Sakshi Dhoni, wife of legendary cricket M S Dhoni had raised a stink after her husband's Aadhaar cards details were made public by an Aadhaar enrollment agency. There has been a massive debate on whether the details of an individual are secure or not.
The Dhoni episode exposes a key fact and that is the outsourcing of the enrollment process to private agencies was a wrong move. The problem is that many in these private firms do not adhere to the norms. Putting up Dhoni's details on a public domain only shows how inexperienced the staff are. After Sakshi Dhoni raised a stink, the government was quick to act and the Commission Service Centre was blacklisted for 10 years.
The UIDAI has repeatedly said that the data of the people is safe. The argument is that since 2012 the UIDAI had done 500 crore authentications and there has not been a single case of identity theft. However if one reads through the Central Identities Data Repository Act there is a provision for punishment. Section 39 of the act says, "tampering of data in the CIDR or removal storage medium with an intention to modify or discover information relating to Aadhaar number holder will be punishable." This in itself looks like an admission that such acts are possible.
The other issue that needs to be taken note of is with regard to the filing of complaints when the data is misused. Only the UIDAI can file a complaint when the data of a resident is misused. There is no provision for the aggrieved person to file a complaint. However according to experts the biggest problem is that the enrollment process is outsourced. The set up to secure private data is weak and is very prone to data mining or hacking