Data Sharing Policy Central Board of Excise and Customs
Data Sharing Policy Central Board of Excise and Customs
Data Sharing Policy Central Board of Excise and Customs
February 2015
Internal Page 1 of 44
Data Sharing Policy Central Board of Excise and Customs
1. INTRODUCTION.......................................................................................................................... 3
2. NEED FOR DATA SHARING POLICY ..................................................................................... 3
2.1 CURRENT STATUS ............................................................................................................................. 3
2.2 NEED FOR POLICY ............................................................................................................................. 4
2.3 SCOPE AND APPLICABILITY............................................................................................................... 5
3. DATA CATEGORISATION ........................................................................................................ 6
3.1 SENSITIVE ......................................................................................................................................... 6
3.2 NON-SENSITIVE DATA ...................................................................................................................... 8
4. USER CATEGORISATION ......................................................................................................... 9
4.1 STATUTORILY MANDATED................................................................................................................ 9
5. REQUEST CATEGORISATION AND MODALITY OF DATA SHARING.........................10
5.1 AD-HOC REQUEST-BASED ...............................................................................................................11
5.2 STRUCTURED EXCHANGE OF IDENTIFIED DATA ...............................................................................11
6. FUNDING FOR DATA SHARING.............................................................................................12
7. DATA STORAGE AND RETENTION ......................................................................................12
8. RECIPROCITY CLAUSE ...........................................................................................................12
9. SAVING CLAUSE ........................................................................................................................12
10. ANNEX A- CURRENT DATA EXCHANGE WITH EXTERNAL AGENCIES ...................14
11. ANNEX B- CURRENT DATA EXCHANGE WITH INTERNAL AGENCIES.....................19
12. ANNEX C- ISO 27001/27002 .......................................................................................................22
13. ANNEX D- IT CONNECTIVITY PROTOCOLS......................................................................27
14. ANNEX E- REQUEST BASED TEMPLATE ............................................................................30
15. ANNEX F- PROPOSED DATA SHARING PROCESS ............................................................32
16. ANNEX G- DRAFT MOU............................................................................................................34
17. ANNEX H-DEFINITIONS...........................................................................................................43
Internal Page 2 of 44
Data Sharing Policy Central Board of Excise and Customs
1. Introduction
Data is universally recognized as a valuable resource that should be maintained in a
manner which ensures that its potential value is optimally realized. Most data today
is maintained and exchanged electronically, which has increased the ease of
exchange of data and at the same time increased the need for a structured and
secure mechanism for such an exchange. India’s National Data Sharing and
Accessibility Policy (NDSAP) states inter alia that the principles on which data sharing
and accessibility need to be based include: Openness, Flexibility, Transparency,
Protection of Intellectual Property, Formal responsibility, Professionalism,
Interoperability, Quality, Security, Efficiency, Accountability, Sustainability and
Privacy. There is a large quantum of data generated at the cost of public funds by
various organizations and institutions in the country and this data can be used for
scientific, economic and developmental purposes.
The Central Board of Excise and Customs (CBEC) has a rich repository of taxpayer
data pertaining to Customs, Central Excise and Service Tax. The Directorate of
Systems (DoS), CBEC holds this data in its IT systems in a Custodial capacity. Online
transactional data pertaining to Customs, Central Excise and Service Tax resides in
the respective business applications, namely, ICES, ACES, ICEGATE, etc. The
centralization of its consolidated IT Infrastructure has also enabled CBEC to create an
Enterprise Data Warehouse (EDW) which is also actively being used to address the
data requests of both internal and external agencies.
There has been an increasing demand by several external agencies that the data
which is collected with the deployment of public funds should be made readily
available to all for enabling rational debate, better decision-making, policy
formulation and use in meeting civil society needs.
Currently, data is being shared with multiple internal and external agencies within
India, in different ways and modalities. CBEC’s ICEGATE application serves as the
interface for providing Customs transactional data to agencies such as DGFT, DGCIS,
Internal Page 3 of 44
Data Sharing Policy Central Board of Excise and Customs
RBI, etc. Data from the Enterprise Data Warehouse is being increasingly used for
answering Parliament questions and for framing responses to applications received
under the Right to Information (RTI) Act. The details of such exchange with external
and internal agencies within India are tabulated at Annex-A and Annex-B
respectively.
CBEC holds indirect tax data in a Custodial capacity. As discussed above, the data
requests from the external users have increased very significantly. In addition, since
2011 CBEC has adopted the ISO 27001 standard for information security for which it
is audited every year by Standards Testing Quality and Certifications, a body under
the Ministry of Information and Communication Technology (MICT) for compliance.
This standard which has been revised in 2013 has a specific domain of
communications security where stringent guidelines have been laid down for
Information Transfer within an organization and with any external entity. The
relevant extract is placed at Annex-C.
This needs to be seen in the context of increasing demands for data in view of
increasing awareness of the value and benefits that such data brings, which include:
Internal Page 4 of 44
Data Sharing Policy Central Board of Excise and Customs
Also, while some exchanges, such as those between ICEGATE and DGFT & DGCIS are
structured and well established, most of the others are in the nature of ad-hoc
requests and there is a need to bring structure and rigour to the process for
entertaining requests for data and providing such data.
All the above make it imperative for CBEC to formulate a Data Sharing policy along
with a protocol for exchange of data with external entities within India. In course of
time, a similar protocol for exchange of data with external entities outside India may
also have to be established.
This document lays down the policy governing information exchange between
CBEC and external agencies within India.
Internal Page 5 of 44
Data Sharing Policy Central Board of Excise and Customs
3. Data Categorisation
Data
Non-
Sensitive
Sensitive
Shareable with
defined
Shareable
Protocols/Approv
als
The data available with CBEC is categorised for shareability based upon its
sensitivity, granularity, criticality and ownership/data origination. In line with the
categorization of data prescribed in NDSAP, data is then classified as Shareable and
Non-shareable. As can
n be seen from the diagram above
above,, CBEC data elements have
been categorised as Sensitive and Non
Non-Sensitive. Data falling under the Sensitive
category shall ordinarily be provided against a specific authorized request on a case
to case basis and backed with a Non-disclosure Agreement between the requestor
and CBEC.. For regular/periodic requests for data, the requestor shall enter into a
MoU (Annex-G) and Non-disclosure
disclosure Agreement for such data with CBEC.
3.1 Sensitive
Internal Page 6 of 44
Data Sharing Policy Central Board of Excise and Customs
Internal Page 7 of 44
Data Sharing Policy Central Board of Excise and Customs
Data which is placed on CBEC’s website in compliance with the RTI Act and long
standing agreements/practice such as the Daily Trade Report (DTR) etc shall also fall
into this category.
CBEC may, at its discretion, decide to openly publish any data which it feels is
required in the interest of transparency or public good.
As regards the modalities of sharing such Non-Sensitive data for which requests are
received by the CBEC, the modalities would be governed by the process prescribed
for servicing of ad-hoc data requests. Thus, an entity requesting for Non-Sensitive
data would be required to send the data request in the prescribed template (Annex-
E) and indicate the name of the person duly authorised to receive the data and once
the request is processed, CBEC shall ordinarily transmit the data to the requestor’s
official e-mail ID.
Internal Page 8 of 44
Data Sharing Policy Central Board of Excise and Customs
4. User Categorisation
User/
Requestor
Research
Statutorily Other Government
Organisations,
Mandated agencies . .
Commissions etc
Right to State
Others
Information Act Governments
Internal Page 9 of 44
Data Sharing Policy Central Board of Excise and Customs
regular/periodic requests for data, the requestor shall enter into a MoU (Annex-G)
and Non-disclosure Agreement for such data with CBEC.
Internal Page 10 of 44
Data Sharing Policy Central Board of Excise and Customs
Under this category, data will be shared on the basis of a specific request for the
same. It would cover requests which seek a limited amount of data for a specific
entity and is related to an organizational requirement, an investigation or inquiry. All
requests will be entertained only when sent in the prescribed template (Annex- E).
This template would be available on CBEC’s website www.cbec.gov.in
In each such case where this request is fulfilled by the Directorate of Systems, the
data shall be provided only with the approval of Director General (Systems).
In such cases data shall ordinarily be provided over requestor’s official e-mail in
response to the data request template at Annex- E received either over e-mail or
preferably in hard copy. In case it is found that the e-mail so received has not come
from a proper domain or is detected to be a malicious e-mail, CBEC reserves the
right to take such action including forensic investigation by third party auditors and
/or legal remedy, as may be required. If malicious intent is established, CBEC at its
discretion may choose not to provide any further data to the said entity
Internal Page 11 of 44
Data Sharing Policy Central Board of Excise and Customs
Data under this category would ordinarily be exchanged through a secure electronic
mechanism. In due course, it would be CBEC’s endeavour to secure such exchange
through Digital Signatures whether personal or server level.
8. Reciprocity Clause
The Government agencies, research organisations, etc seeking information/ data
from CBEC would be bound to share data owned by them and requested of them by
CBEC should there be a requirement of the same. The reciprocity clause would be
made part of the MoU/Agreement that CBEC would be entering into with the said
agencies/ organisations for sharing data with them.
9. Saving Clause
Any organization/entity that receives data from CBEC under this policy assumes all
legal liability arising out of any precipitative action taken by such organization/entity
based on this data.
Internal Page 12 of 44
Data Sharing Policy Central Board of Excise and Customs
The recipient of the data shall ensure that data containing information specified to be
confidential by CBEC or agreed mutually to be confidential between CBEC and the
recipient are maintained in confidence and are not disclosed or transmitted to any
unauthorized persons nor used for any purposes other than those intended by the
parties. When authorized, further transmission of such confidential information shall
be subject to the same degree of confidentiality.
Internal Page 13 of 44
Data Sharing policy V 0.1 Central Board of Excise and Customs
S Transfer Source Target Scripts or Directly Type of Frequency Mode of Transfer Mode
No Type Application Application through Data Transmission ( Dump/E-mail
(Internal) / Application/Database /SFTP/CD
Agency (
External)
1 Near ICES EICI Scripts Directory Once in every Automated Public SFTP
Real dump of day at 06:30 am
Time selected
directories
2 Near ICES SEZ Online Scripts Directory As on demand ICEGATE Public SFTP
Real dump of
Time selected
directories
3 Periodic ICES CAG Scripts ICES Imports As on demand SI/ICES Through CD
/ Exports
dump -
Financial
Internal Page 14 of 44
Data Sharing policy V 0.1 Central Board of Excise and Customs
S Transfer Source Target Scripts or Directly Type of Frequency Mode of Transfer Mode
No Type Application Application through Data Transmission ( Dump/E-mail
(Internal) / Application/Database /SFTP/CD
Agency (
External)
year wise
4 Near ACES EASIEST ( Direct through Assessee Twice in a day at Automated Public SFTP
Real NSDL) Application registration 8am and 8 Pm
Time data
5 Near EASIEST ACES Direct through E-payment Twice in a day at Automated Public SFTP
Real (NSDL) Application data 7am and 7 Pm
Time
6 Real ICEGATE Institutional Direct through With banks Real time Automated Public SFTP
Time Partners Application for Challan
Data,
Custodian
Messages,
with DGFT
7 Near EASIEST EDW Direct through E-payment Twice in a day at Automated Public SFTP
Real (NSDL) Application data 7am and 7 Pm
Internal Page 15 of 44
Data Sharing policy V 0.1 Central Board of Excise and Customs
S Transfer Source Target Scripts or Directly Type of Frequency Mode of Transfer Mode
No Type Application Application through Data Transmission ( Dump/E-mail
(Internal) / Application/Database /SFTP/CD
Agency (
External)
Time
8 Ad-Hoc RBI ICES/ICEGATE Scripts AD Code Adhoc provided RBI ( Manual) By E-mail
Dump by RBI for
uploading in
ICES
9 Ad-Hoc CBDT CBEC Scripts PAN data , As on demand CBDT ( Public SFTP
returns and Manual)
payments
10 Ad-Hoc CBEC MCA Scripts Company As on demand MCA ( Public SFTP
registration Manual)
and returns
data
11 Periodic DGFT ICEGATE Direct through License Hourly basis by Automated Public SFTP
Application details, IEC ICEGATE
Internal Page 16 of 44
Data Sharing policy V 0.1 Central Board of Excise and Customs
S Transfer Source Target Scripts or Directly Type of Frequency Mode of Transfer Mode
No Type Application Application through Data Transmission ( Dump/E-mail
(Internal) / Application/Database /SFTP/CD
Agency (
External)
12 Ad-Hoc ICEGATE DGCIS Direct through Daily SB and once in a day by Automated Public SFTP
Application BE details ICEGATE
after ooc
and LEO
13 Real ICEGATE DGFT Direct through Exporter ICEGATE - to be Automated Public SFTP
Time Application wise checked
shipping bill
details
14 Periodic EDW DEA Import Weekly/Monthly E-mail
Details of
Gold
15 Periodic EDW Ministry of Custom 2-3 months E-mail
Petroleum imports;
transactional
level for
Internal Page 17 of 44
Data Sharing policy V 0.1 Central Board of Excise and Customs
S Transfer Source Target Scripts or Directly Type of Frequency Mode of Transfer Mode
No Type Application Application through Data Transmission ( Dump/E-mail
(Internal) / Application/Database /SFTP/CD
Agency (
External)
Liquified
Natural Gas
(LNG)
Periodic EDW Directorate Custom Monthly E-mail
General of imports;
Anti- transactional
Dumping level
(Ministry of
Commerce)
Note:- The EDW team has been providing data on ad-hoc basis with the approval of DG (Systems) to External Agencies such as
the Comptroller and Auditor General of India, Ministry of Statistics and Programme Implementation, National Council of
Economic and Applied Research, National Institute of Public Finance and Policy, VAT Departments of Gujarat and Punjab, the
Rubber Board of India, Shah Commission, Tax Administrative Reforms Commission etc.
Internal Page 18 of 44
Data Sharing policy V 0.1 Central Board of Excise and Customs
S Transfer Source Target Scripts or Type of Data Frequency Mode of Transfer Mode (
No Type Application Application Directly Transmission Dump/E-mail
(Internal) / through /SFTP/CD
Agency ( Application/
External) Database
1 Near ICES DRI Scripts Oracle Export dump 1. On Submission Automated DRI SFTP
Real for every 2 hours
Time 1. On Submission BE 2. EOD data -
and SB Once in a day
2. End of Day after 3am/4am
OOC and LEO 3. EOD Data -
3. End of day IGM data Once in a day -
4. Monthly directory 4am
dumps for 14 4. Monthly on
directories every 1st day at
7 am
2 Near ICES ACES Scripts IEC data Every Day at Automated SFTP
Real 6:30 am
Time
3 Near ICES Custom Duty Scripts Directory dump of Every Day at 6 Automated Public SFTP
Real Calculator selected directories am
Time
4 Near ICES ICEGATE Scripts Daily revenue data ( Once in a day at Automated SFTP / Web site
Real Web site Daily list) 7 am
Time
5 Near ACES ICES Scripts ST refund data Every day at Automated SFTP
Real 00:30
Internal Page 19 of 44
Data Sharing policy V 0.1 Central Board of Excise and Customs
S Transfer Source Target Scripts or Type of Data Frequency Mode of Transfer Mode (
No Type Application Application Directly Transmission Dump/E-mail
(Internal) / through /SFTP/CD
Agency ( Application/
External) Database
Time
6 Periodic ACES EDW Directly DR Database for Once in Automated Database
differential data Fortnight
7 Periodic ICES EDW Directly DR ICES Database for Every Day Automated Database
differential data morning
8 Periodic ICES DRI, CBEC Scripts Onion, wheat and Rice Weekly - Every SI ( Manual) By E-mail
report Monday
9 Periodic ICES DRI, CBEC Scripts Monthly revenueMonthly - on SI ( Manual) By E-mail
report - Site wise every 1st of
month
10 Periodic ICES ICEGATE Scripts Total BE and SB filing Every Day at 8 Automated By E-mail
site wise am
11 Periodic EDW TRU Import details of Gold Monthly By E-mail
and Silver, Data
pertaining to Pol/Non-
Pol commodities
12 Periodic EDW Chairperson, Central Excise Monthly By E-mail
CBEC’s Office Revenue Reports
13 Periodic EDW Commission Import Details under Quarterly By E-mail
er (Customs various Free Trade
& Export Agreements (FTAs)
Promotion)
Internal Page 20 of 44
Data Sharing policy V 0.1 Central Board of Excise and Customs
Note:- The EDW team has been providing data on ad-hoc basis to internal formations such as Commissionerates, Directorate of
Revenue Intelligence, Directorate General of Central Excise Intelligence, Directorate General of Valuation, Directorate General
of Audit etc
Internal Page 21 of 44
Data Sharing policy V 0.1 Central Board of Excise and Customs
13 Communications Security
Control
Formal transfer policies, procedures and controls should be in place to protect the
transfer of information through the use of all types of communication facilities.
Implementation guidance
The procedures and control to be followed when using communication facilities for
information transfer should consider the following items:
a) procedures designed to protect transferred information from interception,
copying modification, mis-routing and destruction;
b) procedures for the detection of and protection against malware that may be
transmitted though the use of electronic communication (see 12.2.1);
c) procedures for protecting communicated sensitive electronic information that
is in the form of an attachment;
d) policy or guidelines outlining acceptable use of communication facilities (see
8.1.3);
e) personnel, external party and other user’s responsibilities not to compromise
the organization, e.g. through defamation, harassment, impersonation,
forwarding of chain letters, unauthorized purchasing etc.;
f) use of cryptographic techniques e.g. to protect the confidentiality, integrity
and authenticity of information (see Clause 10);
g) retention and disposal guidelines for all business correspondence, including
messages, in accordance with relevant national and local legislation and
regulation;
h) control and restriction associated with using communication facilities, e.g.
automatic forwarding of electronic mail to external mail addresses;
i) advising personnel to take appropriate precautions not to reveal confidential
information;
Internal Page 22 of 44
Data Sharing policy V 0.1 Central Board of Excise and Customs
In addition, personnel should be reminded that they should not have confidential
conversation in public places or over insecure communication channels, open offices
and meeting places.
Information transfer services should comply with any relevant legal requirements
(see 18.1).
Other information
Information transfer may occur through the use of a number of different types of
communication facilities, including electronic mail, voice facsimile and video.
The business legal and security implication associated with electronic data
interchange, electronic commerce and electronic communications and the
requirements for controls should be considered.
Control
Agreement should address the secure transfer of business information between the
organization and external parties.
Implementation guidance
Internal Page 23 of 44
Data Sharing policy V 0.1 Central Board of Excise and Customs
The information security content of any agreement should reflect the sensitivity of
the business information involved.
Other Information.
Agreements may be electronic or manual, and may take the form of formal
contracts. For confidential information, the specific mechanisms used for the transfer
of such information should be consistent for all organization and types of
agreements.
Control
Implementation guidance
Internal Page 24 of 44
Data Sharing policy V 0.1 Central Board of Excise and Customs
Other information
There are many types of electronic messaging such as email, electronic data
interchange and social networking which play a role in business communications.
Control
Other information
Internal Page 25 of 44
Data Sharing policy V 0.1 Central Board of Excise and Customs
Internal Page 26 of 44
Data Sharing policy V 0.1 Central Board of Excise and Customs
TACACS/ CHAP
8 Max File Size Only one file shall be accepted for each transaction
Internal Page 27 of 44
Data Sharing policy V 0.1 Central Board of Excise and Customs
11 Audit Logs Audit logs will be created for each transaction and user
activity. These may be subject to third party audits
commissioned by CBEC.
Data Purging / Archival: Once a file has been successfully picked up from the
inbound directory by CBEC’s IT Systems, it will be purged within an agreed
timeframe not later than 7 days.
Incident Response Protocol: Both the parties shall notify each other of intrusions,
attacks, or misuse of data. In the case of a security breach, both parties shall
coordinate their incident response activities.
Change Management
In the event of any updates to CBEC’s IT Security policy and procedures, the
corresponding update in the data exchange protocol shall be notified to the
International partner. Thereafter, the updated protocol shall be treated as a
Internal Page 28 of 44
Data Sharing policy V 0.1 Central Board of Excise and Customs
mandatory requirement for the data exchange between CBEC and the International
partner.
Any of above requirements can be modified through the approval of the Chief
Information Security Officer (CISO) of CBEC
Internal Page 29 of 44
Data Sharing policy V 0.1 Central Board of Excise and Customs
*Non-provision of the Tariff Head would lead to delay in provision of the data
Internal Page 30 of 44
Data Sharing policy V 0.1 Central Board of Excise and Customs
Signature........................
Name............................
Place..............................
Date..............................
-----------------------------------------------------------------------------------------------
For CBEC’s Internal Use
Internal Page 31 of 44
Data Sharing policy V 0.1 Central Board of Excise and Customs
1. All data requests to the Directorate of Systems should follow the following
process:
a. Head of the requesting agency should write to the CBEC providing the
details of the request like the purpose of the data request, data fields
required and the periodicity of the data sought. He would also appoint a
Single Point of Contact (SPoC) for their department who would interact
with the relevant officials of the DG Systems and convey his contact
information (address, telephone number, fax and official e-mail id on NIC
or other government domain) for further correspondence. Future separate
or supplemental data requests from the same office could be sent to
Directorate of Systems by the SPoC via either letter or e-mail.
4. In case the data retrieval is not feasible, then the requesting agency would be
immediately informed about the same.
5. Once the data has been retrieved/analysed, the data has to be shared with
the Project Manager (EDW Project), CBEC for review.
Internal Page 32 of 44
Data Sharing policy V 0.1 Central Board of Excise and Customs
6. After the review and corrections in the data, if any, the approval for sending
the data would be required in writing from the DG (Systems) through the
concerned ADG.
7. The data shall be sent only to the official e-mail ID of the SPoC (preferably
NIC) of the office requesting for data.
8. In case the data is large in size, the data shall be transferred to the
concerned officer via SFTP (secured File Transfer Protocol). The modality of
such SFTP will be governed by the methodology in Annex-D
9. Usually no data shall be extracted on a portable media (CD, pen drive etc.).
Exceptions to this rule may be considered only after approval by DG
(Systems).
10. All responses to the SPoC of the office requesting data after EDW Project
Manager’s approval shall be routed through the EDW helpdesk.
11. In case any data request by an External Agency is routed through a CBEC
office then it would be treated as an internal request and response to the
same would be sent to the concerned CBEC official.
13. The steps mentioned above shall be followed for all Data Requests received
from External Agencies. Any deviation from the same under exceptional
circumstances may only be made with the due approval of the DG (Systems).
Internal Page 33 of 44
Data Sharing policy V 0.1 Central Board of Excise and Customs
MEMORANDUM OF UNDERSTANDING
BETWEEN
&
___________________________________________________________
FOR
BETWEEN
AND
Internal Page 34 of 44
Data Sharing policy V 0.1 Central Board of Excise and Customs
Whereas It has been agreed that there needs to be a structured mechanism for
regular exchange of identified data fields between CBEC and _____________ for
_____________________ (purpose of signing the MoU) this Memorandum of
Understanding (MoU) is hereby executed by parties of the first and second part:
Article 1
Object and Scope
1.2 The MoU consists of the provisions set out as under and shall be
completed by the Annexures, which will form an integral part of this MoU
1.3 Unless otherwise agreed by the parties, the exchange of data shall be in
secure electronic mode.
Article 2
Definitions
For the purpose of the MoU, the following terms are defined as follows:
2.1 Transmitting Party: Party of the first or second part as the case may be,
which is providing data
2.2 Receiving Party: Party of the first or second part as the case may be, to
whom data is being provided.
2.3 Financial Year: A Financial Year is year in which income is earned and is a
period of twelve months commencing from 1 st April of a year to 31st March of the
following year.
Internal Page 35 of 44
Data Sharing policy V 0.1 Central Board of Excise and Customs
2.4 Assessment Year: Assessment year means the period of twelve months
commencing on 1st April every year and ending on 31st March of the next year
immediately following the Previous Year.
2.5 Business Day: A business day means any day except a Saturday, Sunday or
any gazetted public holiday at the location of the Receiving Party.
2.6 LTU: A LTU is self-contained tax office under the Department of Revenue
acting as a single window clearance point for all matters relating to Central
Excise, Income Tax/ Corporate Tax and Service Tax.
Article 3
Validity and Conformity
3.1 The MoU is valid for period of three years and will be effective from
____________ (Date).After the expiry of the validity, the MoU may be extended
by mutual consent of both parties
3.2 Each Party shall ensure that the data sent or received is in conformity with
the agreed formats and frequency as specified in Annexure
Article 4
Use of Exchanged Data in a Legal Proceeding
To the extent permitted by Indian law which may apply, the parties hereby agree
that in the event of the data so exchanged being required to be produced in a
court of law for a civil or criminal proceeding, the data relied upon shall be
substantiated by documentary evidence and other statutory documents as
applicable under the Customs Act, Central Excise Act, Service Tax Laws under
Finance Act 1994 and any other law for the time being in force.
Internal Page 36 of 44
Data Sharing policy V 0.1 Central Board of Excise and Customs
Article 5
Modality of Exchange and acknowledgement of receipt
5.3 The Receiving Party shall ensure that an acknowledgement is sent to the
transmitting Party within two business days of receipt of the data, unless an
alternative time limit has been mutually agreed.
5.4 The Receiving and Transmitting Parties shall both maintain a Date & Time
stamped record of the files transmitted and received.
Article 6
Security of Data Shared
6.2 Security procedures and measures may include the verification of origin,
the verification of integrity, the non-repudiation of origin and receipt and the
confidentiality of data shared. Where warranted, additional security
procedures and measures may be expressly specified and mutually agreed.
6.3 If the use of security procedures and measures results in the rejection of, or
in the detection of an error in the data shared, the receiver shall inform the sender
thereof, within the specified time limit.
Where a rejected or erroneous data is retransmitted by the sender, the data should
clearly state that it is a retransmission of corrected data.
Internal Page 37 of 44
Data Sharing policy V 0.1 Central Board of Excise and Customs
Article 7
Confidentiality and Saving
7.1 The parties shall ensure that data containing information specified to be
confidential by the sender or agreed mutually to be confidential between the parties,
are maintained in confidence and are not disclosed or transmitted to any
unauthorized persons nor used for any purposes other than those intended by the
parties.
7.2 Shared Data shall not be regarded as containing confidential information to the
extent that such information is in the public domain.
7.3 The parties may agree to use a specific form of protection for data such as a
method of encryption to the extent permitted by law.
7.4 A complete and chronological record of all shared data exchanged by the
parties shall be stored by each Party, unaltered and securely, in accordance with
the time limits and specifications prescribed by legislative requirements and in any
event, for the duration of the MoU.
7.5 Any organization/entity that receives data from CBEC under this policy
assumes all legal liability arising out of any precipitative action taken by such
organization/entity based on this data.
Article 8
Reciprocity Clause
8.1 The Government agencies, research organisations, etc seeking information/
data from CBEC would be bound to share data owned by them and requested of
them by CBEC should there be a requirement of the same. The reciprocity clause
would be made part of the MoU/Agreement that CBEC would be entering into with
the said agencies/ organisations for sharing data with them.
Internal Page 38 of 44
Data Sharing policy V 0.1 Central Board of Excise and Customs
Article 9
Operational requirements for Data Exchange
a. Operational equipment
The parties shall provide and maintain, the equipment, software and
services necessary to transmit, receive, record, process and store the data
shared.
b. Mode of communication
Article 10
Responsibilities of Parties
ii. Accord due priority and resources for timely completion of tasks related to
exchange of data.
iii. Establish a mechanism for resolving data quality issues, if any, within a
reasonable timeframe.
Internal Page 39 of 44
Data Sharing policy V 0.1 Central Board of Excise and Customs
iv. Establish a mechanism for periodic review of exchange of data and results
thereof.
Article 11
General Terms and Conditions
The Parties mutually agree that there exist no commercial considerations in respect
of this MoU.
11.2 Indemnification
CBEC and __________ agree to indemnify each other against consequential effects
arising out of steps taken under this MoU.
i. ___________ and CBEC shall not be liable for failure to meet obligations due
to Force Majeure.
ii. Force Majeure impediment is taken to mean unforeseen events, which occur
after signing of this MoU including but not limited to strikes, blockade, war,
mobilization, revolution or riots, natural disaster, acts of God, refusal of
license by State/Central Government authorities, in so far as such an event
prevents or delays the contractual Party from fulfilling its obligations.
iii. In case the Force Majeure conditions continue for more than 60 days, all the
Parties shall discuss the effect of such conditions on the MoU and mutually
decide the course of action to be followed.
Internal Page 40 of 44
Data Sharing policy V 0.1 Central Board of Excise and Customs
A Party to this MoU cannot be sued in any Court of Law for being unable to perform
as per the stipulations of the MoU due to circumstances beyond its control.
In the event of any dispute relating to or arising out of this MoU, such dispute shall
be resolved amicably by mutual consultation. If such resolution is not possible, then
the unresolved dispute or difference shall be referred to a committee consisting of
the Secretary (Revenue), Chairperson CBEC, _____________ and any member co-
opted by the other party, whose decision shall be binding on both Parties.
Either of the parties can terminate this MoU by giving three-month notice to each Party
as per mutually decided terms and conditions.
On expiry/termination of this MoU, any Party to the MoU shall not assume any
responsibility/liability in any form – technical, legal, financial etc for any eventual
consequences to the other Party, for events arising after such expiry/ termination.
IN WITNESS WHEREOF the parties have executed in duplicate on the day and year,
hereinafter indicated.
Internal Page 41 of 44
Data Sharing policy V 0.1 Central Board of Excise and Customs
Signature Signature
Name: Name:
Designation: Designation:
Dated : Dated:
Place: Place:
Signature Signature
Name: Name:
Designation: Designation:
Dated : Dated:
Place: Place:
Internal Page 42 of 44
Data Sharing policy V 0.1 Central Board of Excise and Customs
Internal Page 43 of 44
Data Sharing policy V 0.1 Central Board of Excise and Customs
Internal Page 44 of 44