Now a days the most used identity / address proof document by enterprises is the Aadhaar identity proof of the customer. Banks, NBFC, Stoke Brokers, Insurance Companies, Nidhi Companies etc prefer to use Aadhaar as identity proof as almost every Indian has an Aadhaar card and customers are willing to share their Aadhaar numbers when they want to avail any service of the enterprise. Using Aadhaar as KYC document has many advantage such as easy digital access of the data, fast customer on boarding, lower cost for KYC process.
The important thing to note here is that, Companies / Enterprises should be extremely careful when dealing with aadhaar data. Mistakes in dealing with Aadhaar data can cause imprisonment upto 3 years and fines up-to 10 lakhs Rupees. (Ref: https://www.uidai.gov.in/en/289-faqs/your-aadhaar/protection-of-individual-information-in-uidai-system/1944-what-are-the-possible-criminal-penalties-envisaged-against-the-fraud-or-unauthorized-access-to-data.html)
In accordance with the UIDAI circular 11020/205/2017,
any organisation that stores Aadhaar number in their database should
implement Aadhaar Data Vault and replace the Aadhaar numbers using the
reference tokens created by the Aadhaar Data Vault. The Aadhaar number
and the aadhaar data will have to be stored in the encrypted format
and the access to the Aadhaar Data Vault will have to be strictly
controlled. The encryption keys should be stored in a Hardware Security
Module. This is the crux of the reference id circular published by
UIDAI, for more details please follow the link given above.
Questions you need to ask yourself are below.
- Are you storing aadhaar number of your customer?
- Are you using Aadhaar number to identify a customer?
- Are you storing aadhaar number along with other customer data?
- Are you using any kind on encryption to store aadhaar number?
- Are you using HSM device for storing the encryption keys?
- Do you have Adhaar data revoke feature if customer request for it?
If the answers to any of the above question is Yes, you need to implement Aadhaar Data Vault solution and integrate it to your other systems like CRM, CBS etc. Then only you will reach the right side of govt regulation.