Section 20 in The Aadhaar (Authentication) Regulations, 2016
20. Maintenance of logs by Authentication Service Agencies.
(1)An Authentication Service Agency shall maintain logs of the authentication transactions processed by it, containing the following transaction details, namely:-(a)identity of the requesting entity;(b)parameters of authentication request submitted; and(c)parameters received as authentication response:Provided that no Aadhaar number, PID information, device identity related data and e-KYC response data, where applicable shall be retained.(2)Authentication logs shall be maintained by the ASA for a period of 2 (two) years, during which period the Authority and/or the requesting entity may require access to such records for grievance redressal, dispute redressal and audit in accordance with the procedure specified in these regulations. The authentication logs shall not be used for any purpose other than stated in this sub-regulation.(3)Upon expiry of the period specified in sub-regulation (2), the authentication logs shall be archived for a period of five years, and upon expiry of the said period of five years or the number of years as required by the laws or regulations governing the entity whichever is later, the authentication logs shall be deleted except those logs required to be retained by a court or which are required to be retained for any pending disputes.(4)The ASA shall comply with all applicable laws in respect of storage and maintenance of these logs, including the Information Technology Act, 2000.(5)The obligations relating to authentication logs as specified in this regulation shall continue to remain in force despite termination of appointment in accordance with these regulations.
