Roop's Law Assist
Waitlist

THE AADHAAR (DATA SECURITY) REGULATIONS, 20161

regulations · 2016 · State unknown

Download PDFParent ActBack to Subordinates
Parent: THE AADHAAR (TARGETED DELIVERY OF FINANCIAL AND OTHER SUBSIDIES, BENEFITS AND SERVICES) ACT, 2016 (e5452e76268985edd128a049b6e27a9ff6b4f2fb)

Text

THE AADHAAR (DATA SECURITY) REGULATIONS, 20161 [Updated as on 15.2.2024] In exercise of the powers conferred by clause (p) of subsection (2) of section 54 of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act; 2016, the Unique Identification Authority of India makes the following Regulations; namely: 1. Short title and commencement:- (1) These regulations may be called the Aadhaar (Data Security) Regulations, 2016. (2) These Regulations shall come into force on the date of their publication in the Official Gazette. 2. Definitions: (1) In these regulations, unless the context otherwise requires, a) cAct"> means the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act; 2016 (18 of 2016); "Authority" means the Unique Identification Authority of India established under sub- section (1) of section 11 of the Act; "Central Identities Data Repository" or "CIDR" means a centralised database in one Or more locations containing all Aadhaar numbers issued to Aadhaar number holders along with the corresponding demographic information and biometric information of such individuals and other information related thereto; ~enrolling agency" means an agency appointed by the Authority o Registrar, as the case may be, for collecting demographic and biometric information of individuals under this Act; ~information security policy" means the policy specified by the Authority under regulation 3 of these regulations; 'personnel" means all officers, employees, staff and other individuals employed or engaged by the Authority or by the service providers for discharging any functions under the Act; g "registrar" means any entity authorised Or recognised by the Authority for the purpose of enrolling individuals under this Ac

Rule TOC

1 · Short title and commencement:- (1) These regulations may be called the Aadhaar (Data Security) Regulations, 2016. (2) These Regulations shall come into force on the date of their publication in the Official Gazette.
2 · Definitions: (1) In these regulations, unless the context otherwise requires,
4 · Security obligations of the personnel. (1) The personnel shall comply with the information security policy, and other policies, guidelines, procedures, etc issued by the Authority from time to time. (2) Without prejudice to any action that may be taken under the Act, personnel may be liable to action in accordance with procedures specified by the Authority for this purpose:
5 · Security obligations of service providers, etc: The agencies, consultants, advisors and other service providers engaged by the Authority for discharging any function relating to its processes shall: ensure compliance with the information security policy specified by the Authority; b periodically report compliance with the information security policy and contractual requirements, as required by the Authority; report promptly to the Authority any security incidents affecting the confidentiality, integrity and availability of information related to the Authority's functions; ensure that records related to the Authority shall be protected from loss, destruction, falsification, unauthorised access and unauthorised release; ensure confidentiality obligations are maintained during the term and on termination of the agreement; ensure that appropriate security and confidentiality obligations are provided for in their agreements with their employees and staff members; ensure that the employees having physical access to CIDR data centers and logical access to CIDR data centers undergo necessary background checks; h) define the security perimeters holding sensitive information; and ensure only authorised individuals are allowed access to such areas to prevent any data leakage O misuse; and where they are involved in the handling of the biometric data, ensure that they use only those biometric devices which are certified by a certification body as identified by the Authority and ensure that appropriate systems are built to ensure security of the biometric data:
6 · Audits and inspection of service providers, etc: (1) All agencies, consultants, advisors and other service providers engaged by the Authority, and ecosystem partners such as
9 · Power to issue policies, process documents, etc: The Authority may issue policies, processes, standards and other documents, not inconsistent with these regulations, which are required to be specified under these regulations O for which provision is necessary for the purpose of giving effect to these regulations 10. Power to issue clarifications, guidelines and removal of difficulties: In order to clarify any matter pertaining to application Or interpretation of these regulations, or to remove any difficulties in implementation of these regulations, the Authority shall have the power to issue clarifications and guidelines in the form of circulars which shall have effect of these regulations