Compilation of Rules and Regulations of the State of Georgia
Department 140 - GEORGIA CRIME INFORMATION CENTER COUNCIL
Chapter 140-2 - PRACTICE AND PROCEDURE
Rule 140-2-.02 - Security Policy for Criminal Justice Information

Universal Citation: GA Rules and Regs r 140-2-.02

Current through Rules and Regulations filed through September 23, 2024

(1) Handling procedures.

(a) Secret data (as defined in Rule 140-1-.02(2)(c)3.):
1. When not in use it shall be stored in locking, fire-resistant vaults or safes. Computer programs and data files should be backed-up on electronic media and secured in a location separate from the building in which the computer system is located.

2. Areas where the information is processed and handled shall be restricted to authorized personnel in the performance of official duties.

3. The information shall be under the absolute control of criminal justice agencies with access regulated by agency heads or their designees.

4. A log or other record shall be maintained when information is removed from, or returned to the physically secured storage defined above in paragraph (1)(a)1.

(b) CHRI, as defined in Rule 140-1-.02(2)(c)1., shall be:
1. Stored in a secure location when not under the control of authorized criminal justice agency employees.

2. Processed in areas restricted to authorized personnel in the performance of official duties.

3. Under the absolute control of criminal justice agencies except as exempted by these Rules.

(c) Restricted and Sensitive data, as defined in Rule 140-1-.02(2)(c)2. and 4., shall be used and stored in a controlled access area.

(2) Secret information, CHRI or restricted information is a "Secret of State", which is required by State policy, the interest of the community and the right of privacy of the citizens of this State to be confidential. Such information shall not be divulged except as permitted by Georgia law and these Rules. Criminal justice agencies must destroy documents containing secret information, CHRI or restricted information no longer required for operations in a manner precluding access to the information by unauthorized persons.

(3) Criminal justice agencies shall disseminate CHRI only to agencies or persons requiring such information to perform duties serving the administration of criminal justice or as otherwise provided by statute, executive order or these Rules. Under no circumstances will CHRI be transmitted via the CJIS network to devices not authorized to access such information, which may exist in the GCIC computerized files, FBI Interstate Identification Index (III) or computerized files maintained in other states.

(4) Local agency heads shall provide the GCIC Director with written notification of security policy violations for criminal justice information committed by employees of their agencies or agencies over which they exercise management control.

(5) The Director shall establish an information security structure that provides for an ISO. The Director shall also ensure that each local agency having access to the CJIS network designates a LASO.

O.C.G.A. Secs. 35-3-30, 35-3-32, 28 CFR 20.21, FBI CJIS Security Policy.

Disclaimer: These regulations may not be the most recent version. Georgia may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.