The term "personal information processing" as mentioned in these Measures refers to the collection, processing, transmission, use, shielding and deletion of personal information by using information systems. Article 4 The municipal administrative department of informatization shall be responsible for the comprehensive coordination and management of personal information protection in the software and information service industries of this Municipality.
Other relevant departments are responsible for the protection and management of personal information in the software and information service industries within their respective responsibilities. Article 5 The municipal informatization administrative department may entrust the software and information-related industry associations to undertake specific affairs such as filing, accepting reports or complaints about the protection of personal information in the software and information service industry. The provisions of these measures. Article 6 The municipal information administration department shall establish credit files of software and information service enterprises, and guide and supervise the software and information service enterprises to carry out personal information protection.
Software and information-related industry associations should play the role of industry service, industry self-discipline and industry coordination, and assist software and information service enterprises to do a good job in the protection of personal information in the course of operation. Article 7 The municipal information department shall take measures to actively promote the mutual recognition of personal information protection norms for software and information services between this Municipality and Taiwan Province Province, and promote the cooperation between this Municipality and Taiwan Province Province. Eighth software and information service enterprises shall, within 30 days from the date of engaging in personal information processing business, file with the municipal information department. The following materials shall be provided for the record:
(1) A copy of the business license of the software and information service enterprise and a copy thereof;
(two) personal information protection security responsibility system;
(3) A description of the security protection measures and means of the personal information processing system;
(4) Emergency plan for the protection of personal information;
(5) Other materials that need to be provided according to law. Article 9 After receiving the filing materials, the municipal information department shall issue a notice of acceptance on the spot if the materials are complete; If the materials are incomplete, it shall inform the software and information service enterprises at one time to make timely corrections.
For those who have issued the acceptance notice, the municipal information department shall make a decision on whether to pass the filing within 15 days from the date of acceptance. Pass the record, issue a record certificate, and make an announcement on the website of the municipal information department in time; If it fails to pass the filing, it shall notify the rectification in writing. Article 10 If the financial investment informatization project of this Municipality entrusts software and information service enterprises outside this Municipality to engage in personal information processing business activities, the entrusting party shall sign an entrustment contract with the entrusted party, agreeing to file the case in accordance with the provisions of Article 8 of these Measures, and implement it in accordance with the filing system; Not according to the provisions of the record, the municipal information department shall not approve the allocation of the corresponding information project funds. Eleventh software and information service enterprises shall abide by the following provisions when handling personal information:
(1) Unless otherwise stipulated by laws and regulations, the collection of personal information shall have a specific, clear and reasonable purpose and scope, adopt reasonable and appropriate methods and means, and obtain the consent of the subject of personal information in advance;
(two) in accordance with the requirements of the relevant national standards and norms for the protection of personal information, the establishment of personal information protection system and emergency plan, equipped with security management personnel;
(3) Strengthen the risk management of personal information to prevent information leakage, loss, damage, tampering and improper use. When handling personal information. Article 12 Where a software and information service enterprise is entrusted to handle personal information, the entrusting party shall specify the content of the entrusted party's personal information protection responsibility in the entrustment contract. The trustee shall take necessary measures and means to ensure the safety of personal information in the process of processing. Thirteenth personal information subjects have the right to inquire about their personal information from the personal information manager. When the subject of personal information finds that his personal information is inaccurate, he has the right to ask the personal information manager to correct it. Personal information managers should correct mistakes in time when verifying them.
The subject of personal information mentioned in the preceding paragraph refers to the natural person corresponding to personal information, and the personal information manager refers to the natural person or legal person who has the actual management right of personal information. Fourteenth software and information service enterprises and their staff improper use of personal information, personal information subject can report or complain to the municipal information department. After receiving a report or complaint, the municipal information department shall promptly verify the contents of the report or complaint and handle it according to law or transfer it to the competent department for handling.