New Delhi: The National Informatics
Centre has raised concerns over privacy and security of
proposed database of Unique Identification Authority of India,
headed by Infosys founder Nandan Nilekani.
The newly established UIDAI would be hosting
information of all residents of the country on a private data
centre, which NIC believes raises concern about privacy and
security, official sources said.
In a letter dated November 6, NIC
writes, "It has been proposed to hire the data centre services
for PoC (proof-of-concept) and prototype on rental basis. It
is presumed that the data related to UID will be hosted in a
government Data Centre. If not, the issues related to privacy
and security with respect to UID data may require to be taken
into consideration."
UIDAI replied that hosting the data on a private
network "does not necessarily lead to violation of privacy and
security."
"There will be appropriate SLAs (Service Legal
Agreements -- both legal and technological) to ensure that the
data is protected. It is to be mentioned that a number of
sensitive database (Income Tax and PFRDA, to name two of
them,) which ensure security and privacy, though they are not
necessarily housed in the 'government' Data Centre," the
Authority replied.
It said at present UIDAI approach envisages 24
Technical posts (Director Technical, Principal Systems Analyst
and Senior Systems Analyst).
"This will ensure adequate technical capacity to
ensure both the concerns of security and privacy," it said.
The UIDAI, which proposes to have eight regional
offices across the country in its communication with the
Planning Commission, has said the database would be
centralised and UID numbers issued from this central base.
"The UIDAI will be a regulatory authority managing a
Central ID Data Repository (CIDR) which will issue numbers,
update resident information and authenticate the identity of
the residents as and when required," it said.
It said the UIDAI will not act as a "Registrar" on its
own. "It will have an overall regulatory, advisory and
supervisory role vis-a-vis the Registrars."
The UIDAI said the best professionals from across the
world will need to be involved in this mammoth exercise to
ensure that it delivers on its promise. Its implementation
will require that the best practices of both private and
public sector learnt across the world be put to use in the
field.
"The UIDAI has to prepare a Detailed Project Report
for entire project and for running the CIDR. It will need to
engage consultants for this purpose. Similarly, we will need
to put in place a well-staffed Project Management Unit (PMU)
and a Technology Development Unit (TDU). PMU will be an
integral part of UIDAI consisting of experts in the fields of
technology, law, procurement and communication to guide it
through the process," it said.
PTI
First Published: Sunday, December 13, 2009, 11:49