Article 1 In order to ensure the security of public *** data, promote and standardize the use of public *** data, in accordance with the "Cybersecurity Law of the People's Republic of China" and "Zhejiang Province Public *** Data These regulations are formulated based on the actual situation of this city. Article 2 These regulations shall apply to the security management activities of public data within the administrative region of this city. If laws, regulations and rules of the Zhejiang Provincial People's Government provide otherwise, such provisions shall prevail.
The “public data” referred to in these regulations refers to administrative agencies and public institutions that perform public data management and service functions (hereinafter collectively referred to as public data management and service agencies) when they perform their functions in accordance with the law. Various data resources obtained during the course of responsibilities. Article 3: Public data security management shall adhere to the principles of government leadership, comprehensive prevention, privacy protection, and balanced development.
Public data security management should run through the entire life cycle of public data collection, collection, cleaning, sharing, opening, use, transmission and destruction. Article 4: The municipal big data development and management department is the department in charge of public data security management in this city and is responsible for the organization, coordination, overall planning, supervision and management of public data security in this city. The big data development management department determined by the district, county (city) people's government is the department in charge of public data security management within its administrative region, and is responsible for the relevant supervision and management of public data security.
City, district, county (city) network information, public security, communications, confidentiality, password management and other departments shall do a good job in the supervision and management of public data security in accordance with their respective responsibilities. Article 5 Public security management and service agencies shall assume the main responsibility for the security management of public security data within the scope of their duties and perform the following duties:
(1) Clarify the organization and personnel responsible for security management of the organization , Responsible for the security management of public data;
(2) Prepare the organization’s public data directory, clarify the sharing and open attributes of data, and implement a classified and hierarchical management system;
(3) Formulate the organization’s public data security management system and operating procedures, and implement a network security level protection system;
(4) Take measures to prevent computer viruses and behaviors that endanger network security, logs Technical measures such as recording and monitoring, data backup and encryption, and regular public data security risk assessments:
(5) Formulate public data security emergency response plans and organize regular emergency drills;< /p>
(6) When a data security incident occurs, immediately take disposal measures and promptly report to the public security organs and other departments;
(7) Carry out the organization’s public *** data service outsourcing activities Security review;
(8) Regularly carry out public data security education and technical training;
(9) Other public data security management work. Article 6 Public administration and service agencies shall collect all types of data in compliance with the principles of legality, necessity, and legitimacy; without legal or regulatory basis, relevant data of citizens, legal persons, and other organizations shall not be collected; collection of public data shall be Data collection shall be limited to the necessary scope and shall not exceed the company's management and service needs. Data that can be obtained through sharing shall not be collected repeatedly.
Public data management and service agencies shall take necessary security protection measures for the environment, facilities, networks, systems, etc. for data collection, and shall not use private equipment to collect public data. Article 7 Unless otherwise provided by laws and regulations, if personal information is involved when collecting public data, public security management and service agencies shall inform them of the purpose, method and scope of collection.
Unless otherwise provided by laws and regulations, public security management and service agencies that set up data collection facilities and equipment to collect information in public security places shall set up obvious signs.
Individuals can check or copy the data involving their personal information from the public administration and service agencies. If errors are found, they have the right to raise objections and require the public administration and service agencies to make corrections in a timely manner. necessary measures. Article 8 Public security management and service agencies shall abide by the following regulations during the process of public security data processing:
(1) The original data shall not be changed without the consent of the data providing unit or the person being collected. value;
(2) The data obtained or the conclusions drawn during the process of public data aggregation and mining may be confidential or sensitive, or may endanger national security, national interests, or public security. If there are any interests, a security risk assessment should be conducted.
Public government management and service agencies shall not externally use or disseminate the data obtained or the conclusions drawn in Item 2 of the preceding paragraph. Article 9 Public data management and service agencies shall classify public data according to its sharing attributes into unconditional sharing, restricted sharing, and non-sharing. And implement hierarchical management. Among them, a negative list management system is implemented for non-private public data, which will be formulated separately by the municipal big data development management department in conjunction with relevant departments. Article 10: Public data management and service agencies shall classify public data into unconditional open categories, restricted open categories and prohibited open categories according to their open attributes, and implement hierarchical management.
If public security management and service agencies plan to open public security data to the outside world, they must conduct a security risk assessment in accordance with regulations.
Citizens, legal persons and other organizations that believe that open public data infringes on their business secrets, personal privacy and other legitimate rights and interests have the right to request public data management that provides open public data services. and service agencies suspend and withdraw open data in accordance with regulations. Article 11 Public security data obtained by public security management and service agencies through public sharing shall not be used for other purposes except for the performance of the agency's duties.
Public data management and service agencies should take necessary technical control measures such as electronic signatures, authority control, access control, and log auditing to ensure that public data is safe, controllable, and traceable during use.
Encourage universities, scientific research institutions and market entities to carry out technical research on data security and privacy protection to improve the level of security management of public data use.