(a) Strictly strengthen the credit system user management.
Operating agencies and access agencies should strictly follow the relevant regulations for the creation, deactivation and activation of users, allocate the rights of all types and levels of users in accordance with the principle of "minimum authorization", and strictly set the rights of users, controlling the rights of users in the smallest possible range of business needs. Eliminate the creation of public **** account or class of public **** account, and effectively achieve the unity of people and households, dedicated, timely deactivation and activation of users, the implementation of dynamic management of user passwords.
Operating organizations and access agencies should continuously update technical safeguards and strengthen real-time monitoring of the operation of users at all levels of the credit system. The hierarchical responsibility, clear responsibility, technical and human defense combined, in the system measures to ensure that no vacuum and dead ends.
(ii) Sound credit information query management.
Operating agencies and access agencies should improve the management of credit information query, strict authorization query mechanism, unauthorized query credit report is strictly prohibited, standardize the internal staff and state organs query handling process, strictly prohibit unauthorized recognition of the APP access credit system. Strictly managing bulk data, in accordance with the principles of lawfulness, legitimacy and necessity, and handling the extraction, retention, circulation, application and destruction of bulk data in strict accordance with the process and confidentiality requirements, to ensure data security in all aspects.
(C) optimize the management of self-service inquiry machine.
Operating agencies and access agencies should optimize the self-service query machine user management, clear self-service query machine user management privileges, timely deactivation or deletion of invalid users; to strengthen access control, self-service query machine for a separate division of network segments, according to the working time and query needs, reasonable settings for self-service query machine automatic shutdown time; procurement of self-service query machine, improve the contract content, a clear confidentiality of the equipment provider's responsibility. When purchasing self-service query machines, improve the content of the contract and clarify the confidentiality responsibility of the equipment provider; improve the management of the physical equipment of self-service query machines, clarify the responsible body for the management of self-service query machines, strengthen the maintenance of the equipment, and clean up the credit information stored in the internal of self-service query machines according to the process.
(4) Improve the monitoring mechanism of abnormal credit inquiry and properly handle objections and complaints. The operating agencies and access agencies should establish a daily verification mechanism for credit users' query operations on a graded basis, and improve the monitoring, disposal and reporting mechanism for abnormal queries; continuously optimize and adjust the indicators for daily verification and real-time monitoring of credit queries, and continuously improve the ability of credit users to self-check and self-control. Strictly comply with the objection processing time, standardize the objection processing process, issue relevant documents according to the regulations, and do a good job in preserving and archiving the objection application and processing data; strengthen the complaint processing, standardize the complaint process, process the complaints of the information subjects in a timely manner, and improve the satisfaction of the information subjects. Taking objections and complaints as important clues, we will conduct a timely and comprehensive investigation of credit information security risk events that may be involved, so as to discover problems and remove hidden dangers in time.
Legal basis:
Interim Measures for the Administration of the Basic Database of Individual Credit Information
Article 26 Commercial banks shall, in accordance with the relevant provisions of the People's Bank of China, formulate an internal management system and operating procedures for the submission, inquiry, use, objection handling and security management of the relevant credit information and report them to the People's Bank of China for record.
Article 27 Commercial banks shall establish a user management system, clear administrator users, data reporting users and information query user responsibilities and operating procedures. Commercial banks administrator users, data reporting users and query users shall not work part-time with each other.
Article 28 The administrator user of a commercial bank shall, according to the operating procedures, create the corresponding user for the relevant authorized personnel. Administrator users shall not directly query personal credit information. Administrator users should strengthen the same level of query users, data reporting users and the next level of daily management of the administrator users. Query user staff transfer, the user should be immediately deactivated.
Article 29 The commercial bank administrator users, data reporting users and query users shall be reported to the People's Bank of China credit management department and credit service center for the record. The previous paragraph of the user staff changes, commercial banks should be within two working days to the People's Bank of China credit management department and credit service center to change the record.
Article 30 of the commercial banks shall develop the administrator user and query user password control system, and regularly check the implementation of password control.
Article 31 Commercial banks shall establish a management system to ensure the security of personal credit information, to ensure that only internally authorized personnel have access to personal credit reports, and shall not use personal credit reports for purposes other than those provided for in Article 12 of these Measures.
Article 32 The credit service center shall formulate a management system and operating procedures for the collection, organization, preservation, querying, objection handling, user management, security management and other aspects of the credit information, clarify the duties of the positions, improve the internal control system, and ensure the normal operation of the personal credit database and the security of personal credit information.
Article 33 The credit service center and its staff shall not tamper with, destroy, disclose or illegally use personal credit information in violation of the laws, regulations and the provisions of these Measures, and shall not maliciously collude with natural persons, legal persons or other organizations to provide false credit reports.
Article 34 The credit service center shall establish a monitoring system for the internal operation and external access of the personal credit database, supervise the operation of the users of the personal credit database and the users of the commercial banks, and guard against the illegal invasion of the personal credit database.
Article 35 The credit service center shall establish a disaster backup system, take the necessary security measures to prevent the loss of system data.
Article 36 The credit service center shall record all inquiries from commercial banks and provide timely feedback to commercial banks.
Article 37 The commercial banks shall frequently check the inquiries of the personal credit database to ensure that all inquiries are in compliance with the provisions of these Measures, and regularly report the results of the inquiries and checks to the People's Bank of China and the credit collection service center.
The credit service center shall regularly verify the inquiries of commercial banks on personal credit databases.