Regulations of Guiyang Municipality on Big Data Security Management (202 1 Amendment)

Chapter I General Provisions Article 1 In order to strengthen the security management of big data, safeguard national security and social interests, protect the legitimate rights and interests of citizens, legal persons and other organizations, promote the development and application of big data, and promote the implementation of big data strategy, these Regulations are formulated in accordance with the provisions of the Cyber Security Law of the People's Republic of China and other relevant laws and regulations, combined with the actual situation of this Municipality. Article 2 These Regulations shall apply to the safety protection, supervision and management of the development and application of big data and related activities within the administrative area of this Municipality.

Big data security management involving state secrets shall be implemented in accordance with relevant confidentiality laws and regulations.

The term "big data security" as mentioned in these Regulations refers to the ability, state and behavior of the data owners, managers, users and service providers (hereinafter referred to as security responsible units) to take protection and management strategies and measures to prevent risks and hazards such as data forgery, disclosure or theft, tampering and illegal use.

The term "big data" as mentioned in these Regulations refers to a collection of data with large capacity, various types, fast access speed and high application value. It is a new generation of information technology and service format that collects, stores and analyzes a large number of data with scattered sources and various forms, discovers new knowledge, creates new value and enhances new capabilities.

The data mentioned in these Regulations refers to all kinds of electronic information collected, stored, transmitted, processed and generated by computers or other information terminals and related equipment. Article 3 The implementation of big data security management should adhere to the correct concept of network security, and follow the principles of unified leadership, government management, industry self-discipline, social supervision, risk prevention and control, unified power and responsibility, inclusiveness and prudence, and support for innovation. Article 4 The Municipal People's Government shall uniformly lead the safety management of big data in this Municipality. The people's governments at the county level shall lead the big data security management in their respective jurisdictions. Article 5 The municipal network information department is responsible for coordinating the supervision and management of big data security in the city and organizing the supervision of key information infrastructure in the city. The county-level network information department is responsible for comprehensively coordinating the supervision and management of big data security in its jurisdiction according to its responsibilities.

Municipal public security organs are responsible for the supervision and management of level protection, daily inspection, law enforcement inspection, information notification and emergency response of big data security. County-level public security organs are responsible for the supervision and management of big data security in their respective jurisdictions.

The municipal department in charge of big data will co-ordinate the construction of big data security system in this city. County-level big data authorities are responsible for the related work of big data security management in their respective jurisdictions according to their duties.

Confidentiality, national security, password management, communication management and other competent departments shall, in accordance with their respective responsibilities, do a good job in the security management of big data. Article 6 The security responsible unit shall strengthen the capacity building of big data security, perform the duties of big data security protection, and accept the supervision and management of relevant competent departments and social supervision. Article 7 The people's governments at or above the county level, the departments in charge of internet information, public security and big data, the units responsible for security and the mass media shall, according to their respective duties, do a good job in the publicity and education of big data security. Article 8 The Municipal People's Government shall establish a unified big data security supervision service and complaint reporting platform, and establish corresponding working mechanisms.

Any unit or individual has the right to complain and report acts that endanger the security of big data; The relevant departments shall keep the complainant confidential. Chapter II Security Assurance Article 9 The security responsible unit shall take effective measures to protect the confidentiality, integrity, authenticity, controllability, reliability and verifiability of data in accordance with the principles of clear responsibilities, conformity with intentions, quality assurance, data minimization, minimum authorized operation, classified and graded protection and auditability. Article 10 The legal representative or principal responsible person of the security responsibility unit is the first responsible person of the big data security of the unit.

The safety responsible unit shall, according to the life cycle, scale and importance of the data and the nature, category and scale of the unit, establish the internal control system of safety management and support and guarantee mechanism, clarify the person in charge of safety management, and implement the safety management responsibilities of different posts; Operators of key information infrastructure should also set up special security management institutions. Article 11 The safety responsible unit shall, according to the requirements of data type, level, sensitivity and data security capability maturity, formulate safety rules, management norms and operating procedures, adopt corresponding safety management strategies, management measures and technical means, and implement effective management. Article 12 The security responsible unit shall configure the system security functions according to the requirements of big data security level protection, formulate and implement regulations on system configuration technology management, policies on restricting the use of software procurement and policies on the use of external components, stipulate the approval and operation procedures of configuration management, provide management and services that meet the standards, and update important system configurations in a timely manner. Thirteenth safety responsibility units should formulate and improve the access control strategy, and take technical measures such as authorized access and identity authentication to prevent unauthorized inquiry, copying, modification or transmission of data. Encrypt and protect personal information and important data, and desensitize and decrypt data involving national security, social interests, business secrets and personal information according to law. Article 14 The security responsible unit shall establish a big data security audit system, stipulate the audit work flow, record and save data classification, collection, cleaning, conversion, loading, transmission, storage, copying, backup, recovery, query and destruction, and conduct security audit analysis on a regular basis.