The Comptroller and Auditor General (CAG) of India have pulled up the Unique Identification Authority of India (UIDAI) for ineptness in data management. The statutory authority UIDAI, established in 2016 to issue a unique identification number to all Indians Aadhaar to all residents of India has issued 131.68 crore Aadhaar numbers as of October 31, 2021. However, from time to time, the news of lapses, mistakes and serious discrepancies in the issuance of the Aadhar comes up.
From its 180-page audit report criticising the Aadhar authority for “deficient data management” and issues of “data-matching”, “errors in authentication”, and “shortfall in archiving”, some of the observations listed below can qualify as the most stinging.
A. The UIDAI does not have data archiving policy, considered “a vital storage management best practice”, despite maintaining one of the largest biometric databases in the world.
B. In direct contravention of their own Regulations, UIDAI has provided free of cost authentication services to banks, mobile operators and other agencies till March 2019 resulting in revenue loss to the Government.
C. UIDAI has incurred avoidable expenditure of Rs.310 crores up to 31 March 2019 where it issued the Aadhaar numbers to children below the age of five, based on the biometrics of their parents, without confirming the uniqueness of biometric identity, this violating the basic tenet of the Aadhaar Act and it’s statutory provisions.
D. On average, at least 145 Aadhaar cards with duplicate numbers were generated daily during the period of nine years since 2010 requiring cancellation. In fact, nearly 4.75 lakh duplicate Aadhaar numbers were cancelled as of November 2019.
The CAG suggested that the UIDAI needs to strengthen the Automated Biometric Identification System in order to tackle the issue of duplicate Aadhaar generation ab initio.
The CAG also suggested that the UIDAI needs to establish alternative ways to determine the unique identity of children below five years as the Supreme Court has directed that no benefit shall be denied to any child for the lack of Aadhar document.
The CAG opined that UIDAI should frame a suitable data archival policy to mitigate the risk of vulnerability to data protection and suggested that UIDAI may levy penalties on biometric service providers for deficiencies in their performance in respect of biometric de-duplication and biometric authentication by agreements in this regard should be modified if required,” the report said.