Tuesday, May 9, 2017

Sharing eKYC Data - NOT to be done!

UIDAI has on several occasions reiterated the need for eKYC data to be kept confidential. Our own reading is that eKYC data should never be shared between two separate corporate entities, no matter what the relationship between them.

When sensitive data is 'shared' between two entities, it is theoretically no longer secure. This is because each of the two entities can now claim that any data-leakage happened from the other entity.(i.e., It provides each of them an avenue to repudiate any possible data leakage).

Any entity, large or small that wants eKYC data of residents should therefore obtain it from UIDAI directly, submit itself to the rules and regulations of UIDAI, and maintain all data securely. (This seems to be the view of several large companies as well - which encourage entities to directly work with UIDAI rather than go via them.)

Here is a blog link that makes for an interesting read & has some more relevant information on the topic:

http://blog.finahub.com/2015/12/can-you-get-ekyc-data-without-kua.html






1 comment:

  1. Hai Thanks sir, This blog is very very helpful. Congratulations for your great work. Digital Signature Certificate in Delhi

    ReplyDelete