Rajeev Chandrasekhar's official website - Member of Parliament

Ministry of Communication and Information Technology

TO BE ANSWERED ON 11.03.2016
Securing data ecosystem created under Digital India

1659. Shri Rajeev Chandrasekhar 

Will the Minister of COMMUNICATION AND INFORMATION TECHNOLOGY be pleased to state:-

(a) whether Government proposes to enact a data privacy legislation with a view to ensure that the vast data ecosystem created through Digital India is secured;

(b) if so, the details thereof;

(c) whether Government is aware of the fact that personal data of over 3,00,000 Aadhaar applicants in Maharashtra was leaked in 2013 due to inadequate privacy and data protection guidelines; and

(d) if so, the specific time-line by which Government intends to ensure that Digital India is bolstered by a robust privacy architecture?


(a) and (b): Section 43, Section 43A and Section 72A of the Information Technology Act, 2000 provides legal framework for privacy and Security of data in digital form. Section 43A mandates that body corporate, who collect personal data or information must provide privacy policy for handling of or dealing in personal information including sensitive personal data or information on their websites. Sections 43 and 43A of the Act provides for compensation to be paid to the victim in case of unauthorized access of information and leakage of sensitive personal information respectively. Section 72A provides for punishment for disclosure of information in breach of the lawful contract.

Further, the bill namely “The Aadhaar (Targeted Delivery Of Financial And Other Subsidies, Benefits And Services) Bill, 2016” introduced in Lok Sabha on 3rd March 2016 contains a chapter relating to protection of information collected and stored by UIDAI and correspondingly a separate chapter on offences and penalties thereto.

(c) and (d): Aadhaar data of residents (who gave their consent for sharing their data with banks for account opening, during Aadhaar enrolment) was shared with banks in a secured manner for the purpose of opening of their bank accounts by banks. There was no leakage of data or inadequate privacy and data protection issue.