What are the possible criminal penalties envisaged against the fraud or unauthorized access to data?

Following are the criminal offences and penalties provided in the Aadhaar Act, 2016 (as amended):

1. Impersonation by providing false demographic or biometric information, at the time of enrolment, is an offence – imprisonment up to 3 years or a fine of upto Rs. 10,000/- or with both.

2. Appropriating the identity of an Aadhaar number holder by changing or attempting to change the demographic and biometric information of an Aadhaar number holder is an offence - imprisonment upto 3 years and a fine of upto Rs. 10,000/-.

3. Pretending to be an agency authorized to collect Identity information of a resident is an offence – imprisonment up to 3 years or with a fine of upto Rs. 10,000 for a person, or up to Rs. 1 lakh for a company, or with both.

4. Intentionally transmitting/ disclosing information collected during enrolment/ authentication to an unauthorized person or in contravention of any agreement or arrangement under this Act is an offence – imprisonment upto 3 years or with a fine of            up to Rs. 10,000/- for a person, or of up to Rs. 1 lakh for a company, or with both.

5. Unauthorized access to the central identities data repository (CIDR) and hacking is an offence – imprisonment upto 10 years and a fine of minimum Rs. 10 Lakhs.

6. Tampering with data in the central identities data repository is an offence – imprisonment upto 10 years and a fine up to Rs. 10,000/-.

7. Unauthorized use of identity information of an individual by an requesting entity or Offline Verification Seeking Entity – imprisonment up to 3 years or fine up to Rs.10,000/- in case of a individual, or of upto Rs.1 Lakh in case of a company or with            both.

8. Penalty for an offence, for which no specific penalty is provided elsewhere - imprisonment upto 3 years or fine up to Rs.25,000/- in case of a individual, or of up to Rs.1 Lakh in case of a company or with both.