After Jharkhand issue, Centre cautions states against Aadhaar data leak

The Centre has cautioned states against disclosing Aadhaar data and other personal details of individuals on their official websites, warning such actions can attract jail term of three years.

The Union IT Ministry has also asked the states to review website content of various departments and take "precautions" to ensure that personal data of individuals, including Aadhaar numbers or bank account details, do not appear on portals.

The direction comes within days of a series data breach coming to light in Jharkhand, wherein Aadhaar numbers of lakhs of pension beneficiaries were displayed on a website of the state government.

IT Secretary Aruna Sundararajan has shot off a letter to chief secretaries of all states and UTs over data sharing on websites of departments, asking them to ensure strict compliance with provisions of the Information Technology Act 2000 and the Aadhaar Act 2016.

"... There have been instances wherein personal identity or information of residents, along with Aadhaar numbers and demographic information and other sensitive personal data such as bank details collected by ministries ... State departments for the administration of welfare schemes etc. Have been published online," said the letter dated April 24.

Publishing such information is a clear contravention of the provisions of the Aadhaar Act and constitutes an offence punishable with imprisonment up to three years, the letter said.

"Further publishing of financial information, including bank details being sensitive personal data, is also in contravention of the provisions under IT Act 2000 with violations liable to pay damages by way of compensation to persons affected," the letter pointed out.

The IT secretary has asked the states to take all precautions while publishing or sharing data on their websites and ensure compliance with the said legislations "with immediate effect".

"Further they are also requested to review their website contents and quality as per the standard guidelines...It is also advised that any such contents already published or still appearing publicly, may be discontinued immediate effect," it added.

The letter comes amid recent instances of data leak on official websites, including a portal of the Jharkhand government displaying Aadhaar numbers of lakhs of pension beneficiaries. The breach involved Aadhaar, mobile numbers and bank details.

There had also been media reports that the website of the Food and Civil Supplies Department of Chandigarh publicised Aadhaar numbers of PDS beneficiaries.

Earlier, cricketer M S Dhoni's personal Aadhaar details too were leaked. The UIDAI has filed a FIR on the matter and a police probe is on.