Article 1 In order to ensure the security of public data, promote and standardize the use of public data, these Provisions are formulated in accordance with the Cyber Security Law of the People's Republic of China, the Measures for the Administration of Public Data and E-government in Zhejiang Province, and the Interim Measures for the Administration of Public Data Openness and Security in Zhejiang Province, combined with the actual situation of this Municipality. Article 2 These Provisions shall apply to the safety management activities of public data within the administrative area of this Municipality. Where laws, regulations and rules of Zhejiang Provincial People's Government provide otherwise, such provisions shall prevail.

The term "public * * * data" as mentioned in these Provisions refers to all kinds of data resources obtained by administrative organs and institutions performing public * * * management and service functions (hereinafter referred to as public * * * management and service institutions) in the process of performing their duties according to law. Article 3 The security management of public data shall adhere to the principles of government leading, comprehensive prevention, privacy protection and development promotion.

Public data security management should run through the whole life cycle of public data collection, collection, cleaning, sharing, opening, use, transmission and destruction. Article 4 The municipal big data development management department is the competent department of public data security management in this Municipality, and is responsible for the organization, coordination, overall planning, supervision and management of public data security in this Municipality. The big data development management department determined by the county (city) people's government is the competent department of public data security management within its administrative region, and is responsible for the relevant supervision and management of public data security.

City, county (city) network information, public security, communications, confidentiality, password management and other departments shall, in accordance with their respective responsibilities, do a good job in the supervision and management of public data security. Article 5 A public * * * management service institution shall be mainly responsible for the security management of public * * * data within its scope of duties, and perform the following duties:

(1) Defining the institutions and personnel responsible for the safety management of their own institutions, and being responsible for the safety management of public data;

(two) the establishment of the public data directory, clear data * * * enjoy and open attributes, the implementation of hierarchical management system;

(3) Formulating the management system and operation procedures for public data security of this institution, and implementing the network security level protection system;

(four) to take technical measures to prevent computer viruses and behaviors that endanger network security, log recording and monitoring, data backup and encryption, and regularly carry out public data security risk assessment:

(five) to formulate emergency plans for public data security and organize emergency drills on a regular basis;

(six) when data security incidents occur, take immediate measures and report to the public security organs and other departments in a timely manner;

(seven) to conduct a safety review of the public data service outsourcing activities of this institution;

(eight) to carry out public data security education and technical training on a regular basis;

(nine) other public data security management. Article 6 Public management and service institutions shall follow the principles of legality, necessity and justness in collecting all kinds of data; Without the basis of laws and regulations, the relevant data of citizens, legal persons and other organizations shall not be collected; The collection of public * * * data shall be limited to the necessary scope, and shall not exceed the data collected by public * * * management and services, and the data that can be obtained through * * * enjoyment shall not be collected repeatedly.

Public * * * management and service institutions shall take necessary safety protection measures for data collection environment, facilities, networks and systems, and shall not use private equipment to collect public * * * data. Article 7 Unless otherwise stipulated by laws and regulations, when collecting public data, public management and service institutions shall inform them of the purpose, method and scope of collection.

Unless otherwise stipulated by laws and regulations, public management and service institutions shall set up obvious signs when setting up data collection facilities and equipment in public places to collect information.

Individuals can consult or copy data related to their own information from public management and service institutions. If mistakes are found, they have the right to raise objections and ask public management and service institutions to take necessary measures such as correction in time. Eighth public * * * management and service institutions shall abide by the following provisions in the process of public * * * data processing:

(1) Without the consent of the data provider or the data collector, the original data value shall not be changed;

(2) If the data or conclusions obtained in the process of public data collection and mining may be classified, sensitive or endanger national security or harm national interests and public interests, a security risk assessment shall be conducted.

Public * * * management and service institutions shall not use or disseminate the data or conclusions obtained in item 2 of the preceding paragraph. Article 9 Public * * * management and service institutions shall, according to their * * * enjoyment attributes, classify public * * * data into unconditional * * * enjoyment categories, restricted * * * enjoyment categories and non * * * enjoyment categories, and implement hierarchical management. Among them, the negative list management system shall be implemented for non-* * public * * data, which shall be formulated separately by the municipal big data development management department in conjunction with relevant departments. Tenth public * * * management and service institutions shall, according to the open nature of public * * * data, divide it into unconditional open category, restricted open category and prohibited open category, and implement hierarchical management.

Public * * * management and service institutions intend to disclose public * * * data, and shall conduct safety risk assessment in accordance with regulations.

Citizens, legal persons and other organizations whose disclosure of public data infringes upon their legitimate rights and interests, such as business secrets and personal privacy, have the right to request public management and service institutions that provide public data disclosure services to suspend or withdraw public data in accordance with regulations. Eleventh public * * * data obtained by public * * * management and service institutions shall not be used for other purposes except for performing their duties.

Public management and service institutions shall take necessary technical control measures such as electronic signature, authority control, access control and log audit to ensure the safety, controllability and traceability of public data in use.

Encourage institutions of higher learning, scientific research institutions and market players to carry out research on data security and privacy protection technologies, and improve the safety management level of public data use.