Aadhaar holder should clearly be made aware of the data being collected, and its intended usage. Aadhaar holder's consent should be taken either on paper or electronically. Do not capture/store/use Aadhaar data without the consent of the individual to comply with the Aadhaar act. The purpose of accessing Aadhaar information needs to be disclosed to the resident clearly.

Government regulations state that the Aadhaar number and the PI data collected from the Aadhaar should not be stored in plain text, but rather in an encrypted manner. Aadhaar number specifically should not be stored in business tables and should not be used as the business' mapping key.

The Aadhaar number should be encrypted using a HSM based encryption system. Comprehensive guidelines on access and storage systems as shared by UIDAI can be found here.