Introduction The Department of Posts (DoP) handles sensitive personal data, including Aadhaar numbers, biometric information, and e-KYC details, for authentication with UIDAI. To ensure data security and prevent unauthorized access, DoP follows stringent security protocols and complies with the latest data protection laws.
This policy aligns with UIDAI's Information Security Policy, DoP’s Information Security Management Policy, and other relevant regulations governing Aadhaar data processing.
Purpose of Aadhaar Data Collection
Aadhaar data is collected solely for authentication and e-KYC verification.
Data processing is done in compliance with the Aadhaar Act 2016 and related regulations.
No Aadhaar data is used beyond the specified purpose, even with user consent, unless legally permitted.
Personal data is protected under the IT Act 2000, DPDP Act 2023, and other applicable rules.
Prohibition of Aadhaar Data Storage
DoP does not store Aadhaar numbers or biometric data in any form.
No PID (Personal Identity Data) is retained post-authentication.
Only response parameters from UIDAI are maintained for verification purposes.
Aadhaar Number Masking
Full Aadhaar numbers are only displayed to authorized employees and the Aadhaar holder.
By default, only the last four digits of Aadhaar numbers are shown.
Aadhaar Data Security Measures
Robust encryption and access controls safeguard Aadhaar data.
Security breaches affecting UIDAI data integrity are reported immediately.
NDAs with employees and third parties handling Aadhaar data ensure confidentiality.
Only STQC-certified biometric devices are used for capturing biometric data.
No biometric data is stored on terminal devices.
System logs track transactions but exclude PID, biometric, and OTP details.
Regular Vulnerability Assessments ensure application security.
Intrusion detection and prevention systems are implemented.
Endpoints handling Aadhaar data are protected with antivirus/malware detection tools.
Aadhaar Authentication Guidelines
Authentication is conducted strictly for lawful purposes.
Aadhaar holders are informed about the authentication process and alternatives.
Authentication notifications are sent via email, SMS, or phone.
Electronic consent is obtained for each authentication, with logs maintained.
Compliance with UIDAI Guidelines
DoP strictly follows UIDAI’s guidelines for Aadhaar authentication and e-KYC.
Employees receive Aadhaar authentication security training during induction.
Only authorized AUA, ASA, and KUA agencies handle authentication.
Internal awareness campaigns educate employees about Aadhaar data breaches.
e-KYC information is stored in encrypted format per UIDAI standards.
Aadhaar-related applications undergo security audits before deployment and post-updates.
Aadhaar data is never hosted outside India.
Annual security audits are conducted by certified auditors, with reports submitted to UIDAI.
Compliance with Data Protection Laws
DoP adheres to Aadhaar Act 2016, IT Act 2000, DPDP Act 2023, and UIDAI regulations.
Aadhaar data protection policy is publicly available at India Post Website.
Data processing follows principles of accountability, consent, and purpose limitation.
Encryption, secure transmission, and periodic audits ensure compliance.
Privacy-enhancing measures such as anonymization and minimization are implemented.
Aadhaar Grievance Redressal
Any Aadhaar-related grievances are promptly addressed.
DoP appoints a grievance officer to handle Aadhaar privacy concerns.
Regulatory References
Aadhaar Act, 2016 and its associated regulations.
Aadhaar (Authentication and Offline Verification) Regulations, 2021.
UIDAI Information Security Policy for AUA/KUA.
IT Act, 2000 & IT (Amendment) Act, 2008.
IT (Reasonable Security Practices & Procedures) Rules, 2011.
DPDP Act, 2023.
.jpg)
.jpg)