Definitions:
1. Data- In the context of Data Sharing policy, Data consists of all the information both structured and unstructured collected and reported in various databases of Securities and Exchange Board of India (SEBI). Data refers to raw data only. Any kind of secondary data are not to be considered as data under this policy.
2. Data Custodian- is the internal department of SEBI that collects, generates, processes and holds the Data under their custody. They have deemed ownership over that Data which is related to the function of their department.
3. Data Analytics Controller- Is a team or person who will supervise the process of transmission of Data from Data Custodians to Data seeker in Clean Data Rooms/through other approved media.
4. Data Seeker- are various educational, research institutions, and regulators etc. who require data to undertake projects or research activities.
5. Data Expunging- is the process of removal of Data/completely deleting of data, when its requirement no longer exists.
6. Data Anonymization- Data anonymization is a process of information sanitization to protect the identity of the identifiers of data. It is the process of either encrypting or removing identifiable information from data sets so that the identifiers, that the data is describing remains anonymous.
Guidelines to Seek data
Overview
Data Sharing Policy is framed to facilitate access to Data in SEBI to meet a variety of requirements like to undertake Analytics projects, Research activities, and academic studies etc. not only by internal departments of SEBI but also by various educational/research institutions and other regulators. Data Sharing Policy is aimed at streamlining the process of Data sharing and formalization of Data protection measures to prevent Data from misuse and unauthorized access.
This policy is principles-based essentially to ensure a seamless process for sharing of Data. Data Seekers are required to adhere to any relevant regulatory requirements, including those relating to the ethical use of Data. As a general rule Data shared will be mostly historical, anonymized and the Data seekers will be required to sign an undertaking of confidentiality and non-disclosure. Data that are at least two years old will be shared under this policy.
The process to be followed while seeking data from SEBI is given below
A. Steps to Seek Data
The process flow defines all the necessary approvals that shall be needed prior to Data Sharing. A diagrammatic representation is enclosed at Annexure – D.
a. To obtain the data, Data Seeker needs to fill up the “Data Seeking Request Form” available at the SEBI website.
b. The seeking request form should be signed and approved by the Concerned Authority of the Recipient institute.
c. A Sample of Data Seeking request form is enclosed at Annexure B.
d. Data Seeking Request Form will be sent to Data Analytics Controller through email ([email protected]) as well as through post.
e. After receiving the Data Seeking Request form and the subsequent approval as per Delegation of Power, the Undertaking will be signed between the Data Analytics Controller and the Recipient Institute.
f. After signing the undertaking, the Data will be shared through USB/ E-mail/SFTP/approved media.
g. On Completion of Duration of project, Data Seeker needs to expunge the data.
h. The Data Seeker needs to send a confirmation to the Data Analytics Controller within 5 (five) days after the date of expunging the data as declared in the Data Seeking Request Form.
i. There are certain provision of Data extension and Inspection mentioned in point B and C respectively.
B. Provision to seek extension for Data retention
As per the data sharing policy Data Seekers shall mention the duration of retention of Data for the proposed project and subsequently expunge that Data from their systems and inform SEBI. However, if the Data seeker needs an extension for expunging the Data he/ she/they need to go through the following set of procedure.
i. Data seeker needs to place the request at least 20 days prior to date of expected expunging of Data stating the reason of extension in detail to the Data Analytics Controller.
ii. Data Analytics Controller is empowered to accept the request for extension for Data retention for maximum one calendar month. For any period more than one-month Data Seeker shall obtain required approvals from the concerned department which approved the project.
iii. On rejection of extension request Data seeker shall expunge the Data as per the data sharing policy and intimate Data Analytics Controller.
C. Provision of Inspection
During the period of Data usage i.e. the period between Data sharing and expunging, Data Analytics Controller may visit/nominate a person to visit the Data Seeker and inspect whether the Data seeker is abiding by the confidentiality norms and also ascertain the Data provided is not misused or being used for purposes other than for which the approval is granted. In case of any observed irregularity, appropriate action as per the prevalent laws may be taken.
Annexure A: [Indicative List of SEBI Departments]
1. CDMRD: Commodity Derivatives Market Regulation Department
2. CFD: Corporation Finance Department
3. DEPA: Department of Economic and Policy Analysis
4. DDHS: Department of Debt and Hybrid Securities
5. EFD: Enforcement Department
6. EAD: Enquiries and Adjudication Department
7. GSD: General Services Department
8. HRD: Human Resources Department
9. ITD: Information Technology Department
10. ISD: Integrated Surveillance Department
11. IVD: Investigations Department
12. IMD: Investment Management Department
13. LAD: Legal Affairs Department
14. MIRSD: Market Intermediaries Regulation and Supervision Department
15. MRD: Market Regulation Department
16. OIAE: Office of Investor Assistance and Education
17. FPI & C: Foreign Portfolio Investor and Custodians
Annexure B: [Sample Data Sharing Request Form]
DATA SEEKING REQUEST FORM
A: To Be Filled by Data Seeker (To be submitted at [email protected])
| 1. | Institution/Regulator/SEBI Employee Name: | |
| 2. | Website: | |
| 3. | Authorized Signatory of Institute /Regulator: | |
| 4. | Title of the Project/ activity for which the data is required to be shared: | |
| 5. | Objective/Purpose of the Project :#
[Indicate how the project will benefit the Market] |
|
| 6. | Area of Project/Activity *:
[Related to which department of SEBI (Refer Annexure A)] |
|
| 7. | Contact Person Name: | |
| 8. | Contact No: | |
| 9. | Email Id: (Official) |
|
| 10. | Type of data: (Enclose data structure)# | |
| 11. | Period of data: | From: DD/MM/YYYY To: DD/MM/YYYY |
| 12. | Duration for which the data will be kept: (To date) | |
| 13. | Mode of data transmission:
USB/E-mail/SFTP/Clean data rooms/other |
|
| 14. | Do you wish to publish project report: | Yes / No |
| 15. | Do you envisage any Conflict of Interest with other organizations including SEBI w.r.t. to the Data sought $ | |
| 16. | a. Participating Institute Name: | |
| b. Name: | ||
| c. Contact No.: | ||
| d. Email: |
#please attach separate sheet where required.
Name:
Signature:
Date:
*Primary market, MFs/AIFs, Commodity Market , etc.
$ Data seeking organisations are required to inform SEBI if Conflict of Interest arises during the period for which data is sought.
Terms and Condition
The data seeker is requested to submit the following two mandatory documents:
1. A covering letter containing the statement of proposal containing not less than 500 words.
2. A tabular format for the requested data clearly indicating the following:
a. Variables (on which data are requested). The variables have to be specific
b. The frequency of the data,
c. Period/span of data.
Unless all three documents are available, i.e. covering letter, data request form and the tabular format for requested data, the request would not be accepted for consideration.
For Official Use only:
B. Data Request Approved By (Data Custodian):
| Name of the Approver(as per DoP) | Designation | Approval Date | Office Note no. |
C. Recommendations of Expert Committee
D. Project Approved By:(Department Name)
| Name of the Department | |
| Office Note no. (Copy) | |
| Approver Signature |
E. Data Extraction and Validation by(ITD):
| 1. Data Extraction date: | |
| 2. Data Extracted by:
Name: Designation: Date: |
|
| 3. Mode of Data Transfer: |
F. Data Confirmation Before Transmission
| ITD-CGM | |
| Signature and Date | |
| Name and designation |
G. Confirmation of Data Expunge Date (ITD)
| Date Expunge date: (dd/mm/yyyy) |
|
| Confirmation sent to:
Signature: Name and Designation: |
Annexure C: [Undertaking of Confidentiality and Non-Disclosure]
UNDERTAKING OF CONFIDENTIALITY AND NON-DISCLOSURE
This has reference to the request made to Securities and Exchange Board of India (SEBI) by <Recipient Organization through <Person Name> to undertake designated Project/Activity titled <Title> Control No <control no>. In this context to ensure that the confidentiality of data is maintained at all the times, it is required that an “Undertaking of confidentiality and nondisclosure” is signed by <Recipient Organization> and <Person Name>.
Parties: “[<Recipient Institute>]” through <Recipient Official Name> (the Recipient Institute name and Name of the Recipient) and “[SEBI through Data Analytics Controller]” (the Discloser, as may be nominated by SEBI from time to time)
1. The Discloser on the request of the Recipient intends to share access to data records (the Information) with the Recipient for the <Project Title> (The Project Title). The Discloser will ensure all data to which access is shared with the Recipient is historical data and adequately anonymized and in no way identifiable to a person. While adequate care is taken to ensure the privacy of identity, in case Recipient, who has sought access to data stumbles upon such identity implicitly, they should maintain it in confidence.
2. The Recipient undertakes not to use the Information for any purpose except the stated Purpose. The Source of information would be adequately acknowledged in the research report/paper, if any, published by the Recipient using the information accessed from the Discloser.
3. The Recipient undertakes to keep the Information secure and not to disclose or allow access in any way to any third party and shall maintain its confidentiality in accordance with the terms of this undertaking and as per the law applicable from time to time. The Recipient shall ensure that all data collected, maintained and analyzed by it, are at all times kept secure and fully and effectively protected against unauthorized access or discloser or transmission by accidental or intentional destruction, loss or damage. The Recipient shall adopt and implement appropriate technical and organization security measures to protect data from any kind of unauthorized access by any person including its own employees and would be liable in case of any breach of confidentiality.
4. The undertakings in clauses 2 and 3 above shall apply to all of the Information disclosed by the Discloser to the Recipient, regardless of the way or form in which it is disclosed or recorded but they would not apply to:
a) any information which is or in future comes into the public domain (unless as a result of the breach of this Undertaking); or
b) Any information which is already in the public domain.
5. The Recipient shall, at any time on request from the Discloser, return all copies and records of the Information to the Discloser and shall not retain any copies or records of the Information. Any data kept in the computer systems in any format by all the user shall be erased and a confirmation sent to the Discloser, on or before the date as intimated by the discloser.
6. Neither this Agreement nor the supply of any information grants the Recipient any license, interest or right in respect of any intellectual property rights of the Discloser except the right to access and use the Information solely for the stated purpose.
7. In case, the Recipient is an organization, it shall obtain the similar undertaking (for their records) with all the authorized users of the data. The Recipient shall disclose the details of all the users of data of the Recipient organization to the discloser. Any misuse/unauthorized use of information by any of the users of data shall render the Recipient liable under law.
8. The undertakings in clauses 2 and 3 will continue in force indefinitely till such time the confirmation is given under clause 5.The Recipient assumes all legal liability arising out of any precipitative action taken by such Recipient based on the data provided by the Discloser.
9. The Recipient agrees to allow and co-operate with SEBI officials during inspection undertaken to ensure appropriate usage of data or derivative thereof and the Recipient shall abide all the directions/instructions given by the Discloser as regards the usage of the data or derivative(e.g. published paper, training material etc.) thereof.
10. The Recipient agrees that in case it fails to maintain confidentiality of data or fails to abide by any clause of this undertaking or is found indulging in any kind of irregularity with regard to data usage or provides false/misleading information, the Recipient shall be solely responsible and liable for all actions as per law prevalent at the relevant point of time (Including the law which may came into force after signing this undertaking). Further, the Recipient shall be liable to make good of any loss/damage caused to the Discloser for any unauthorized use/misuse of the information by the Recipient and shall keep the Discloser (and SEBI) indemnified for the same.
| Data Analytics Controller (On Behalf of SEBI) | Recipient | ||
| Authorizing Person (Representing the Institute) |
Recipient Person (Representing the Institute) |
||
| Name | |||
| Signature | |||
| Designation | |||
| Date | |||
Annexure D: [Flow of Control]
DATA SHARING POLICY FLOW OF CONTROL
