of technology must be adopted by the organization to prevent data loss and thus secure the privacy of the individuals. An organization can make a strategy by combining:
- Robust Encryption techniques
- Threat Protection
- Data Loss Prevention