Tax Management India. Com
                        Law and Practice: A Digital eBook ...

Category of Documents

TMI - Tax Management India. Com
Case Laws Acts Notifications Circulars Classification Forms Manuals SMS News Articles
Highlights
D. Forum
What's New

Share:      

        Home        
 
Article Section
Home Articles Other Topics Mr. M. GOVINDARAJAN Experts This
← Previous Next →

DIGITAL LOCKERS

Submit New Article

Discuss this article

DIGITAL LOCKERS
By: Mr. M. GOVINDARAJAN
November 16, 2019
All Articles by: Mr. M. GOVINDARAJAN       View Profile
  • Contents

Rules for digital locker

  • The Central Government vide Notification No. GSR 711 (E), dated 21.07.2016 made the Information Technology (Preservation and Retention of Information by Intermediaries Providing Digital Locker Facilities) Rules, 2016 (‘Rule’ for short) for the purpose of preservation and retention of information by intermediaries providing digital lockers.

Digital locker

  • Rule 2(1)(g) defines the expression ‘digital locker’ as a service of preservation, retention of electronic records by the subscriber and delivery of electronic records to the subscriber. 
  • It is web and mobile based system to provide access to issued documents and electronic storage to all users.   Digital Locker System is an application based system that provides Digital Locker services to the users with the help of authorized service providers.

Digital locker system

  • For the purpose of providing preservation and retention of machine readable, printable, shareable, verifiable and secure State or Central Department or agency or body corporate issued electronic records, the Government and other service providers to provide a digital locker system of limited electronic storage to all users. 
  • The digital locker system shall act as web and mobile based portal for State or Central Department or agency or body corporate issued electronic records maintained in a prescribed format.
  • Any individual who is a resident in India shall be able to open and gain access to digital locker portal after submitting the proper application to the authorized digital locker service provider.
  • The digital locker system shall be supported by the following  depository locker service providers-
  • Digital Locker Portals;
  • Repositories; and
  • Access Gateways.

Digital locker portal

  • Any individual may obtain the services of the licensed or empanelled digital locker service providers for accessing the locker, gateways and repository services using web or mobile based digital locker portal.
  • Digital locker portal shall provide access to repositories and access gateways for issuers to issue and requesters to access digitally signed or equivalently authenticated electronic records respectively in a uniform way in real time.

Digital locker directory

  • Digital locker directory is a web page managed by the Government or Digital Locker Authority for registration and providing details of registered locker providers, issuers, repositories and access gateways providers.
  • The digital locker directory shall provide the following details-
  • registration facility for issuers, requesters, locker providers, repository providers  and gateway providers;
  • issuer ID, requester ID, gateway ID and repositories;
  • standards, application forms and other particulars;
  • electronic workflow to request, approve and publish new ID for new issuers, gateways and repositories; and
  • any other information as prescribed by the Government.

Location of the digital locker system

  • The infrastructure associated with all functions of digital locker systems as well as maintenance of directories containing information about the status of digital locker system shall be installed at any location within India.

Use of digital locker system

  • The digital locker system shall be utilized by the subscriber to-
  • access and register for digital locker on the web or mobile based digital locker portal;
  • upload documents, digitally sign the uploaded documents in digital locker as provided by the digital locker service provider;
  • access documents from issuers using the document URI’s (Uniform Resource Identifier)  available in the digital locker account;
  • grant access to the requester to access State or Central Department or agency or body corporate issued records by providing unique document URI; and
  • take consent from subscribers to access documents available in subscriber’s digital locker account.
  • The digital locker system shall be utilized by the issuer to-
  • register on the digital locker directory;
  • issue new digital records in the format as prescribed by the appropriate Government;
  • provider older digitized records to the subscriber, which are verifiable, shareable, accessible and printable;
  • gives consent to any other digital locker service  provider to gain access to his documents;
  • choose own repository or a repository from authorized repository service provider as issuer repository to preserve and retain issued records;
  • use the integration  interfaces, to either-
  • push URI to digital locker; to push the URI’s of all the records available in their repositories so that the same can be displayed to the subscriber that the issuer has the following documents linked to the subscriber’s account;
  • pull URI to allow the subscriber to query the issuer repository by providing subscriber’s identifier applicable  to issuer organization to enable issuer to provide the URI’s of all the records that are linked to the identifiers submitted by the subscriber.
  • The digital locker system shall be utilized by the requester to-
  • register on the digital locker directory;
  • access documents uploaded by the subscriber on the digital locker portal;
  • use authorized gateway providers to access documents stored across repositories;
  • access subscriber’s State or Central Government or agency or body corporate issued  documents based on the URI; and
  • take consent from subscriber to access documents available in subscriber’s digital locker account.

Issuing certificates in Digital Locker System

  • The issuers may issue and the requesters may accept digitally signed certificates or documents shared from Subscribers’ digital locker accounts at par with the physical documents in accordance with the provisions of the Act or the rules made there under.
  • When such certificate or document has been issued or pushed in the digital locker system by an issuer and subsequently accessed or accepted by a requester through URI, it shall be deemed to have been shared by the issuer directly in electronic form.
  • If the links of the issued certificates or documents take the requester to the single source of truth, such as issuer repositories, automatic verification happens.

Digital locker service provider

  • Digital locker service provider is an intermediary including a body corporate or an agency of the appropriate Government, as may be notified by the Government, to provide digital locker, access gateways and repository facilities electronically in accordance with this rule.
  • Every digital locker service provider shall ensure that every person employed or otherwise engaged or associated with it complies, in the course of such employment or engagement, with the provisions of the Act, rules, regulations and orders made there under.
  • Every digital locker service provider shall publish on its website the name of grievance officer  and his contact details as well as mechanisms by which any users or aggrieved person who suffers or aggrieved who suffers as a result of-
  • access or usage of digital locker or digital locker system by any unauthorized person; or
  • violation of authorizing terms; or
  • any other complaints not cover above

may notify their complaints against such access or usages or violation of licensing terms to such grievance officer.

The grievance officer shall redress the complaint within one month from the date of receipt of the complaint.

  • Any aggrieved person may appeal to the Digital Locker Authority within 15 days from the date of receipt of the order.
  • The digital locker service provider shall get his operations audited annually by an auditor and such audit shall include-
  • security policy and planning;
  • physical security;
  • technology evaluation;
  • digital locker service provider’s administration;
  • relevant digital locker practice statement;
  • compliance to relevant digital locker practice statement;
  • contracts or agreements; and
  • policy requirements as may be required under these rules.
  • The digital locker service provider shall conduct yearly audit of-
    • the security policy, physical security and planning of its operations;
    • systems and all associated interfaces, systems, tools and processes.
  • The digital locker service provider shall submit copy of each audit report to the Government or digital locker authority within 4 weeks of the completion of such audit and where irregularities are found, the digital locker service provider shall take immediate appropriate action to remove such irregularities.
  • The digital locker service provider shall observe and maintain reasonable security practices as mandated under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.
  • The digital locker service provider shall observe and maintain Information Technology Security Guidelines as mandated under Schedule II of the Information Technology (Certifying Authorities) Rules, 2000.

Digital locker account

  • Every subscriber shall exercise reasonable care to retain control of digital locker account credentials and take all steps to prevent its disclosure.
  • If the same has been compromised then the subscriber shall communicate the same without delay to the digital locker service provider in such manner as may be specified in the regulation.
  • The subscriber shall be liable till he has informed the digital locker service provider that the digital locker account credentials have been compromised.
  • The digital locker service provider shall provide digital locker services to subscribers with the facility to port their account to any other digital locker service provider and shall-
  • observe data retention and migration guidelines as notified by DeitY;
  • make reasonable efforts to ensure that the portability services provided to the subscribers with minimal service disruption; and
  • refund reasonable fee back to subscriber, not exceeding any fee or service charges by the service provider to the subscriber.

Digital Locker Authority

Rule 3 provides that the Government shall appoint the ‘Digital Locker Authority’ (‘Authority’ for short) to establish, administer and manage digital locker system to perverse and retain information for efficient delivery of services to the users through digital locker system.  The following are the functions of the Authority-

  • to call for applications from the Digital Locker Service Providers  and grant them licences subject to the eligibility criteria and other requirements identified by the Authority;
  • to call for applications from the Repository Service Providers and empanel them subject to the eligibility criteria and other requirements identified by the Authority;
  • to specify the terms and conditions for renewal, surrender, suspension and revocation of licences given to the Digital Locker Service Providers or empanelment of Repository Service Providers and carry out the same;
  • to maintain a digital locker directory to provide-
  • registration  facility for issuers, requesters, locker providers and repository providers;
  • issuer (name, ID, registration date, contact details), requester id (name, ID, registration date, contact details);
  • standards, application forms and other particulars;
  • electronic workflow to request, approve and publish new ID for new issuers and the repositories; and
  • any other information as prescribed by the Government;
  • to prepare and notify applicable standards, guidelines and specifications;
  • to lay down the duties of digital locker service providers  and repository service providers;
  • to exercise supervision over the activities of the digital locker service providers and repository service providers;
  • to specify the conditions subject to which the digital locker service providers and repository service providers shall conduct their businesses;
  • to specify the conditions under which documents from issuers are made available to digital locker service providers and/or  repository service providers;
  • to specify the conditions under which documents accessed by the requesters are made available to the digital locker service providers;
  • to specify the form and manner in which accounts shall be maintained by the digital locker service provider;
  • to specify the terms and conditions subject to which auditors may be appointed;
  • to specify the terms and conditions subject to which digital locker account may be suspended  or revoked;
  • to specify the manner in which the service provider shall conduct their dealings with the subscribers;
  • to notify the fee or service charges that digital locker service providers may charge to the subscribers  for opening the digital locker accounts;
  • to resolve any grievances/conflict of interests among the service providers  and between the service providers and the subscribers; and
  • any other functions as may be notified by the MeitY from time to time.

Confidential information

  • The following information shall be treated as ‘confidential’-
  • Digital Locker Account Application;
  • Digital Locker Information collected from the subscriber or elsewhere as part of the registration;
  • Subscriber agreement;
  • Digital locker contents;
  • Document URI; and
  • Any other information as may be notified by the DeitY.
  • The access to confidential information shall be subject to the provisions of the Act and rules made there under.
  • The access to confidential information by the employees of the digital locker service provider shall be on a ‘need to know’ and ‘need to use’ basis.
  • The process of maintaining confidential information has to be included in the digital locker practice statement.
  • The backup of all information shall be kept offsite in the disaster recovery facility.
  • The confidential information shall not be realized and preserved out of India.

 

By: Mr. M. GOVINDARAJAN - November 16, 2019

 

Discussions to this article

 

Dr.M.Govindarajan Ji,

Read your article. Thanks for enrichment of my knowledge. You are an all-rounder. You have passion for hard work and knowledge. Never seen such hard worker and knowledgeable person.

By: KASTURI SETHI
Dated: 17/11/2019

Thank you Sethi sir

By: DR.MARIAPPAN GOVINDARAJAN
Dated: 17/11/2019

 

Discuss this article

 
← Previous Next →

|| Home || About us || Feedback || Contact us || Disclaimer || Terms of Use || Privacy Policy || Database || Members || Refer Us ||

© Taxmanagementindia.com [A unit of MS Knowledge Processing Pvt. Ltd.] All rights reserved.
|| Blog || Site Map - Recent || Site Map || ||