New Delhi: The Unique Identification Authority of India (UIDAI), the government agency in charge of the Aadhaar database of over 1 billion Indians, on Tuesday advised people to refrain from revealing their Aadhaar numbers on public platforms, including social media.
The advisory from the UIDAI comes after Telecom Regulatory Authority of India (Trai) chairman R.S. Sharma posted his 12-digit Aadhaar number and dared people to harm him. Sharma, himself a former UIDAI chairman, had on Saturday revealed his Aadhaar number on Twitter, prompting many of his followers to dig up information about him.
Twitter users publicly shared personal details, including bank account numbers, email IDs, PAN and frequent flyer number of Sharma, while some also posted their Aadhaar number on Twitter posing challenges to others.
“Aadhaar number is personally sensitive information on bank accounts, passports, PAN, etc., which should be strictly shared only on a need basis for legitimate use for establishing identity and for legitimate transactions," said the UIDAI in a statement.
The draft Personal Data Protection Bill, 2018, submitted to the government on Friday by the expert panel headed by former Supreme Court judge B.N. Srikrishna categorizes Aadhaar number as sensitive personal information.
Also, according to the Aadhaar Act, 2016 and IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and Justice Srikrishna’s proposed data protection bill, personal sensitive information should not be published or shared publicly, said the UIDAI.
The UIDAI also informed in its advisory that conducting Aadhaar authentication through somebody else’s Aadhaar number or using someone else’s Aadhaar number for any purpose may amount to impersonation and, thereby, a criminal offence under the Aadhaar Act and the Indian Penal Code.
On Sunday, the UIDAI had dismissed claims made by various Twitter users on being able to access Sharma’s personal details through his Aadhaar number. It had also said that personal details, including address, date of birth, photo, mobile number and email address, cannot be obtained from the Aadhaar database or UIDAI’s servers.
Sharma, whose tenure ends on 9 August, had asked people to show “concrete examples where you can do any harm to me". There are more than 1.21 billion Aadhaar number holders in the country.
“The provision of the Aadhaar Act prohibiting public disclosure of the Aadhaar number is assumed to be applicable for entities collecting Aadhaar numbers of individuals. Similarly, in the Srikrishna Committee report, when entities collecting data disclose sensitive personal information publicly only then does it qualify as a data breach, which attracts a penalty," said Amber Sinha, lawyer and senior programme manager at the Centre for Internet and Society (CIS), a Bengaluru-based think tank engaged in interdisciplinary research on internet and digital technologies.
For individuals disclosing their own sensitive information, it makes them more vulnerable, added Sinha.