Finger in every pie: Regular theft of biometric data shows how lax information storage is and why we need a strong law

News: Hyderabad police recently caught a man with around 2,000 fingerprints of separate individuals that were being used to purchase SIM cards, create bank accounts, and then engineer more frauds.

Widespread use of biometrics

Smaller public and private entities have now taken to biometrics with passion.

Bengaluru Metro is mulling a facial recognition-based pass and similar boarding is being planned for various airports as well.

Biometric access systems are proliferating in offices and apartments.

What are the challenges posed by increased use of biometrics?

The immense problem with this trend is that it is running apace without strong data protection protocols being put in place.

India has comprehensively embraced the digital economy without a matching data protection regime.

– Tons of personal data is being constantly collected. Moreover, there is a confusion about how it will be stored and used and who will have access to it.

Furthermore, disincentives in the Aadhaar Act are weak relative to the damage criminal behavior can wreck.

– For example, impersonation by providing false demographic or biometric information is punishable only by imprisonment up to three years or a fine of Rs 10,000 or both. Even such provisions are brought to bear on only a fraction of the cases of data misuse.

Way forward

Two key measures must be taken by India

– First, UIDAI should take steps to address issues highlighted in the CAG audit.

– Second, Parliament should no longer delay a comprehensive data protection law – with the strongest possible regulation against security-poor or unauthorized storage of identity information.

Source: This post is based on the article “Finger in every pie: Regular theft of biometric data shows how lax information storage is and why we need a strong law” published in The Times of India on 12th June 22.