Wednesday, February 27, 2013

Key Policy Highlights

The following is a brief extract of the policy guidelines pertaining to Registrars:
1. The Registrar is a partner of the UIDAI in the implementation of the UID project.
2. The Registrar is under an obligation to enroll residents following the protocols, standards, process and guidelines laid down by the UIDAI.
3. The Registrar is required to ensure the security and accuracy of data (particularly biometric data) collected from residents.
Version 2.0 – April 2012 Page 11
4. Registrars may retain the biometric data collected from residents enrolled by them, if they have clearly articulated strategy for safe custody and utilization of these enrolment packets. The Registrar will have to exercise a fiduciary duty of care with respect to the data collected from residents and shall bear liability for any loss, unauthorized access to and misuse of data in their custody.
5. In order to ensure data integrity and security, the biometrics captured shall be encrypted upon collection by using the encryption key defined by the Registrar. The UIDAI has defined security guidelines for the storage of biometric data in order to give some guidance to the Registrar. The Registrar shall have to define their own security policy and protocols to ensure safety of the Biometric data. In the interest of transparency, it is recommended that the Registrar inform the resident that they will be keeping the biometric data and also define how the data will be used and how it will be kept secure.
6. The Registrars must retain the Aadhaar Enrolment/Correction Form, copy of Proof of Identity / Address/Date of Birth/Relationship and Consent for enrolment documents in proper custody till the time they are handed over to the UIDAI appointed agency for document management.
7. In case of disputes with respect to enrolment of residents, the Registrar is required to co-operate with UIDAI in resolving the matter and shall provide access to necessary background documents and other matters of evidence necessary to resolve the dispute.
8. The Registrar is required to support the UIDAI in conducting audits and checks on the enrolment process and follow the directions of the UIDAI in order to make the system compliant with the UIDAI enrolment framework.
9. NSR will keep UIDAI Regional Office (RO) informed of enrolments within their own premises. Engagement in enrolment activities proposed outside their own premises in any particular State will be approved by the State level UIDIC.
10. Registrars need to define a ‘data updation’ process in order to keep the resident data accurate and complete in their respective databases.
See Annexure for details of the Legal Framework governing Aadhaar.

No comments:

Post a Comment