GOVERNMENT OF TELANGANA
IRRIGATION & CAD DEPARTMENT
From To
J.Vijaya Prakash, B.Tech All the Chief Engineer’s
Engineer-in-Chief (IW) 1 & CAD Department
1 & CAD Department, Telangana
Jalasoudha Building, Errum Manzil
Hyderabad-500 082
E(P&M)/Et EE(2)/Mis
17.
Sir,
Sub:
n & CAD Department-Finance (PF) Department —Institutional
Finance-Aadhaar Act, 2016- Sensitizing all the Departments to protect
personal data of beneficiaries collected for different schemes on public
domain/website -Reg.
Ref: Govt.Memo.No.5351/General/2017-1 dt:30.05.2017 along with the
enclosures from the Secretary to Government , Finance (PF)
Department, Circular memo.No.5636-A/99/PF/2017, dt:16.05.2017
ene
Copy of the above reference along with its enclosures are herewith
communicated to the Chief Engineers of I & CAD Dept., of Telangana and are
requested to adhere and follow the instructions issued by the Government of India,
Ministry of Communications & IT, department of Electronic & Information
Technology, Unique identification authority of India for DO's and DONT's as in
Annexure-I and Annexure-II respectively enclosed to protect the personal data of
beneficiaries such as Aadhaar number, demographic information and other sensitive
personal data such as bank account details etc., collected by department for sake
of administration of various welfare scheme in the State of Telangana.
// Treat this as “MOST IMPORTANT” //
Encl: as above ref.
Yours faithfully
3.Vijaya Prakash
Engineer-in-Chief (IW)
To
1 The Engineer-in-Chief (Irrigation), | & CAD Department, Jalasoudha Buildings,
Errummanzil, Hyderabad
The Director General, WALAMTARI, Himayathsagar, Hyderabad 30
3. The Chief Engineer, |.S.8W.R., | & CAD Department, Jalasoudha Buildings,
Errummanzil, Hyderabad
4 The Chief Engineer,Minor Irrigation (Krishna Basin), | & CAD Department, 2nd floor
Jalasoudha Buildings, Errummanzil, Hyderabad
5 The Chief Engineer,Minor Irrigation (Godavari Basin), | & CAD Department, 2nd
floor, Jalasoudha Buildings, Errummanzil, Hyderabad
6 The Chief Engineer, C.D.0. | & CAD Department, 6th floor, Jalasoudha Buildings,
Errummanzil, Hyderabad
7 The Chief Engineer, Kaleshwaram Project, | & CAD Department, Jalasoudha
Buildings, Errummanzil, Hyderabad
8 The Chief Engineer, N.S.P& AMR SLBC Project, | & CAD Department, Ground floor,
Jalasoudha Buildings, Errummanzil, Hyderabad1
12
13
14
15
16
7
18
19
20
2
The Administrator-cum-Chief Engineer, S.R.S.P., LMD Colony Karimnagar
The Chief Engineer, (Projects) Karimnagar, Camp Office @Jalasoudha Buildings,
Errummanzil, Hyderabad .
The Chief Engineer, Hydrology and Investigation, | & CAD Department, Jalasoudha
Buildings, Errummanzil, Hyderabad.
The Commissioner, P & D, Godavari Basin, | & CAD Department, Ground floor,
Jalasoudha Buildings, Errummanzil, Hyderabad
The Chief Engineer ,Projects, Mahaboobnagar, Camp Office @ Jalasoudha
Buildings, Errummanzil, Hyderabad
The Chief Engineer, Q.C Wing, | & CAD Department, Jalasoudha Buildings,
Errummanzil, Hyderabad.
The Chief Engineer .GLIS, | & CAD Department, Chintagattu Warangal
The Commissioner of Tenders, 1st floor, Ground Water Building, Chintal Basthi,
Khairathabad, Hyderabad.
‘The Chief Engineer, Palamuru Ranga Reddy LIS, 6" floor, Ground Water Building,
Chintal Basthi, Khairathabad, Hyderabad.
The Chief Engineer, (Projects) , | & CAD Department, Adilabad
The Chief Engineer, (Projects) , | & CAD Department, Khammam
The Chief Engineer, Kaleshwaram Project, | & CAD Department, Karimnagar
The Commissioner, CADA, | & CAD Department, Jalasoudha Buildings,
Errummanzil, Hyderabad.
eer to the DEE, Computer section, with a request to place in the Irrigation-
website.
(eo
aeo
CGr /
4 Ya
0, s &
t ives GOVERNMENT OF|TELANGANA RN
ane IRRIGATION & CAD (GENERAI
at
TA Memo.N: neral/2017-1, 2017
502 Sub: Irrigation & CAD Department - Finance (PF) Department
— Institutional Finance - Aadhaar Act, 2016 -
Sensitizing all the Departments to protect personal data
of beneficiaries collected for different schemes on public
domain/website - Reg.
Ref: From the Secretary to Government, Finance (PF)
Department, Circular Memo.No.5636-A/99/PF/2017,
dated 16.05.2017.
B&R
A copy of the reference cited together with its enclosures is
herewith sent to the Engineer-in-Chief (Irrigation)/Engineer-in-Chiet
(AW)/Director, Ground Water Department/Director General, WALAMTARI
& the I&CAD (OP) Department, and they are requested to take
necessary action in the matter accordingly.
( Ve M.CHITTI RANI
A b DEPUTY SECRETARY TO GOVERNMENT
To
je Engineer-in-Chief( Irrigation), Hyderabad. (w.e.).
The Engineer-in- Chief(AW), Hyderabad. (w.e.).
The Director, Ground Water Department, Hyderabad. (w.e.).
& The Director General, WALAMTARI, Hyderabad. (w.e.).
The I&CAD (OP) Dept. (w.e.).
SF/SC.
//FORWARDED:: BY ORDER// ,
Mm. hee , beso.
SECTION OFFICERGOVERNMENT OF
FINANCE (PF) 5
Ih
Act, 2016 — Sensitizi}
personal data of be:
schemes on public dorat
Reco onc narnia /
received from the Dy.
ge
i
JELANGANA
| Institutional Finance - Aadhaar
‘all the Departments to protect
iciaties collected for different
\/website — Regarding.
41502, dated:26-04-2017
jirector General, Govt. of India,
Ministry of Communications & IT, Department of
Electronic &
i
Information
Technology, Unique
Identification Authority of India, Regional Office, Hyd.
ee)
In the reference cited, the Dy|Director General, Govt. of India,
Ministry of Communications & IT,
Information Techriology, Unique Id
Regional Office has informed that in ¢o}
in the public domain/website, details|}
such as Aadhaar number, demographi
personal data such a bank account
Ministries/Departments/State Gove!
administration of various welfare $4
Ministry of Communications & | It)
Information Technology, Unique 14h
prescribed DO’s and DONT’s in Annext
is herewith enclosed,
Therefore, all the Department
directed to adhere and follow t]
Government of India, Ministry of Com
Electronic & Information Technolog)
of India for DO’s and DONT’s as
respectively enclosed to protect the pi
as Aadhaar number, demographic j
personal data such as bank accoun
Departments for sake of administra
the State of Telangana. ti
This may be treated as “MOS
i
To
All the Departments in Telangana Secretaria
All the HoD’s in Telangana State, Hyderabad,
All the Societies/Universities/autonomous
Copy to: The PS to PFS/Secy.(IF).
i
| Department of Electronic &
I tification Authority of India,
nection with display/publishing
personal data of beneficiaries,
le and other sensitive
tails etc., collected by different
vent Departments for the sake of
nes need to be protected. The
Department of Electronic &
ification Authority of India has
Ire-I and Annexure-lI respectively
|
in Telangana State are hereby
he instructions issued by the
unications & IT, Department of
JUniue Identification Authority
Jn Annexure! and Annexure-I
sonal data of beneficiaries such
formation and other sensitive
tails etc. collected by different
In of various welfare schemes in
PORTANT”.
SANDEEP KUMAR SULTANIA
SECRETARY TO GOVERNMENT
|, Hyderabad.
/{Forwarded by
rm)
dies in Telangana State.
wot Home
td dy ee
SECTION OFFICER
Order//Annexure-I
DO's FOR AADHAAR USER AGENCIES/DEPARTMENTS
i
‘il
. Read Aadhaar Act, 2016 and its fi
of all the provisions of the AadhadilAtt, 2016 and its Regulations.
. Ensure that everyone involved in Aadhaar related work is well conversant with
provisions of Aadhaar Act, 2016 ne its Regulations as well as processes,
policies specifications, guidelines, Chreular etc issued by UIDAI from time to
ee carefully and ensure compliance
time.
3. Create internal awareness about consequences of breaches of data as per Aadhaar
Act, 2016.
4, Follow the information security guidelines of UIDAI as released from time to
time. |
5, Full Aadhaar number display must be controlled only for the Aadhaar holder
or various special roles/users having the need within the agency/department.
Otherwise, by default, all displays should be masked.
6. Verify that all data capture point and jfaymation dissemination points (website, report
etc) should comply with UIDAI's mi i requirements.
7. If agency is storing Aadhaar numbelIn database, data must be encrypted and
stored, Encryption keys must be protected securely, preferably using H5Ms. If
simple spreadsheets are used, it IMnust be password protected and securely
stored. .
8. Access controls to data must be in place to make sure Aadhaar number along
with personally identifiable demographic data is protected.
9. For Aadhaar number look up in database, either encrypt the input and then
look up the récord or use hashing to}|
create Aadhaar number based index.
10,Regular audit must be conducted to ensure Aadhaar number and linked data is
protected. |
11.Ensure that employees and officials understand the implications of the confidentiality
and data privacy breach. |
12. An individual in the organization ye made responsible for protecting Aadhaar
linked personal data. That person shuld be in charge of the security of system,
access control, audit, etc. |
13, Identity and prevent any potential data breach or publication of personal data,
14. Ensure swift action on any breach ie data.
15. Ensure no Aadhaar data Is displayed or disclosed to external agencies or unauthorized
persons. |
16. Informed consent - Aadhaar holder she uld clearly be made aware of the usage, the
data being Collected, and its usage. Aadhar holder Consent should be taken either
on paper or electronically.
17. Authentication choice - When doing authentication, agency should provide multiple ways
to authenticate (fingerprint, iris, OTP) to ensure all Aadhaar holders are able to use it
effectively. | .
18. Multi-factor for high security - When doing high value transactions, multi-factor
authentication must be considered. | |||
| t
At )F &
"Fy 19. Create Exception handling mechanism on following lines- 7
20.1t is expected that a small percentage of Aadhaar holders will not be able to do
biometric authentication. It is necessary that a well-defined exception handling
mechanism be put in place to ensure inclusion.
21. If fingerprint is not working at all ever | after using multi-finger authentication, then
alternate such as Iris or OTP must be provided.
22. If the schemes is family based (like PI 1S system), anyone in the family must be able
to authenticate to avail the benefit. This ensures that even if one person is unable
eone else in the family is able to
to do any fingerprint authentication,
authenticate. This reduces the err
23. 1f none of the above is working (multifinger, Iris, anyone in family, etc.), then agency
must allow alternate exception tana hemes using card or PIN or other means.
24. All authentication usage must folloy |with notifications/receipts of transactions.
25. Allagencies implementing patho a ;ntication must provide effective grievances
handling mechanism via multiple channels (website, call-center, mobile app, sms,
fe significantly.
physical-center, etc.).
26. Get all the applications using Aadhaar atilted & certified for its data security by
appropriate authority such as STQC/CERT-IN.
27. Use only STQC/UIDAL certified biometric devices for Aadhaar
authentication.Annexure-II
DONT's FOR AADHAAR USER AGENCIES/DEPARTMENTS
. Do not publish any personal identifjable data including Aadhaar in public
domain/websites etc. Publication of Aadhaar details is punishable under Aadhaar
act.
. Do not store biometric information of Aadhaar holders collected for
authentication.
. Do not store any Aadhaar based data if Any unprotected endpoint devices such as
Cs, laptops or smart phones or tablets pr any other devices.
. Do not print/display out personally identifiable Aadhaar data mapped with any other
departmental data such as on ration card/birth certificate/caste certificate/any other
certficate/document. Aadhaar number if required to be printed, Aadhaar number
should be truncated or masked. Only last four digits of Aadhaar can be
displayed/printed.
. Do not capture/store/use Aadhaar data without consent of the resident as per
‘Aadhaar act. The purpose of use of Aadhaar information needs to be disclosed to
the resident.
. Do not disclose any Aadhdar related information to any externai/unauthorized
agency or individual or entity. |
. Do not locate servers or other IT storage system/ devices having Aadhaar data
outside of a locked, fully secured and acress-controlled room.
. Do not permit any unauthorized a le to access stored Aadhaar data
. Do not share Authentication lense key with any other entity.