The government has decided to amend the Telegraph Act and the Prevention of Money Laundering Act in order to allow private entities such as banks and telecom service providers access to Aadhaar as one of the “know your customer” (KYC) methods. The amendments, cleared by the Union cabinet on Monday, propose stringent penalties for hackers.
The cabinet also approved 10-year jail terms for those found guilty of data breach; use of quick response (QR) codes for Aadhaar authentication; and parental consent for use of children’s biometric identification, said a government official, who asked not to be named. Currently, a person found guilty of breaching data can be imprisoned for as many as three years.
Monday’s decision allowing voluntary seeding of Aadhaar with bank accounts and mobile phone numbers will give statutory backing to the use of the 12-digit unique biometric identification number by private entities where it is justified. Finance minister Arun Jaitley had in October indicated that the Supreme Court judgement on Aadhaar had allowed scope for banks and mobile telephone companies to use the biometric identification number by way of new legislation. For such use, it has to be shown that the principle of proportionality is met—that is, it should not go beyond what is necessary to meet the policy objective.