NIC raises concern over privacy of UIDAI database
New Delhi: The National Informatics Centre has raised concerns over privacy and security of proposed database of Unique Identification Authority of India, headed by Infosys founder Nandan Nilekani.
The newly established UIDAI would be hosting information of all residents of the country on a private data centre, which NIC believes raises concern about privacy and security, official sources said.
In a letter dated November 6, NIC writes, "It has been proposed to hire the data centre services for PoC (proof-of-concept) and prototype on rental basis. It is presumed that the data related to UID will be hosted in a government Data Centre. If not, the issues related to privacy and security with respect to UID data may require to be taken into consideration."
UIDAI replied that hosting the data on a private network "does not necessarily lead to violation of privacy and security."
"There will be appropriate SLAs (Service Legal Agreements -- both legal and technological) to ensure that the data is protected. It is to be mentioned that a number of sensitive database (Income Tax and PFRDA, to name two of them,) which ensure security and privacy, though they are not necessarily housed in the 'government' Data Centre," the Authority replied.
It said at present UIDAI approach envisages 24 Technical posts (Director Technical, Principal Systems Analyst and Senior Systems Analyst).
"This will ensure adequate technical capacity to ensure both the concerns of security and privacy," it said.
The UIDAI, which proposes to have eight regional offices across the country in its communication with the Planning Commission, has said the database would be centralised and UID numbers issued from this central base.
"The UIDAI will be a regulatory authority managing a Central ID Data Repository (CIDR) which will issue numbers, update resident information and authenticate the identity of the residents as and when required," it said.
It said the UIDAI will not act as a "Registrar" on its own. "It will have an overall regulatory, advisory and supervisory role vis-a-vis the Registrars."
The UIDAI said the best professionals from across the world will need to be involved in this mammoth exercise to ensure that it delivers on its promise. Its implementation will require that the best practices of both private and public sector learnt across the world be put to use in the field.
"The UIDAI has to prepare a Detailed Project Report for entire project and for running the CIDR. It will need to engage consultants for this purpose. Similarly, we will need to put in place a well-staffed Project Management Unit (PMU) and a Technology Development Unit (TDU). PMU will be an integral part of UIDAI consisting of experts in the fields of technology, law, procurement and communication to guide it through the process," it said.