Compliance of Income Tax Act and Aadhaar Act for Data Sharing – Compliance of the IT Act, 2000 and Aadhaar Act, 2016
CGA Circular on Data Sharing
A-32014/1/2016/ Misc/MF.CGA(A)/Gr B/Part-A/71
O/o Controller General of Accounts
Mahalekha Niyantrak Bhawan
Block E, GPO Complex INA, Delhi
Group B Section
Sub : Data Sharing — Compliance of the IT Act, 2000 and Aadhar Act, 2016-reg,
Please find enclosed herewith a copy of Office Memorandum. No. A-12034/1/2017-Ad .I dated 31/03/2017 received from Ad.I Section, Ministry of Finance, Department of Expenditure on the subject cited above for information and compliance.
File No.A – 12034/1/2017.Ad.I
Government of India
Ministry of Finance
Department of Expenditure
New Delhi, Dated : 31.03.2017
Subject:- Data Sharing-Compliance of the IT Act, 2000 and Aadhaar Act, 2016-reg.
The undersigned is directed to forward herewith a copy of Ministry of Electronics & Information Technology O.M No.10(36)/2015- EG-II(Vol-V) dated 25.03.2017 on the subject mentioned above for information and compliance.
(S. K. Biswas)
Under Secretary to the Government of India
No. 10(36)/2015-EG-II (Vol-V)
Government of India
Ministry of Electronics & Information Technology
6, CGO Complex,
New Delhi – 110003
Subject: Data Sharing – Compliance of the IT Act, 2000 and Aadhaar Act, 2016
It has come to notice that there have been instances wherein personal identity or information of residents, including Aadhaar number and demographic information, and other sensitive personal data such as bank account details etc. collected by various Ministries/Departments, State Government Departments, in the administration of its various welfare schemes etc. has been reportedly published online and is accessible through an easy online search.
The said act of publishing identity information i.e. Aadhaar number along with demographic information such as name, date of birth, address etc. is in clear contravention of the provisions of the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, more specifically Section 29 (2), Section 29 (3) and 29 (4) and constitutes an offence under Sections 37, 40 & 41 punishable with imprisonment upto 3 years.
Further, publishing of financial information including bank account details, being sensitive personal data, is also in contravention of provisions under the Information Technology Act, 2000 and the Rules framed thereunder, more specifically Rule 3 & Rule 6 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal data or Information) Rules, 2011 and constitutes an offence under Section 43 A of the Information Technology Act, 2000 and the offending parties are liable to pay damages by way of compensation to persons affected.
In view of the above, it is hereby informed that any act of publishing personal identity or information i.e. Aadhaar number and demographic details alongwith personal sensitive information such as bank details, in contravention of the Aadhaar Act, 2016 and the Information Technology Act, 2000 may be refrained with immediate effect. Further, any such content already published and still appearing publicly may be discontinued with immediate effect.