The Insurance Regulatory and Development Authority of India (IRDAI) has made it clear that it is not mandatory for insurance companies to use Aadhar number to authenticate clients or policyholders. They can do so only if they have the consent of the client or policyholder.
A couple of circulars in the year 2013 and 2015 allowed insurers to use e-KYC service initiated by Unique Identification Authority of India or UIDAI for KYC verification of clients or policyholders.
A bench of nine Supreme Court judges, headed by ex-Chief Justice of India JS Khehar, affirmed that Right to Privacy stands along with Right to Life and Right to Liberty, as per the Constitutions’ Article 21. And the Aadhar number fits into Right to Privacy category.
UIDAI has modified Aadhar Regulations for Authentications and prescribes the steps needed for authentication using Aadhar number. Insurers can utilize the mechanism to authenticate users either by biometric matching and/or One Time Password sent to their registered phone number or email id.
The regulatory body maintains that the data downloaded is sufficient for authenticating users. However, in cases of mismatch of some parameters such as name or photograph, insurers can seek for additional records to verify the same.