Current through Register Vol. 49, No. 9, September, 2024
Section 1.
Authority.
(a)
Scope. These regulations apply to all criminal justice agencies and officials in Arkansas. Authority for these regulations that govern the operation and use of the Arkansas Crime Information Center (ACIC) system is found in A.C.A. §§
12-12-203(a)(5) and 12-12-203(b).
(b)
System Authorization. The ACIC system was established by Act 286 of 1971, as amended, and codified in A.C.A. §§
12-12-201 -- 12-12-214 and 12-12-1001 - 12-12-1015.
(c)
Administration. ACIC is administered by a Director and a 14-member Supervisory Board. Membership of the Board is specified in A.C.A. §
12-12-202. This board appoints the ACIC Director and establishes the general policies and regulations governing the operation of the ACIC system.
(d)
Control Terminal Agency. The National Crime Information Center (NCIC) and the National Law Enforcement Telecommunications System (NLETS) both require that each state designate a criminal justice agency as Control Terminal Agency (CTA) for their services. A.C.A. §
12-12-208 designates ACIC as the control agency in Arkansas for NCIC and NLETS.
Section 2.
Definitions.
(a)
"Administration of criminal justice" means performing functions of investigation, apprehension, detention, prosecution, adjudication, correctional supervision, or rehabilitation of accused persons or criminal offenders. The administration of criminal justice also includes criminal identification activities and the collection, maintenance, and dissemination of criminal justice information.
(b)
"Access device" means a computer terminal, microcomputer workstation, mobile data device or other electronic equipment used to communicate with the ACIC computer system.
(c)
"Criminal history information" means a record compiled by the central repository or identification bureau on an individual consisting of name(s) and identification data, notations of arrests, detentions, indictments, informations, or other formal criminal charges. This record also includes any dispositions of these charges, as well as notations on correctional supervision and release. Criminal history information does not include driver history records or fingerprint records on individuals that may have been submitted for civil or employment purposes.
(d)
"Criminal justice agency" means a government agency, or any subunit thereof, which is authorized by law to perform the administration of criminal justice, and which allocates more than one-half its annual budget to the administration of criminal justice.
(e)
"Criminal justice official" means an employee, sworn or unsworn, of a criminal justice agency, performing the administration of criminal justice.
(f)
"Criminal justice purpose" means a use for the administration of criminal justice.
(g)
"Disposition" means information describing the outcome of any criminal charges, including acquittals, dismissals, probations, guilty pleas, nolle prosequi, nolo contendere pleas, findings of guilt, first offender programs, pardons, commuted sentences, mistrials in which the defendant is discharged, executive clemencies, paroles, releases from correctional supervision, or deaths.
(h)
"Governmental Dispatch Center" means a non-criminal justice agency established and authorized by act of local government to provide communications support services to agencies of local government, including criminal justice agencies. (A.C.A. §§
12-10-301 to 12-10-323).
(i)
"Interface agency" means an agency approved to be on the ACIC network with direct access to the ACIC system by computer terminal, microcomputer workstation, mobile data device or other electronic equipment.
Section 3.
Access and Use of Information.
(a)
Access Authority. Agencies and officials receiving information directly from the ACIC, NCIC and NLETS systems are limited to those that have been assigned an Originating Agency Identifier (ORI) number by the FBI. The ACIC Supervisory Board may also allow other agencies or officials access to information from state-controlled databases, when authorized by Arkansas law.
(b)
Use of Information. Information from the ACIC system shall only be used by criminal justice officials, acting in their official capacities, for criminal justice purposes. Any other non-criminal justice uses must be authorized by law, under procedures approved by the ACIC Supervisory Board, and may include the release of information to the public on wanted persons, missing persons, stolen property, hazardous materials, and road and weather conditions.
(c)
Availability of ACIC Services. Interface agencies shall staff and operate at least one access device on a 24-hour-a-day, 7-day-a-week basis. Any exception must be specifically approved by the ACIC Director. Interface agencies shall provide assistance to other criminal justice agencies not equipped with an ACIC access device, to include record inquiries, message transmittals, and record entries or deletions.
(d)
Free-text Messages. All free-text messages transmitted in-state over ACIC, as well as out-of-state over NLETS, shall be connected with official criminal justice responsibilities, and shall not include recruitment of personnel, non-criminal justice announcements, greetings or any other matters outside of official business.
(e)
Misuse of Information. Misuse of information from the ACIC system is a felony, as defined in A.C.A. §§
12-12-212 and 12-12-1002(b).
(f)
Vehicle Information. Pursuant to Act 1830 of 2001, Section 6(c), ACIC may provide vehicle information to towing and storage firms for a fee of ten dollars ($10.00) per record check.
Section 4.
Security.
(a)
Facilities. ACIC access devices shall be placed in areas with adequate physical security that will (1) prevent access by the public or other non-official personnel; (2) prevent access by unauthorized agency personnel; and (3) allow access to a minimum number of authorized agency personnel. Internal procedures shall be implemented that will protect not only access devices, but also technical documents and any records associated with entries in the state and national systems. Identification shall be required before admitting equipment maintenance personnel or other officials from outside the agency.
(b)
Security Checks. ACIC will conduct periodic on-site security inspections in all interface agencies to ensure compliance with the ACIC System Service Agreement, as well as ACIC, NCIC and NLETS security policies. Agencies will permit the inspector, after proper identification, to conduct appropriate review of all hardware, software, communications interfaces and operating procedures relating to the ACIC, NCIC and NLETS systems. Results of inspections will be reported to departmental officials. Security violations that remain uncorrected will be reported to the ACIC Supervisory Board.
(c)
Technical Security. Interface agencies will be required to implement and/or comply with special technical security standards designed to prevent unauthorized access to information.
(d)
Disposal of Documents. When printouts, listings or other official records from the ACIC system are disposed of, it must be done by shredding, burning or other appropriate methods that will prevent any subsequent access by unauthorized persons or for unauthorized purposes.
Section 5.
Completeness and Accuracy.
(a)
Responsibility. Agencies that enter records, or cause records to be entered into ACIC and NCIC, are responsible for their accuracy, timeliness, and completeness.
(b)
Entry of Records. Agencies should enter into ACIC, and into NCIC when appropriate, information on wanted persons, missing persons, and stolen property, as soon as the minimum data elements required for entry become available. The FBI considers the entry of a record within 72 hours of origin to be timely. After entry, the FBI requires missing person records to be updated within 60 days with any additional information that may have been obtained. There is no required waiting period before entering any missing persons, and Arkansas law (A.C.A. §
12-12-205) requires the immediate entry of missing persons under the age of 18. Agencies must have procedures in place to verify the accuracy of all information entered into ACIC and NCIC, with such procedures to include a review or double-checking by a second-party immediately after the record is entered.
(c)
Supporting Records. All entries in ACIC and NCIC must be substantiated by official documentation, including a warrant for entries in warrant files, a theft report for entries in stolen property files, and an incident report for other record entries. Copies of these supporting documents, whether in manual or automated form, must be on hand to support all entries and must be accessible within 10 minutes for hit confirmation purposes. This backup documentation shall be maintained, readily accessible, as long as the record entries are in the state and/or national information systems. Any entries lacking such backup documentation must be removed by the entering agency.
(d)
Extraditions and Distance Limitations. For entries in the NCIC wanted persons file, a determination must be made, to the maximum extent possible, as to whether extradition will be authorized if the individual be located in another state. If distance limitations are to be placed on extradition of the individual, this information must be included in the entry. NCIC permits the entry of non-extraditable felony warrants for the purpose of officer safety, but such entries must contain the code NOEX in the miscellaneous field to indicate no extradition. Within Arkansas, if there are limits on the distance an agency will go to get an individual, this limitation must also be included in the entry.
(e)
Monitoring. ACIC Network Control will continuously monitor record entries and system use to ensure that standards and rules are being met.
(f)
Record Purge. To help maintain file integrity, out-dated records in the ACIC files are periodically purged on a schedule similar to NCIC. Each agency will be provided with a listing of its records that were removed. These records may be re-entered if the agency so desires.
(g)
Validations. All agencies with entries in ACIC and NCIC are required to participate in a record validation program. Validation is necessary to ensure record accuracy and includes the following steps:
(1) agencies with entries will be notified of certain records in ACIC and NCIC that are to be validated;
(2) all records identified must be reviewed and compared with case file documents upon which the entries were based;
(3) the current status is determined by checking for changes in extradition limits, by determining from owners of stolen property if recoveries have been made, by verifying with the courts that arrest warrants are still active and have not been recalled, and by determining that persons reported missing have not returned;
(4) record entries that are no longer current must be corrected or removed from ACIC or NCIC by the entering agency; and
(5) a validation form is signed to officially acknowledge that all records identified have been reviewed, are complete and correct, and that all non-current records have been deleted. Failure to comply with validation timetables and procedures will result in the removal of specified records from the ACIC or NCIC files, as well as other potential sanctions approved by the ACIC Supervisory Board.
(h)
Audits. To ensure the completeness and accuracy of records in the state and national information systems, as well as the security of both the data and access devices, agencies will be audited at least every two years. The primary purpose of these audits will be to assist departments in identifying and correcting problems in record management and information security, thereby reducing the potential for liability. Audits will consist of an examination and review of (1) pre-audit questionnaires, validations, and training compliance; (2) system entries, backup documentation, and filing procedures; (3) compliance with applicable laws and regulations; and (4) compliance with security requirements. A written report of the audit, with any findings or recommendations, will be provided to the agency. Failure of the agency to take corrective action as suggested in the audit report may result in sanctions or other actions approved by the ACIC Supervisory Board.
Section 6.
Hit Procedures.
(a)
Record Hits. A "hit" is a positive response to an ACIC and/or NCIC inquiry. A hit is not in itself probable cause to arrest or seize property. A hit provides dates and information, which must be added to other facts, in determining probable cause and legal justification for an arrest or seizure decision. All printouts relating to a hit should be retained by the requesting agency to document any probable cause actions.
(b)
Confirmation. Upon receiving a hit, and prior to arresting or detaining a person, or seizing property, the inquiring agency must contact the entering agency to confirm the hit, preferably via the hit confirmation message procedure. Confirming means to determine (1) that the person or property inquired upon is identical to that shown in the record; (2) that the record is current and still valid; and (3) that extradition of a wanted person, the return of a missing person, or the return of stolen property to its rightful owner will be undertaken. When an inquiring agency receives a positive response to an inquiry and the whereabouts of the person or property inquired upon is not known, the hit(s) should not be confirmed. However, if the code NOAH (Notify ORI of All Hits) is in the MIS of the record, the ORI of the record should be notified and furnished details concerning the inquiry.
(c)
Response. The originating agency (ORI) has the duty to promptly respond with confirming details upon receipt of a hit confirmation request. The ORI of the record must, within ten (10) minutes, furnish a positive or negative confirmation, or a notice via the hit confirmation message that a specified amount of additional time is necessary to provide such confirmation. A requesting agency that does not receive a response within ten minutes should generate a second request. If, within ten minutes after the second request, the agency again fails to receive a response from the ORI, the agency will generate a third message to the ORI. These requests will be monitored by ACIC and appropriate action will be taken to obtain a response and ensure compliance with system standards.
(d)
Locate. The locating agency that receives a hit will place a "locate" on a record immediately after receiving confirmation that it is a valid hit. An exception would be when a wanted person record contains an extradition limitation in the MIS and the agency finding the person is outside the geographic area of extradition indicated. These records need not be confirmed and the record should not be "located". However, if the code NOAH (Notify ORI of All Hits) is in the MIS of the record, the ORI of the record is to be notified and furnished details concerning the inquiry.
(e)
Clear. It is the responsibility of the entering agency to immediately "clear" a record after receiving notification of recovery or apprehension.
Section 7.
Criminal History Information.
(a)
Responsibilities. ACIC is authorized to administer the state computerized criminal history file, in accordance with A.C.A. §
12-12-207 and §§
12-12-1001 -- 12-12-1015. The Arkansas State Police administers the state Identification Bureau where arrest fingerprint records are maintained.
(b)
Fingerprinting. Law enforcement agencies arresting persons for offenses specified in A.C.A. §
12-12-1006, are required to fingerprint those persons at the time of arrest and to submit the prints to the state Identification Bureau within 48 hours.
(c)
Disposition Reporting. Arkansas criminal justice agencies are required to report dispositions of criminal charges in accordance with A.C.A. §
12-12-1007.
(d)
Interstate Records. Criminal history information may be retrieved through ACIC from the FBI, as well as directly from other states. Criminal history records obtained through the FBI Interstate Identification Index (III), and from other states through NLETS, are restricted to criminal justice use and may not be accessed for licensing or employment purposes, except criminal justice employment using purpose code "J", or other purposes specifically authorized by law.
(e)
Logging. A record on all disseminations of criminal history information must be maintained. This record of each dissemination provides an audit trail that is required for correcting errors, for updating records that may be modified by judicial or administrative action, and for verifying access. A log of each criminal history requested through ACIC is electronically maintained in the ACIC system. Any agency retrieving criminal history information through ACIC and subsequently disseminating that information to another criminal justice agency outside the original receiving agency, is required to log this secondary dissemination. This manual log will be in a format prescribed by ACIC and will be retained by the disseminating agency for a period of one year.
(f)
Right of Challenge. An individual has a right to see and challenge the contents of his or her criminal history record in ACIC, under controlled and reasonable administrative procedures, in accordance with A.C.A. §
12-12-1013. Requests should be addressed to the Administrator of the ACIC Criminal History Division.
Section 8.
Investigations, Violations and Appeals.
(a)
System Control. Although individual agencies retain certain responsibilities for their own records, overall system discipline and adherence to standards is required. Under Arkansas law, ACIC is authorized to control system use, enforce standards, and ensure that all users follow procedures.
(b)
Authority of Agents. ACIC Information Agents are authorized by A.C.A. §
12-12-210. These agents provide technical assistance, system auditing and training to criminal justice agencies and officials. In addition, these agents may initiate investigations into the use or misuse of information from the ACIC, NCIC, or NLETS systems; may take statements, interview or otherwise compile information; may order the suspension of direct access pending correction of detected problems; and may develop written reports to departmental officials, to the ACIC Director, or to a prosecuting attorney when appropriate.
(c)
Violations. When a violation of these regulations has been committed, or appears to have been committed:
(1) an investigation will be initiated to determine the nature and extent of the alleged violation;
(2) the chief official of the agency, or ranking officer in charge at the time, will be contacted and given an opportunity to correct or explain the alleged violation, unless the violation requires immediate action; and
(3) appropriate sanctions will be imposed if a violation has been substantiated and remains uncorrected.
(d)
Sanctions. An unsatisfactory resolution of a violation may result in one or more of the following:
(1) removal of certain records from the state and national systems;
(2) suspension of ACIC service to an agency on a temporary basis, until corrective action is taken to the satisfaction of ACIC;
(3) revocation of the authority of specific individuals to operate an ACIC access device;
(4) termination of ACIC service to an agency on a permanent basis;
(5) prosecution of an individual or individuals. Under A.C.A. §
12-12-212 and §
12-12-1002, unauthorized use of ACIC is a felony.
(e)
Appeal Procedure. Any recommendation or findings by an ACIC Information Agent may be appealed to the ACIC Director. Any action by the ACIC Director may be appealed to the ACIC Supervisory Board. An administrative appeal may be requested by written notice to the ACIC Director or Chairman of the ACIC Supervisory Board. Appeals to the Board will be considered at a special meeting or at the next regular meeting following receipt of the appeal request.
(f)
Notice of Investigations. It shall be the duty of all agencies to advise ACIC of any allegations, investigations and/or disciplinary actions regarding misuse of the ACIC system or information therefrom.
Section 9.
Application, Equipment and Fees.
(a)
Application Procedure. The appropriate expansion of the ACIC network is determined by need, legal authority and cost effectiveness. New interface agencies may be added to the network only according to guidelines established by the ACIC Supervisory Board. Applications will be submitted in writing to the ACIC Director; an on-site inspection and evaluation will be conducted by ACIC personnel; and approval will be based on legal authority, scope of jurisdiction, proximity to existing interface agencies, communications capabilities, and other factors deemed appropriate by the ACIC Supervisory Board.
(b)
Equipment. Access devices and related equipment directly connecting to the ACIC computer system will be provided by ACIC, or specifically approved by ACIC. Any changes or relocation of such equipment must be approved in advance by ACIC. The interface agency will be responsible for any damage to the access equipment caused by the negligence of its personnel, or for any other damage which is, or reasonably should be, covered by local departmental insurance.
(c)
Fees. Services and equipment to be provided by ACIC, along with any fees to be paid by interface agencies, will be approved by the ACIC Supervisory Board.
Section 10.
Operators and Record Personnel.
(a)
Terminal Agency Coordinators. The chief official of each interface agency will designate a Terminal Agency Coordinator (TAC) to act as the primary contact person for that agency. The TAC should have completed ACIC training requirements and shall (1) serve as liaison between the interface agency and ACIC, actively participating in meetings and providing input on system functions; (2) receive documents and materials from ACIC and distribute them to all appropriate personnel, including briefing the chief official when appropriate; (3) inform ACIC on personnel matters, including the names of individuals attending ACIC training classes, changes in operator assignments, and changes in TAC designation; and (4) assist ACIC personnel in record audits, security checks, and other matters within the interface agency.
(b)
Local Agency Security Officers. The chief official of each interface agency will designate a Local Agency Security Officer (LASO) to (1) act as the point of contact for information security matters; (2) receive basic and on-going security training from ACIC; (3) distribute security alerts to employees of the interface agency; (4) assist the ACIC Information Security Officer (ISO) with security awareness training; and (5) assist state and federal auditors with technical audits in the interface agency.
(c)
Assignment of Operators. Operators are a critical link in any telecommunications system. The integrity, skill and knowledge of operators is vitally important to effective law enforcement communications. ACIC strongly endorses the principle that permanently assigned professional communications operators should be employed in all dispatch and communication centers.
(d)
Security Clearances. Personnel assigned to operate ACIC access devices, including mobile devices, shall be identified on forms furnished by and returned to ACIC. These forms shall be signed by the chief official of the agency and will include a statement acknowledging that a state and national fingerprint-based background check has been conducted on each operator. To be eligible to operate an ACIC access device, or to receive information directly from the ACIC system, operators and other criminal justice personnel in both interface agencies and non-interface agencies shall not have entered a plea of guilty, been found guilty or convicted of a crime which is a felony. This requirement will be interpreted consistent with A.C.A. §
16-90-902.
(e)
Minimum Age. The minimum authorized age for an individual operating an ACIC access device is 18.
(f)
Volunteer Operators. Officially designated volunteer and auxiliary personnel may be used as access device operators, provided they meet the same requirements and training standards as regular operators. Interface agencies shall be responsible for all actions of these volunteer or auxiliary operators.
(g)
Citizenship. Any person operating an ACIC access device must be a U.S. citizen or a legal alien specifically approved by ACIC.
Section 11.
Training.
(a)
Operator Training. All individuals operating an ACIC access device, including mobile devices, must be trained. Training is necessary for the proper and effective use of the state and national computer systems. Required training is defined in the ACIC Training Policy, as approved by the ACIC Supervisory Board.
(b)
Officer Training. ACIC provides a general overview of the state and national computer systems to law enforcement officers during all basic classes at the Arkansas Law Enforcement Training Academy or other authorized basic training entities. ACIC will also provide training, upon request, for officers in any department. Such training will be tailored to what a street officer needs to know about the state and national computer systems.
(c)
Other Training. ACIC periodically provides special orientation classes for criminal justice officials. These sessions emphasize general system capabilities, state and national policies, liability issues, and matters of administrative interest.
Section 12.
Agreements.
(a)
System Service Agreements. The chief official of each interface agency is required to sign a System Service Agreement, and other agreements as appropriate, outlining their duties and responsibilities concerning ACIC, NCIC, and NLETS policies and procedures. Such agreements will be re-executed as required by the ACIC Supervisory Board.
(b)
Holder-of-the-Record Agreements. A criminal justice agency that enters records into the ACIC or NCIC systems must ensure that any hits on its entries can be confirmed 24-hours-a-day, 7-days-a-week. An agency not continuously operational will execute a holder-of-the-record agreement with another agency that is continuously operational. Under such an agreement, the non-24-hour originating agency authorizes the 24-hour holder-of-the-record agency to enter, update and remove records, as well as confirm hits on the originator's records. The originator is responsible for immediately notifying the holder of any changes in the status of originator's records.
(c)
Management Control Agreements. Access by non-criminal justice Governmental Dispatch Centers is allowed, provided an agreement has been executed giving management control to a criminal justice agency. Management control is defined as the authority to set and enforce (1) priorities; (2) standards for selection, supervision, and termination of personnel; and (3) policies governing operations, insofar as those policies apply to law enforcement communications and records.
(d)
Other Agreements. The ACIC Supervisory Board may require the executive of other agreements to cover privatized criminal justice functions or other special situations.
Section 13.
Exceptions.
Any exception to the requirements of these ACIC System Regulations must be specifically approved by the ACIC Director or ACIC Supervisory Board.