1. As a lot of personally identifiable information such as name,address,bio metrics (fingerprints,iris scans) is collected during the process of issuing the aadhar card.How is the security of data is maintained through out the life cycle (from the point of collection till the end of the process)
2. What international standards are complied with in terms of data security ?
3. Have there been any data breaches in the past.
4. Is any form of encryption or masking used when the data is stored in the database? are any database security measures followed ?
5. Are vulnerability assessments and penetration tests conducted on the infrastructure at periodic intervals ? Are steps taken to remediate the findings observed during the assessments
6. How is access to the data controlled?
7. I noticed that once you provide the aadhar card number,the Reliance Jio Representative was able to obtain all information from the database..Are corporates provided free access to data ?
8.Which are the agencies that can use the PII data of the citizens ? Is there a approval process to gain access to the data ?
9. Is the infrastructure storing personal data subject to regular audits and is the infrastructure resilient to disasters ?