The Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016
Chapter VI Protection of Information
28. Security and confidentiality of information.
- The Authority shall ensure the security of identity information and authentication records of individuals.
- Subject to the provisions of this Act, the Authority shall ensure confidentiality of identity information and authentication records of individuals.
- The Authority shall take all necessary measures to ensure that the information in the possession or control of the Authority, including information stored in the Central Identities Data Repository, is secured and protected against access, use or disclosure not permitted under this Act or regulations made thereunder, and against accidental or intentional destruction, loss or damage.
- Without prejudice to sub-sections (1) and (2), the Authority shall-
- adopt and implement appropriate technical and organisational security measures;
- ensure that the agencies, consultants, advisors or other persons appointed or engaged for performing any function of the Authority under this Act, have in place appropriate technical and organisational security measures for the information; and
- ensure that the agreements or arrangements entered into with such agencies, consultants, advisors or other persons, impose obligations equivalent to those imposed on the Authority under this Act, and require such agencies, consultants, advisors and other persons to act only on instructions from the Authority.