Individual state governments have received official communication from the central government warning them of the consequences to be faced if any citizen’s Aadhaar details are leaked. Any personal details and information posted on any official state-government website will carry with it a minimum penalty of 3 years in jail.
Websites of various state government-run departments have also received instructions to review their content and take the necessary steps to ensure that no personal/sensitive information relating to any Indian citizen can be accessed through these portals. Bank account information and Aadhaar card numbers are the highest on the priority list, but the directives state that absolutely no personal information should be made available or accessible on any official website.
Aruna Sundarajan, IT Secretary, sent out the official directive on April 24, just days after a gargantuan error by the Jharkhand state government. Over 2 lakh Aadhaar numbers of pensioners were displayed openly on an official website belonging to the Jharkhand state government. This was a huge breach of data security, and it is unknown at this time how many Aadhaar numbers were stolen, leading to further confusion regarding how the state would handle the potential cases of ID fraud, impersonation, etc. that will ensue.
In the letter, Aruna Sundarajan has stated, “[…] there have been instances wherein personal identity or information of residents, along with Aadhaar numbers and demographic information and other sensitive personal data such as bank details collected by ministries […] state departments for administration of welfare schemes etc. have been published online,” adding that, “Further publishing of financial information, including bank details being sensitive personal data, is also in contravention of the provisions under IT Act 2000 with violations liable to pay damages by way of compensation to persons affected.”
With an individual’s Aadhaar information, a fraudster can carry out fraud while hiding behind the unfortunate individual’s identity. Bank account details, phone numbers, etc. can be acquired and scams can be carried out with relative ease.