How To Maximize Your ROI On Aadhaar Data Vault

With new, stringent data protection regulations like the GDPR, the upcoming Indian Privacy Code, 2018 and UIDAI’s Aadhaar Data Vault Mandate, it is in the best interest of organisations to ensure that they put data protection at the very center of their data processing systems, rather than as an afterthought.

While the need for strong data privacy laws has been debated for decades, the global data protection landscape witnessed a tectonic shift with the advent of the General Data Protection Regulation (GDPR). The GDPR protects a wide array of personal data like basic identity information, IP address, cookie data, etc. and mandates all organizations having a presence in any European Union (EU) country, and even non-EU organizations that process personal data of European citizens, to comply with its stringent data protection standards with effect from May 25, 2018.

With GDPR in play, there has been a total rehaul in the way organizations now store, process and protect their customers’ personal data. For organizations who do not ensure compliance with the GDPR with effect from May 25th, 2018, a penalty of up to 20 Million Euros or 4 percent of their global annual turnover, whichever is higher, can be levied. For medium-sized companies, there is a very real danger that a serious data breach could put them at a grave risk of failure.

Similarly in India, encouraged by the landmark Supreme Court judgment that asserted the Right to Privacy as a fundamental right, a group of Indian lawyers have drafted a model Indian Privacy Code, 2018 that envisages a penalty of up to Rs. 1 Crore for violating the data privacy of Indian citizens and a prison sentence of up to three years.

The IT (Amendment) Act, 2008 (ITAA 2008) makes it obligatory for organisations to protect data under lawful contracts by providing for penalty for breach of confidentiality and privacy.

A committee of experts has also been constituted by the Government of India to study the different types of issues pertaining to data protection in the country with public participation. This committee, which has been formed under the Chairmanship of Shri B N Srikrishna – former Supreme Court Justice is expected to come up with a draft Data Protection Bill.

UIDAI Manadate on Aadhaar Data Vault

Amidst several media reports of massive breaches in the Aadhaar data, the Unique Identification Authority of India (UIDAI) published a circular last year mandating all Aadhaar-based e-KYC Authenticating Agencies (AUAs / KUAs / Sub-AUAs) to mandatorily encrypt all Aadhaar-related data and store it separately in a secure, access-controlled data repository known as an “Aadhaar Data Vault”.

As a part of the same mandate, UIDAI has recognized the importance of Secure Key Management and how critical it is to ensure that all sensitive encryption keys are properly managed and stored in Hardware Security Module (HSM) devices. HSM devices are hardened, tamper-resistant, dedicated physical computing devices whose sole objective is safeguarding the Cryptographic (Encryption) Keys used for data encryption. Also, management of all such encryption keys should comprise of all the processes used to create, distribute, rotate, archive, and delete the master keys. This is very important from the security policy guidelines mandated by UIDAI.

All AUAs / KUAs / Sub-AUAs have to strictly adhere to the above UIDAI mandate with non-compliance leading to strict action and financial disincentive.

To Sum It Up

Gone are the days where data protection was the responsibility of only one department within an organisation. With new, stringent data protection regulations like the GDPR, the upcoming Indian Privacy Code, 2018 and UIDAI’s Aadhaar Data Vault Mandate, it is in the best interest of organisations to ensure that they put data protection at the very center of their data processing systems, rather than as an afterthought. It is also imperative for organisations to choose a holistic solution that provides seamless scalability, both horizontal as well as vertical, to reduce the Total Cost of Ownership (TCO).

 

By : Rana Gupta

rana-gupta-gemalto-on-aadhaar-data-vault

Rana Gupta is the Vice President of APAC Sales for Identity and Data Protection at Gemalto, serving India, China, Korea, Taiwan, Japan and many other Asian markets.

Leave a Reply

%d bloggers like this: