GOVERNMENT OF TELANGANA IRRIGATION & CAD DEPARTMENT From To J.Vijaya Prakash, B.Tech All the Chief Engineer’s Engineer-in-Chief (IW) 1 & CAD Department 1 & CAD Department, Telangana Jalasoudha Building, Errum Manzil Hyderabad-500 082 E(P&M)/Et EE(2)/Mis 17. Sir, Sub: n & CAD Department-Finance (PF) Department —Institutional Finance-Aadhaar Act, 2016- Sensitizing all the Departments to protect personal data of beneficiaries collected for different schemes on public domain/website -Reg. Ref: Govt.Memo.No.5351/General/2017-1 dt:30.05.2017 along with the enclosures from the Secretary to Government , Finance (PF) Department, Circular memo.No.5636-A/99/PF/2017, dt:16.05.2017 ene Copy of the above reference along with its enclosures are herewith communicated to the Chief Engineers of I & CAD Dept., of Telangana and are requested to adhere and follow the instructions issued by the Government of India, Ministry of Communications & IT, department of Electronic & Information Technology, Unique identification authority of India for DO's and DONT's as in Annexure-I and Annexure-II respectively enclosed to protect the personal data of beneficiaries such as Aadhaar number, demographic information and other sensitive personal data such as bank account details etc., collected by department for sake of administration of various welfare scheme in the State of Telangana. // Treat this as “MOST IMPORTANT” // Encl: as above ref. Yours faithfully 3.Vijaya Prakash Engineer-in-Chief (IW) To 1 The Engineer-in-Chief (Irrigation), | & CAD Department, Jalasoudha Buildings, Errummanzil, Hyderabad The Director General, WALAMTARI, Himayathsagar, Hyderabad 30 3. The Chief Engineer, |.S.8W.R., | & CAD Department, Jalasoudha Buildings, Errummanzil, Hyderabad 4 The Chief Engineer,Minor Irrigation (Krishna Basin), | & CAD Department, 2nd floor Jalasoudha Buildings, Errummanzil, Hyderabad 5 The Chief Engineer,Minor Irrigation (Godavari Basin), | & CAD Department, 2nd floor, Jalasoudha Buildings, Errummanzil, Hyderabad 6 The Chief Engineer, C.D.0. | & CAD Department, 6th floor, Jalasoudha Buildings, Errummanzil, Hyderabad 7 The Chief Engineer, Kaleshwaram Project, | & CAD Department, Jalasoudha Buildings, Errummanzil, Hyderabad 8 The Chief Engineer, N.S.P& AMR SLBC Project, | & CAD Department, Ground floor, Jalasoudha Buildings, Errummanzil, Hyderabad1 12 13 14 15 16 7 18 19 20 2 The Administrator-cum-Chief Engineer, S.R.S.P., LMD Colony Karimnagar The Chief Engineer, (Projects) Karimnagar, Camp Office @Jalasoudha Buildings, Errummanzil, Hyderabad . The Chief Engineer, Hydrology and Investigation, | & CAD Department, Jalasoudha Buildings, Errummanzil, Hyderabad. The Commissioner, P & D, Godavari Basin, | & CAD Department, Ground floor, Jalasoudha Buildings, Errummanzil, Hyderabad The Chief Engineer ,Projects, Mahaboobnagar, Camp Office @ Jalasoudha Buildings, Errummanzil, Hyderabad The Chief Engineer, Q.C Wing, | & CAD Department, Jalasoudha Buildings, Errummanzil, Hyderabad. The Chief Engineer .GLIS, | & CAD Department, Chintagattu Warangal The Commissioner of Tenders, 1st floor, Ground Water Building, Chintal Basthi, Khairathabad, Hyderabad. ‘The Chief Engineer, Palamuru Ranga Reddy LIS, 6" floor, Ground Water Building, Chintal Basthi, Khairathabad, Hyderabad. The Chief Engineer, (Projects) , | & CAD Department, Adilabad The Chief Engineer, (Projects) , | & CAD Department, Khammam The Chief Engineer, Kaleshwaram Project, | & CAD Department, Karimnagar The Commissioner, CADA, | & CAD Department, Jalasoudha Buildings, Errummanzil, Hyderabad. eer to the DEE, Computer section, with a request to place in the Irrigation- website. (eo aeo CGr / 4 Ya 0, s & t ives GOVERNMENT OF|TELANGANA RN ane IRRIGATION & CAD (GENERAI at TA Memo.N: neral/2017-1, 2017 502 Sub: Irrigation & CAD Department - Finance (PF) Department — Institutional Finance - Aadhaar Act, 2016 - Sensitizing all the Departments to protect personal data of beneficiaries collected for different schemes on public domain/website - Reg. Ref: From the Secretary to Government, Finance (PF) Department, Circular Memo.No.5636-A/99/PF/2017, dated 16.05.2017. B&R A copy of the reference cited together with its enclosures is herewith sent to the Engineer-in-Chief (Irrigation)/Engineer-in-Chiet (AW)/Director, Ground Water Department/Director General, WALAMTARI & the I&CAD (OP) Department, and they are requested to take necessary action in the matter accordingly. ( Ve M.CHITTI RANI A b DEPUTY SECRETARY TO GOVERNMENT To je Engineer-in-Chief( Irrigation), Hyderabad. (w.e.). The Engineer-in- Chief(AW), Hyderabad. (w.e.). The Director, Ground Water Department, Hyderabad. (w.e.). & The Director General, WALAMTARI, Hyderabad. (w.e.). The I&CAD (OP) Dept. (w.e.). SF/SC. //FORWARDED:: BY ORDER// , Mm. hee , beso. SECTION OFFICERGOVERNMENT OF FINANCE (PF) 5 Ih Act, 2016 — Sensitizi} personal data of be: schemes on public dorat Reco onc narnia / received from the Dy. ge i JELANGANA | Institutional Finance - Aadhaar ‘all the Departments to protect iciaties collected for different \/website — Regarding. 41502, dated:26-04-2017 jirector General, Govt. of India, Ministry of Communications & IT, Department of Electronic & i Information Technology, Unique Identification Authority of India, Regional Office, Hyd. ee) In the reference cited, the Dy|Director General, Govt. of India, Ministry of Communications & IT, Information Techriology, Unique Id Regional Office has informed that in ¢o} in the public domain/website, details|} such as Aadhaar number, demographi personal data such a bank account Ministries/Departments/State Gove! administration of various welfare $4 Ministry of Communications & | It) Information Technology, Unique 14h prescribed DO’s and DONT’s in Annext is herewith enclosed, Therefore, all the Department directed to adhere and follow t] Government of India, Ministry of Com Electronic & Information Technolog) of India for DO’s and DONT’s as respectively enclosed to protect the pi as Aadhaar number, demographic j personal data such as bank accoun Departments for sake of administra the State of Telangana. ti This may be treated as “MOS i To All the Departments in Telangana Secretaria All the HoD’s in Telangana State, Hyderabad, All the Societies/Universities/autonomous Copy to: The PS to PFS/Secy.(IF). i | Department of Electronic & I tification Authority of India, nection with display/publishing personal data of beneficiaries, le and other sensitive tails etc., collected by different vent Departments for the sake of nes need to be protected. The Department of Electronic & ification Authority of India has Ire-I and Annexure-lI respectively | in Telangana State are hereby he instructions issued by the unications & IT, Department of JUniue Identification Authority Jn Annexure! and Annexure-I sonal data of beneficiaries such formation and other sensitive tails etc. collected by different In of various welfare schemes in PORTANT”. SANDEEP KUMAR SULTANIA SECRETARY TO GOVERNMENT |, Hyderabad. /{Forwarded by rm) dies in Telangana State. wot Home td dy ee SECTION OFFICER Order//Annexure-I DO's FOR AADHAAR USER AGENCIES/DEPARTMENTS i ‘il . Read Aadhaar Act, 2016 and its fi of all the provisions of the AadhadilAtt, 2016 and its Regulations. . Ensure that everyone involved in Aadhaar related work is well conversant with provisions of Aadhaar Act, 2016 ne its Regulations as well as processes, policies specifications, guidelines, Chreular etc issued by UIDAI from time to ee carefully and ensure compliance time. 3. Create internal awareness about consequences of breaches of data as per Aadhaar Act, 2016. 4, Follow the information security guidelines of UIDAI as released from time to time. | 5, Full Aadhaar number display must be controlled only for the Aadhaar holder or various special roles/users having the need within the agency/department. Otherwise, by default, all displays should be masked. 6. Verify that all data capture point and jfaymation dissemination points (website, report etc) should comply with UIDAI's mi i requirements. 7. If agency is storing Aadhaar numbelIn database, data must be encrypted and stored, Encryption keys must be protected securely, preferably using H5Ms. If simple spreadsheets are used, it IMnust be password protected and securely stored. . 8. Access controls to data must be in place to make sure Aadhaar number along with personally identifiable demographic data is protected. 9. For Aadhaar number look up in database, either encrypt the input and then look up the récord or use hashing to}| create Aadhaar number based index. 10,Regular audit must be conducted to ensure Aadhaar number and linked data is protected. | 11.Ensure that employees and officials understand the implications of the confidentiality and data privacy breach. | 12. An individual in the organization ye made responsible for protecting Aadhaar linked personal data. That person shuld be in charge of the security of system, access control, audit, etc. | 13, Identity and prevent any potential data breach or publication of personal data, 14. Ensure swift action on any breach ie data. 15. Ensure no Aadhaar data Is displayed or disclosed to external agencies or unauthorized persons. | 16. Informed consent - Aadhaar holder she uld clearly be made aware of the usage, the data being Collected, and its usage. Aadhar holder Consent should be taken either on paper or electronically. 17. Authentication choice - When doing authentication, agency should provide multiple ways to authenticate (fingerprint, iris, OTP) to ensure all Aadhaar holders are able to use it effectively. | . 18. Multi-factor for high security - When doing high value transactions, multi-factor authentication must be considered. | ||| | t At )F & "Fy 19. Create Exception handling mechanism on following lines- 7 20.1t is expected that a small percentage of Aadhaar holders will not be able to do biometric authentication. It is necessary that a well-defined exception handling mechanism be put in place to ensure inclusion. 21. If fingerprint is not working at all ever | after using multi-finger authentication, then alternate such as Iris or OTP must be provided. 22. If the schemes is family based (like PI 1S system), anyone in the family must be able to authenticate to avail the benefit. This ensures that even if one person is unable eone else in the family is able to to do any fingerprint authentication, authenticate. This reduces the err 23. 1f none of the above is working (multifinger, Iris, anyone in family, etc.), then agency must allow alternate exception tana hemes using card or PIN or other means. 24. All authentication usage must folloy |with notifications/receipts of transactions. 25. Allagencies implementing patho a ;ntication must provide effective grievances handling mechanism via multiple channels (website, call-center, mobile app, sms, fe significantly. physical-center, etc.). 26. Get all the applications using Aadhaar atilted & certified for its data security by appropriate authority such as STQC/CERT-IN. 27. Use only STQC/UIDAL certified biometric devices for Aadhaar authentication.Annexure-II DONT's FOR AADHAAR USER AGENCIES/DEPARTMENTS . Do not publish any personal identifjable data including Aadhaar in public domain/websites etc. Publication of Aadhaar details is punishable under Aadhaar act. . Do not store biometric information of Aadhaar holders collected for authentication. . Do not store any Aadhaar based data if Any unprotected endpoint devices such as Cs, laptops or smart phones or tablets pr any other devices. . Do not print/display out personally identifiable Aadhaar data mapped with any other departmental data such as on ration card/birth certificate/caste certificate/any other certficate/document. Aadhaar number if required to be printed, Aadhaar number should be truncated or masked. Only last four digits of Aadhaar can be displayed/printed. . Do not capture/store/use Aadhaar data without consent of the resident as per ‘Aadhaar act. The purpose of use of Aadhaar information needs to be disclosed to the resident. . Do not disclose any Aadhdar related information to any externai/unauthorized agency or individual or entity. | . Do not locate servers or other IT storage system/ devices having Aadhaar data outside of a locked, fully secured and acress-controlled room. . Do not permit any unauthorized a le to access stored Aadhaar data . Do not share Authentication lense key with any other entity.