For External Circulation

GUIDELINES FOR SEEKING

DATA

OCTOBER 17, 2019

Version 2
For External Circulation
 For External Circulation

Table of Contents
DEFINITIONS: ........................................................................................................................... 3

OVERVIEW ............................................................................................................................... 4

A. STEPS TO SEEK DATA ...................................................................................................................4

B. PROVISION TO SEEK EXTENSION FOR DATA RETENTION .................................................................5
C. PROVISION OF INSPECTION............................................................................................................5

ANNEXURE A: [INDICATIVE LIST OF SEBI DEPARTMENTS].............................................. 6

ANNEXURE B: [SAMPLE DATA SHARING REQUEST FORM]............................................... 8

ANNEXURE C: [UNDERTAKING OF CONFIDENTIALITY AND NON-DISCLOSURE] ...........11

ANNEXURE D : [FLOW OF CONTROL] ..................................................................................15

1|Page
For External Circulation

2|Page
 For External Circulation

Definitions:

1. Data- In the context of Data Sharing policy, Data consists of all the information both
structured and unstructured collected and reported in various databases of Securities and
Exchange Board of India (SEBI). Data refers to raw data only. Any kind of secondary data
are not to be considered as data under this policy.

2. Data Custodian- is the internal department of SEBI that collects, generates, processes
and holds the Data under their custody. They have deemed ownership over that Data
which is related to the function of their department.

3. Data Analytics Controller- Is a team or person who will supervise the process of
transmission of Data from Data Custodians to Data seeker in Clean Data Rooms/through
other approved media.

4. Data Seeker- are various educational, research institutions, and regulators etc. who
require data to undertake projects or research activities.

5. Data Expunging- is the process of removal of Data/completely deleting of data, when its
requirement no longer exists.

6. Data Anonymization- Data anonymization is a process of information sanitization to

protect the identity of the identifiers of data. It is the process of either encrypting or
removing identifiable information from data sets so that the identifiers, that the data is
describing remains anonymous.

3|Page
 For External Circulation

Guidelines to Seek data

Overview

Data Sharing Policy is framed to facilitate access to Data in SEBI to meet a variety of
requirements like to undertake Analytics projects, Research activities, and academic studies etc.
not only by internal departments of SEBI but also by various educational/research institutions
and other regulators. Data Sharing Policy is aimed at streamlining the process of Data sharing
and formalization of Data protection measures to prevent Data from misuse and unauthorized
access.
This policy is principles-based essentially to ensure a seamless process for sharing of Data.
Data Seekers are required to adhere to any relevant regulatory requirements, including those
relating to the ethical use of Data. As a general rule Data shared will be mostly historical,
anonymized and the Data seekers will be required to sign an undertaking of confidentiality and
non-disclosure. Data that are at least two years old will be shared under this policy.
The process to be followed while seeking data from SEBI is given below
A. Steps to Seek Data
The process flow defines all the necessary approvals that shall be needed prior to Data Sharing.
A diagrammatic representation is enclosed at Annexure – D.
a. To obtain the data, Data Seeker needs to fill up the “Data Seeking Request Form”
available at the SEBI website.
b. The seeking request form should be signed and approved by the Concerned Authority of
the Recipient institute.
c. A Sample of Data Seeking request form is enclosed at Annexure B.
d. Data Seeking Request Form will be sent to Data Analytics Controller through email
([email protected]) as well as through post.
e. After receiving the Data Seeking Request form and the subsequent approval as per
Delegation of Power, the Undertaking will be signed between the Data Analytics
Controller and the Recipient Institute.
f. After signing the undertaking, the Data will be shared through USB/ E-mail/
SFTP/approved media.
g. On Completion of Duration of project, Data Seeker needs to expunge the data.
h. The Data Seeker needs to send a confirmation to the Data Analytics Controller within 5
(five) days after the date of expunging the data as declared in the Data Seeking Request
Form.
i. There are certain provision of Data extension and Inspection mentioned in point B and C
respectively.

4|Page
 For External Circulation

B. Provision to seek extension for Data retention

As per the data sharing policy Data Seekers shall mention the duration of retention of
Data for the proposed project and subsequently expunge that Data from their systems
and inform SEBI. However, if the Data seeker needs an extension for expunging the Data
he/ she/they need to go through the following set of procedure.
i. Data seeker needs to place the request at least 20 days prior to date of expected
expunging of Data stating the reason of extension in detail to the Data Analytics
Controller.
ii. Data Analytics Controller is empowered to accept the request for extension for Data
retention for maximum one calendar month. For any period more than one-month Data
Seeker shall obtain required approvals from the concerned department which
approved the project.
iii. On rejection of extension request Data seeker shall expunge the Data as per the data
sharing policy and intimate Data Analytics Controller.
C. Provision of Inspection
During the period of Data usage i.e. the period between Data sharing and expunging,
Data Analytics Controller may visit/nominate a person to visit the Data Seeker and inspect
whether the Data seeker is abiding by the confidentiality norms and also ascertain the
Data provided is not misused or being used for purposes other than for which the approval
is granted. In case of any observed irregularity, appropriate action as per the prevalent
laws may be taken.

5|Page
 For External Circulation

Annexure A: [Indicative List of SEBI Departments]

1. CDMRD: Commodity Derivatives Market Regulation Department

2. CFD: Corporation Finance Department
3. DEPA: Department of Economic and Policy Analysis
4. DDHS: Department of Debt and Hybrid Securities
5. EFD: Enforcement Department
6. EAD: Enquiries and Adjudication Department
7. GSD: General Services Department
8. HRD: Human Resources Department
9. ITD: Information Technology Department
10. ISD: Integrated Surveillance Department
11. IVD: Investigations Department
12. IMD: Investment Management Department
13. LAD: Legal Affairs Department
14. MIRSD: Market Intermediaries Regulation and Supervision Department
15. MRD: Market Regulation Department
16. OIAE: Office of Investor Assistance and Education
17. FPI & C: Foreign Portfolio Investor and Custodians

6|Page
For External Circulation

7|Page
 For External Circulation
Control No:

Annexure B: [Sample Data Sharing Request Form]

DATA SEEKING REQUEST FORM

A: To Be Filled by Data Seeker (To be submitted at [email protected])
1. Institution/Regulator/SEBI Employee Name:
2. Website:
3. Authorized Signatory of Institute /Regulator:
4. Title of the Project/ activity for which the data is
required to be shared:
5. Objective/Purpose of the Project :#
[Indicate how the project will benefit the Market]
6. Area of Project/Activity *:
[Related to which department of SEBI (Refer
Annexure A)]
7. Contact Person Name:
8. Contact No:
9. Email Id:
(Official)
10. Type of data: (Enclose data structure)#
11. Period of data: From: DD/MM/YYYY
To: DD/MM/YYYY
12. Duration for which the data will be kept: (To date)
13. Mode of data transmission:
USB/ E-mail/ SFTP/Clean data rooms/other
approved media:
14. Do you wish to publish project report: Yes / No
15. Do you envisage any Conflict of Interest with
other organizations including SEBI w.r.t. to the
Data sought $
16. @a. Participating Institute Name:
b. Name:
c. Contact No.:
d. Email:
#please attach separate sheet where required.
Name:
Signature:
Date:

*Primary market, MFs/AIFs, Commodity Market , etc.

$ Data seeking organisations are required to inform SEBI if Conflict of Interest arises during the
period for which data is sought.

8|Page
 For External Circulation
Control No:

Terms and Condition

The data seeker is requested to submit the following two mandatory documents:
1. A covering letter containing the statement of proposal containing not less than 500 words.
2. A tabular format for the requested data clearly indicating the following:
a. Variables (on which data are requested). The variables have to be specific
b. The frequency of the data,
c. Period / span of data.
Unless all three documents are available, i.e. covering letter, data request form and
the tabular format for requested data, the request would not be accepted for
consideration.

For Official Use only:

B. Data Request Approved By (Data Custodian):
Name of the Designation Approval Date Office Note no.
Approver(as per
DoP)

C. Recommendations of Expert Committee

D. Project Approved By:(Department Name)

Name of the Department

Office Note no.(Copy)
Approver Signature

E. Data Extraction and Validation by(ITD):

9|Page
 For External Circulation

1. Data Extraction date:

2. Data Extracted by:

Name:

Designation:

Date:
3. Mode of Data Transfer:

F. Data Confirmation Before Transmission

ITD-CGM

Signature and Date

Name and designation

G. Confirmation of Data Expunge Date(ITD)

Date Expunge date:

(dd/mm/yyyy)

Confirmation sent to:

Signature:

Name and Designation:

10 | P a g e
 For External Circulation

Annexure C: [Undertaking of Confidentiality and Non-Disclosure]

UNDERTAKING OF CONFIDENTIALITY AND NON-DISCLOSURE

This has reference to the request made to Securities and Exchange Board of India (SEBI) by
<Recipient Organization through <Person Name> to undertake designated Project/Activity titled
<Title> Control No <control no>. In this context to ensure that the confidentiality of data is
maintained at all the times, it is required that an “Undertaking of confidentiality and non-
disclosure” is signed by <Recipient Organization> and <Person Name>.

Parties: “[<Recipient Institute>]” through <Recipient Official Name> (the Recipient Institute
name and Name of the Recipient) and “[SEBI through Data Analytics Controller]” (the
Discloser, as may be nominated by SEBI from time to time)

1. The Discloser on the request of the Recipient intends to share access to data records
(the Information) with the Recipient for the <Project Title> (The Project Title). The
Discloser will ensure all data to which access is shared with the Recipient is historical
data and adequately anonymized and in no way identifiable to a person. While adequate
care is taken to ensure the privacy of identity, in case Recipient, who has sought access
to data stumbles upon such identity implicitly, they should maintain it in confidence.

2. The Recipient undertakes not to use the Information for any purpose except the stated
Purpose. The Source of information would be adequately acknowledged in the research
report/paper, if any, published by the Recipient using the information accessed from the
Discloser.

3. The Recipient undertakes to keep the Information secure and not to disclose or allow
access in any way to any third party and shall maintain its confidentiality in accordance
with the terms of this undertaking and as per the law applicable from time to time. The
Recipient shall ensure that all data collected, maintained and analyzed by it, are at all
times kept secure and fully and effectively protected against unauthorized access or
discloser or transmission by accidental or intentional destruction, loss or damage. The
Recipient shall adopt and implement appropriate technical and organization security
measures to protect data from any kind of unauthorized access by any person including
its own employees and would be liable in case of any breach of confidentiality.

4. The undertakings in clauses 2 and 3 above shall apply to all of the Information disclosed
by the Discloser to the Recipient, regardless of the way or form in which it is disclosed or
recorded but they would not apply to:

a) any information which is or in future comes into the public domain (unless as a result
of the breach of this Undertaking); or

b) Any information which is already in the public domain.

11 | P a g e
 For External Circulation

5. The Recipient shall, at any time on request from the Discloser, return all copies and
records of the Information to the Discloser and shall not retain any copies or records of
the Information. Any data kept in the computer systems in any format by all the user shall
be erased and a confirmation sent to the Discloser, on or before the date as intimated by
the discloser.

6. Neither this Agreement nor the supply of any information grants the Recipient any license,
interest or right in respect of any intellectual property rights of the Discloser except the
right to access and use the Information solely for the stated purpose.

7. In case, the Recipient is an organization, it shall obtain the similar undertaking (for their
records) with all the authorized users of the data. The Recipient shall disclose the details
of all the users of data of the Recipient organization to the discloser. Any
misuse/unauthorized use of information by any of the users of data shall render the
Recipient liable under law.

8. The undertakings in clauses 2 and 3 will continue in force indefinitely till such time the
confirmation is given under clause 5.The Recipient assumes all legal liability arising out
of any precipitative action taken by such Recipient based on the data provided by the
Discloser.

9. The Recipient agrees to allow and co-operate with SEBI officials during inspection
undertaken to ensure appropriate usage of data or derivative thereof and the Recipient
shall abide all the directions/instructions given by the Discloser as regards the usage of
the data or derivative(e.g. published paper, training material etc.) thereof.

10. The Recipient agrees that in case it fails to maintain confidentiality of data or fails to abide
by any clause of this undertaking or is found indulging in any kind of irregularity with
regard to data usage or provides false/misleading information, the Recipient shall be
solely responsible and liable for all actions as per law prevalent at the relevant point of
time (Including the law which may came into force after signing this undertaking). Further,
the Recipient shall be liable to make good of any loss/damage caused to the Discloser
for any unauthorized use/misuse of the information by the Recipient and shall keep the
Discloser (and SEBI) indemnified for the same.

12 | P a g e
 For External Circulation

Data Analytics Recipient

Controller
Authorizing Recipient Person
(On Behalf of SEBI) Person (Representing the
(Representing the Institute)
Institute)

Name

Signature

Designation

Date

13 | P a g e
For External Circulation

14 | P a g e
 For External Circulation

Annexure D: [Flow of Control]

DATA SHARING POLICY FLOW OF CONTROL

Data Sharing Policy

ShariShaSharing
Classes of Data to Be Shared

Internal Data Public Data

Request for Data as Data Available On SEBI Website

Per Annxeure B

Data Analytics Controller

Email: [email protected]

Approval of project by relevant Department as per the DoP

[Refer Annexure A]

Data Analytics Controller

Email: [email protected]

Undertaking and NDA as per Annexure C

Transmission of Data

Expunge Data after Usage and Send Confirmation

15 | P a g e