1) ‘Offline Verification Seeking Entities’ have been directed to require prior express consent of Aadhaar card holders for Aadhaar verification.
2) During this verification process the concerned organization must first ensure the security and privacy of the Aadhaar card customer’s information. And that assurance should be given to the concerned Aadhaar customer.
3) Consent of Aadhaar card customer should be recorded. In order to file such evidence as may be required at the time of audit by UIDAI or for any other legal requirement.
4) UIDAI as well as OVSEs have been told to use QR Code for Aadhaar verification. Incidentally, all forms of Aadhaar i.e. Aadhaar letter, e-Aadhaar, m-Aadhaar and Aadhaar PVC card contain this QR code. Instead of getting the Aadhaar card manually or in electronic form, this QR code has been suggested to be used.
5) All the organizations are instructed that no citizen can be excluded from providing services in any way.
6) OVSEs are also asked to keep other avenues open as an alternative to Aadhaar verification for providing services.
7) Verification entities should not normally collect, use or store the customer’s Aadhaar card related information. It means that the entire process should be limited to offline Aadhaar card verification.
8) After the verification process if OVSE feels that a copy of Aadhaar needs to be stored, they should ensure that it is not accessible to others in any way.
9) Even then verification entities have to alert UIDAI and concerned customer in case of data leakage. That too within 72 hours.
10) UIDAI has also warned that OVSEs should not verify Aadhaar information on behalf of other organizations or individuals in any way.