1. Purpose

This policy outlines the principles and procedures for ensuring the privacy, integrity, and security of digital information and IT systems at ICAR-CIAE, Bhopal. It ensures compliance with relevant national standards and promotes responsible use of digital resources within the Institute.

2. Scope

• All employees, research fellows, and consultants
• Contractual workers and interns using CIAE’s IT resources
• All data generated, stored, processed, or accessed through the Institute’s digital systems

3. Data Classification

• Public: Open for public access (e.g., publications, newsletters)
• Internal: Restricted to CIAE personnel (e.g., project data, reports)
• Confidential: Sensitive data requiring strict access control (e.g., personal records, financial data)

4. Data Privacy Guidelines

• Personal Data: Must be collected only for legitimate research or administrative purposes, with consent where required.
• Data Minimization: Only the minimum necessary personal or sensitive data should be collected.
• Access Control: Access to sensitive or confidential data must be role-based and reviewed regularly.
• Anonymization: Wherever possible, personal identifiers should be removed from research datasets before sharing or analysis.

5. Data Safety Measures

• Secure Storage: All important files must be stored on Institute-approved servers or cloud platforms with proper backups.
• Backups: Regular data backups must be maintained in secure, isolated storage.
• Antivirus & Firewalls: All systems should have updated antivirus and be behind institutional firewalls.
• Patch Management: All operating systems and software should be regularly updated with the latest security patches.

6. User Responsibilities

• Use strong, unique passwords and not share them
• Avoid unauthorized software installation
• Report any suspected data breaches or suspicious activity
• Refrain from using institutional IT resources for personal commercial use

7. Third-Party Access

• Sign a Non-Disclosure Agreement (NDA)
• Follow all CIAE security and privacy protocols

8. Incident Response

• Investigate and mitigate data breaches or cyber incidents
• Notify stakeholders as per government norms
• Document incidents for future prevention

9. Compliance

This policy follows guidelines under:

• Information Technology Act, 2000 (India)
• ICAR Data Management Policy
• GIGW (Guidelines for Indian Government Websites)

Non-compliance may result in disciplinary action including termination of access, job suspension, or legal proceedings, depending on severity.

10. Review and Updates

This policy will be reviewed annually or upon any major technological or legal change. Suggestions from staff and IT stakeholders are welcome.