AsianLII [Home] [Databases] [WorldLII] [Search] [Feedback]

Laws of the Guangdong Province

You are here:  AsianLII >> Databases >> Laws of the Guangdong Province >> Regulations of Shenzhen Economic Special Zone on the Administration of Public Safety of Computer Information System

[Database Search] [Name Search] [Noteup] [Help]


Regulations of Shenzhen Economic Special Zone on the Administration of Public Safety of Computer Information System

Regulations of Shenzhen Economic Special Zone on the Administration of Public Safety of Computer Information System

 Original adopted by the 101th Execute Meeting of the Second People' s Government of Shenzhen Municipality. As signed and Promulgated by Mayor Li-zibing on Jul 17th 1998.

Regulations of Shenzhen Economic Special Zone on the Administration of Public Safety of Computer Information System


  Chapter I General Provisions


    Article 1
  These regulations are formulated in accordance with the actual situation in Shenzhen Economic Special Zone (hereinafter referred to as the Special Zone),for the purpose of safeguarding the safety of computer information system, maintaining public order of computer information system and promoting social stabilization.


    Article 2 These regulations are applicable to the administration of public safety of computer information system (hereinafter referred to as computer safety administration) of the following application units of computer information system of the Special Zone:
    The computer information system of operation and service units of computer information network;

(1)         the computer information system using in storage, disposal and transfer public information and confidential materials by the government agencies;

(2)         the computer information system of financing unit , securities unit or public service unit;

(3)         the computer information system of national defense construction,the most advanced branches of technology and the state key unit of economic construction;

(4)         other computer information systems influencing materially on social public interest.

Article 3  The computer information system in these regulations refers to the man-machine system composing of computer and its correlative and necessary equipments and facilities and using in collection, machining, storage, transmission, searches of information according to established applicable aim and rule.

Article 4  The Public Security Organization of the People' s Government of Shenzhen Municipality ( hereinafter referred to the Municipal Competent Authority) is the competent authority of computer safety administration of the Special Zone while its affiliated Administrative Department of Computer Safety shall undertake the task of computer safety administration formulated in these regulations.

Any other relevant functional departments of the government shall undertake the concerned tasks of computer safety administration for cooperation with the municipal competent authority within its scope of official duties.
    Article 5  The municipal competent authority shall develop the propaganda, education and communication of safety of computer information system, instruct activities of trade association of safety technology of computer information system and supply technical services of safeguard system of computer information system for the application units of computer information system
  
   Chapter II  Safety Administration of Computer Application Unit

Article 6  The computer application unit shall establish and perfect the safeguard system of computer information system which includes administration of technical safety and administration of safety organization. The administration of technical safety includes the administration of substantiation safety, software safety, input and output control and network safety of computer information system as well as safety audit and risk analysis and so cn. The administration of safety organization includes establishment of safety organization, perfect all kinds of systems of safety administration, workout contingency plan and so on. The municipal competent authority shall supervise and instruct the application unit to set up and perfect the safeguard system of computer information system. 
     Article 7  The municipal competent authority, in the presence of the concerned competent authorities of People' s Government of Shenzhen Municipality, shall issue the trade technical regulations on computer safety administration in accordance with the trade characteristics of computer application unit. The safeguard system of computer application unit shall not less than the minimum safety demands of such trade technical regulations. 
    Article 8  The person liable for computer safety administration confirmed by the computer application unit shall carry out the following duties:
 

(1)               to organize to propagandize the laws, regulations and relevant policies on computer safety administration;

(2)               to study out and organize to carry out the rules and systems of computer safety administration of the unit concerned;

(3)               to organize regular inspection of safety operation circumstance of computer information system and eliminate hidden troubles of safety immediately;

(4)               to take charge of organizing safety audit;

(5)               to take charge of organizing safety education and training of the employed of computer of the unit concerned;

(6)               to report to the municipal competent authority and take careful and skillful measures to protect the scene of crime and prevent from enlargement of harm in the case of happening safety accident or computer crime.  The safety accident referred in these regulations is the incident with social harmfulness resulting from artificial or natural factor in computer information system. The computer crime referred in these regulations is the case of crime aiming at or making use of computer information system.  

     Article 9  The computer application unit shall be equipped with computer safety technician according to the trade technical regulations of computer safety administration.

The computer safety technician shall carry out the following duties:

(1)  to carry out rules and systems of computer safety administration of the unit concerned;

(2)  to inspect and test the safety operation circumstance of computer information system and eliminate hidden troubles of safety immediately according to the trade technical regulations of computer safety administration;

(3)  to report to the person liable for safety administration of the unit concerned or to the municipal competent authority directly, to take careful and skillful measure to protect the scene of crime and prevent from enlargement of harm in the case of safety accident or computer crime.

   The computer safety technician shall pass the safety technology training approved by the municipal competent authority and undertake relevant work only after passing the training and getting the certification of competency with the period of validity of two years.
     Article 10  The special product using in computer information system safety using by the computer application unit shall comply with the concerned national technical regulations or shall pass the inspection by the professional inspection institution which not less than the minimum safety demands of technical regulations of computer safety administration of the trade concerned.

The special product using in computer information system safety referred in the preceding clause is the special hardware and software products using in protection of computer information system safety.

The municipal competent authority shall issue regular notification for promulgating the list of special products of computer information system safety.
     Article 11  The computer application unit shall report to the municipal competent authority within 24 hours from discovering the safety accident or the computer crime in computer information system.

 Article 12  Where the sudden accidence happening in computer information system may damage to public safety, the municipal competent authority shall take emergency measures such as suspend internet connection and suspend using computer for examination against computer application unit but shall assist the computer application unit to do safety protection work in advance.

Chapter III Safety Inspection of Computer Information System

 

Article 13  The computer information system of the application unit shall be under the operational test with a period of six months after finishing construction. It shall be under the inspection of safety system by the professional inspection institution during the operational test. If succeeding in the inspection, it shall be granted the Competent Certificate of Safety Inspection of Computer Information System by the municipal competent authority; if failing in the inspection, it shall be ordered to rectify according to the trade technical regulations of computer safety administration. Any computer information system which doesn' t satisfy with the minimum safety demand shall not be started using formally,

 Article 14  The inspection of safeguard system of computer information system shall include the followings:

 (1) the person liable for computer safety administration and safety technician;

 (2) the system of safety administration and safety audit; 
     (3) the capability of computer software and the circumstance of computer room;

(4)  the reliability of computer system software, application software and database;

(5)  the measures of technology safety;

(6)  the result of technical test
 

The safety demands of safeguard system of computer information system of trades shall be promulgated after being enacted by the municipal competent authority in the presence of the municipal competent authority of concerned trade.
    Article 15  The computer information system of application unit shall receive the inspection of safeguard system by the professional inspection institution every year. If succeeding in the inspection, it shall be granted the Qualification Certification of Annual Inspection of Safeguard System of Computer Information System. Otherwise, it shall be ordered to improve according to the trade technical regulations of computer safety administration. Any computer information system, which doesn' t satisfy with the minimum safety requirement, shall not use continually.
    Article 16  The professional inspection institution shall ensure normal operation of production, teaching, scientific research and management of the computer application unit and keep the commercial secret . The computer application unit may appeal to the municipal competent authority for organizing to reinspection if it objects to the inspection result by the professional inspection institution.
    Article 17  Where the equipment renew or alteration of computer information system by the application unit inferences the safeguard directly, the professional inspection institution shall inspect the part which under the influence and ensure to satisfy the minimum safety requirement.  
    Article 18  The municipal competent authority may consign the professional inspection institution to inspect its safeguard system when it considers the application unit exists hidden trouble of safety. If have any questions, it shall be ordered to rectify in the time limit by the municipal competent authority in accordance with the trade technical regulations on computer safety administration.

  Article 19 Any inspection of safeguard system of computer information system or inspection of the minimum safe requirement of the special product of computer information system shall be undertaken by the professional inspection institution with inspection qualification authorized by the municipal competent authority. The professional inspection institution shall inspect according to the trade technical regulations on computer safety administration and provide inspection report in reality, impersonality, equity and integrity.

The copy of inspection report of safeguard system of computer information system shall be referred to the municipal competent authority for records by the professional inspection institution.


   Chapter IV   Computer Information Safety and Administration of Injurious Data

Article 20  The computer application unit shall enact the administration system of information safety and do safety audit of information for preventing the information from increase, cut, amendment or copy illegally.
    Article 21  Any information which is administrated and issued by the computer application unit shall be reality, integrity and reliability.
    Article 22  The computer application unit shall set up the data backup system of computer information system and to save the duplicate data according to the trade technical regulations on computer safety administration.
     Article 23  Any unit and individual, who think that his (its) legal rights and interests are infringed by the computer information system, may complain to the municipal competent authority or other relevant competent authorities.

Any complaint, from which may damage public safety for the municipal competent authority or other relevant competent authorities, shall be investigated and verified. If existing hidden trouble of safety of application unit, it shall be ordered to rectify.
    Article 24 Any unit or individual shall not create, proliferate intentionally a computer virus or other injurious data, or conduct lectures or training about computer virus mechanism. Any teaching unit shall not instruct means of creating a computer virus during teaching.
     Article 25  The municipal competent authority takes charge of promulgate important epidemic situation of computer virus. Any unit or individual shall not issue epidemic situation of computer virus by any means.
      Article 26  The computer application unit shall execute the following duties in administration of injurious data:
 

(1)                to establish and carry out special administration system of computer virus or other injurious data;

(2)                to inspect computer virus or other injurious data before using computer software and hardware;

(3)                to inspect computer virus and other injurious data regularly and to eliminate immediately in the case of suspecting computer virus or other injurious data;

(4)                to take protection measures and take samples to refer to the municipal competent authority within 24 hours from suspecting computer virus incapable of elimination;

(5)                to assist the municipal competent authority to investigate the resource of computer virus.

Article 27  Any product from any unit or individual which creates, sells, leases, repairs or bestows commercially all kinds of computer products, shall be inspected and shall not bear computer virus and other injurious data.


   Chapter V  Administration of Public Order of Computer Information Network


    Article 28  Any operating unit of computer information network, who applies for doing internet business, shall apply to the competent authority of internet connection unit or other competent authorities who are entitled to accept the application for internet business for the Permit for Internet Business;  Any service unit of computer information network , who applies for doing internet business, shall subject to the approval by the competent authority or other competent authorities who is entitled to accept the application for internet business. Any uses of computer information system , who connects internet with foreign computer information system through physical communication channel, shall file in table for records according to the facts within 30 days upon the date dredging network, changing network means or terminating network and shall handle procedures of record, alternation or logoff in the municipal competent authority under the assistance of the service unit or operating unit of computer information network.
    Article 29   Any computer information system of application unit which connects with internet, shall take safe protection measures according to the trade technical regulations.
    Article 30  Any unit using public account in connect with computer information system network, shall establish administration system of public account use. The administration unit of operating and opening computer room shall set up the register and administration system of user.
    Article 31  Any unit and individual shall not engage in following acts:
 

(1) to create, spread and copy injurious information by making use of computer information network;
 (2) to invade into computer information network illegally;
 (3) to increase, abridge , modify and disturb the function of computer information system resulting in interfering in normal operation of computer information system in violation of the state regulations;
 (4) to increase, abridge, modify and copy the application procedure or data which is saved, disposed or transmitted in the computer information system in violation of state regulations;
 (5) to steal information resource in computer information system illegally;

(6)                to consult email box of any other person without authorization;

(7)                to send email of another as one' s own

(8)                to disturb computer information network intentionally ;

(9)                to do other acts damaging safety of computer information system.

Article 32  The operation and service unit of computer information network who takes charge of information safety and public order safety of network concerned shall execute the following duties:
      (1) to enact safety administration system and to do safety instruction for the network user concerned;

(2) to carry out safety technology measures and to ensure the operation safety of network concerned and issued information safety
      (3) to establish information auditing system of electronic announcement system and to eliminate injurious information with reactionary or obscene contents;   
       (4) to reserve relevant auditing records and report to the municipal competent authority immediately in the case of suspecting circumstances of  the article 31in these regulations;
    (5) to assist the municipal competent authority to check and manage the internet illegal acts.  
    Article 33  The municipal competent authority shall monitor regularly the situation of public order of computer information network and settle any incidents affecting public order immediately for maintain the safety of public order of computer information network.
  
                     Chapter VI   Legal Responsibility
  
      Article 34   Anyone, who in violation of these regulations with one of the following acts, shall be ordered to rectify and may be fined not more than 10,000 yuan:
 (1) where the computer application unit fails to appoint the person liable for computer safety or equip with computer safety technician;
 (2) where the computer application unit fails to report to the municipal competent authority within 24 hours upon the time suspecting safety accident or computer crime in computer information system of the unit concerned;
 (3) where the computer application unit uses the disqualified special product of computer information system safety;
 (4) where the computer application unit fails to establish the safeguard system of computer information system safety;
 (5) where using the computer information system without authorization which doesn' t inspected or isn' t up to the minimum safety requirement of the technical regulations of computer safety administration of the trade concerned after being inspected;
 
6 where the computer application unit fails to inspect computer virus and other injurious data according to regulations and result in damage;
 (7)   where the unit using public account to connect the computer information system network fails to establish administration system of public account use.
 (8)   Where the management unit of operating and opening computer room fails to establish register and management system of users;
 (9)  Where the operating and service unit of computer information network fails to establish the information audit system of electronic announcement system

 (10)  Where the operating and service unit of computer information network suspects the circumstances stipulated in article 31 of these regulations but fails to reserve relevant audit records or fail to report to the municipal competent authority, 
    Article 35  The person liable for safety or the safety technician of the computer application unit, who fails to execute duties stipulated in these regulations and resulting in safety accidents or serious damages, shall be given a disciplinary warning by the municipal competent authority and be imposed disciplinary or economic punishment by the unit concerned under the suggestion of the municipal competent authority; If the circumstances are serious, criminal liability shall be pursued according to laws.

Article 36  Any professional inspection institution, who maks false statement in inspection report in violation of these regulations,shall be ordered to rectify by the municipal competent authority; if the circumstances are serious, it shall be cancelled the inspection qualification. Any professional inspection institution, in violation of these regulations, failing to keep commercial secret of computer application unit and resulting in infringing its legal rights and interests, shall be bear the legal liability and be cancelled inspection qualification by the municipal competent authority.
    Article 37  Any computer application unit that its information is increased, abridged, modified or copied illegally because of the faultiness of safety administration system , if resulting in losses, shall be given a disciplinary warning.
 

Article 38 Anyone, who in violation of these regulations with one of the following acts, shall be given a disciplinary warning and also be ordered to stop unlawful acts. The unit shall be fined not more than 50,000 yuan while the individual shall be fined not more than 5,000yuan; If there are illegal gains, a fine of not less than the amount of but not more than three times the illegal gains shall be imposed; If the circumstances are serious, criminal liability shall be pursed according to law.
 (1) to create, proliferate intentionally a computer virus or other injurious data
 
2 to conduct lectures or training about computer virus mechanism without authorization;
 (3) to issue epidemic situation of computer virus to society without authorization;
 (4)  to create, sell, lease, repair or bestow commercially computer products with computer virus and other injurious data.
    Article 39  Anyone, who in violation of the article 28 of these regulations, shall be given a disciplinary warning by the municipal competent authority and be ordered to stop connecting internet; the operating or service unit may also be fined not more than 15,000yuan and the user may also be fined not more than 1,000yuan; If there are illegal gains, a fine of not less than the amount of but not more than three times the illegal gains shall be imposed.
    Article 40  Anyone, who in violation of the article 39 of these regulations, shall be given a disciplinary warning by the municipal competent authority; the unit may also be fined not more than 50,000 yuan while the individual may also be fined not more than 5,000 yuan; if there are illegal gains, a fine of not less than the amount of but not more than three times the illegal gains shall be imposed.
     Article 41 Where the computer information system of application unit with fatal safety hidden trouble fails to rectify within the time limit specified by the municipal competent authority and may affect the safety of computer information system seriously if it continue to operate, the application unit shall be ordered to stop operation for rectification by the municipal competent authority.
 

                     Chapter VII Supplementary Articles
  
     Article 42 These regulations shall come into force on the date of their promulgation.  


AsianLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback
URL: http://www.asianlii.org/cn/legis/gd/laws/roseszotaopsocis1118