Code of Massachusetts Regulations
803 CMR - DEPARTMENT OF CRIMINAL JUSTICE INFORMATION SERVICES
Title 803 CMR 7.00 - Criminal Justice Information System (CJIS)
Section 7.12 - Access to Criminal History Record Information by Non-criminal Justice Agencies

Universal Citation: 803 MA Code of Regs 803.7

Current through Register 1531, September 27, 2024

(1) DCJIS may grant non-criminal justice agencies access to Criminal History Record Information (CHRI) in accordance with state and federal laws and regulations.

(2) In order to access CHRI in accordance with applicable law, the non-criminal justice agency head shall be responsible for the following:

(a) executing a Non-criminal Justice Agency User Agreement with DCJIS;

(b) submitting requests for, reviewing, and disseminating CHRI results only as authorized by law;

(c) executing and providing DCJIS with an employee designation form for each employee with direct access to the DCJIS system used to obtain CHRI;

(d) ensuring that all employees with direct access to the DCJIS system used to obtain CHRI have been fingerprinted and have had a complete background investigation in accordance with the latest version of the CSP;

(e) designating a local agency security officer (LASO);

(f) ensuring that all employees with access to CHRI have completed an Individual Agreement of Non-disclosure (AOND) form;

(g) ensuring that all employees with access to CHRI have completed training;

(h) responding to audit questionnaires, complaints, and any other inquiries from DCJIS or from the FBI within the time period specified by DCJIS or the FBI;

(i) reporting to DCJIS as soon as possible any misuse of CHRI or CJIS, including improper access to or improper dissemination CHRI or other information contained within or obtained through CJIS;

(j) providing to DCJIS or the FBI the results of any investigation into the misuse of CHRI or CJIS or any system or source to which DCJIS provides access;

(k) ensuring that the agency adheres to all DCJIS and FBI policies and procedures, including the CSP;

(l) notifying DCJIS as soon as practicable of any changes in contact information for the agency, including the agency head, local agency security officer, and any employees authorized to access DCJIS systems; and

(m) ensuring compliance with all state and federal laws, regulations, and policies related to CHRI, CJIS, and/or any other system or source to which DCJIS provides access.

(3) The local agency security officer shall be responsible for the following:

(a) completing the fingerprint-based criminal history background investigation, training, and AOND form;

(b) submitting requests for, reviewing, and disseminating CHRI results only as authorized by law;

(c) ensuring compliance with security procedures related to CHRI and DCJIS systems;

(d) coordinating and reporting all personnel security clearance requests and any subsequent criminal history activity relating to an approved employee to the DCJIS CJIS Systems Officer (CSO) within five business days;

(e) notifying the DCJIS Information Security Officer (ISO) of any and all security incidents within 48 hours of the discovery of the incident.

(f) responding to audit questionnaires, complaints, and any other inquiries from DCJIS or from the FBI within the time period specified by DCJIS or the FBI;

(g) reporting to DCJIS as soon as possible any misuse of CHRI or CJIS, including improper access to or improper dissemination CHRI or other information contained within or obtained through CJIS;

(h) providing to DCJIS or the FBI the results of any investigations into the misuse of CHRI or CJIS or any system or source to which DCJIS provides access;

(i) ensuring that the agency adheres to all DCJIS and FBI policies and procedures, including the CSP;

(j) notifying DCJIS as soon as practicable of any changes in contact information for the agency, including the agency head, local agency security officer, and any employees authorized to access DCJIS systems;

(k) keeping user codes and passwords used to access CHRI confidential; and

(l) ensuring compliance with all state and federal laws, regulations, and policies related to CHRI, CJIS, and/or any other system or source to which DCJIS provides access.

(4) Employees and other personnel designated by their agency head to access CHRI shall be responsible for the following:

(a) completing the fingerprint-based criminal background investigation (employees with direct access to DCJIS systems and CHRI only);

(b) completing the AOND form and training requirements;

(c) submitting requests for, reviewing, and disseminating CHRI results only as authorized by law;

(d) reporting any of their own subsequent criminal history to the LASO within five days;

(e) reporting to the LASO as soon as possible any misuse of CHRI or CJIS, including improper access to or improper dissemination CHRI or other information contained within or obtained through CJIS;

(f) keeping user codes and passwords used to access CHRI confidential;

(g) notifying DCJIS as soon as practicable of any changes in contact information; and

(h) ensuring compliance with all state and federal laws, regulations, and policies related to CHRI, CJIS, and/or any other system or source to which DCJIS provides access.

(5) CHRI shall not be disseminated except in accordance with the law that provides the non-criminal justice agency with access to CHRI. Whenever CHRI is disseminated, the non-criminal justice agency shall record it in a secondary dissemination log that it shall maintain. The log will record the following information for each dissemination:

(a) the subject's name;

(b) the subject's date of birth;

(c) the date and time of dissemination;

(d) the name of the person to whom the CHRI was disseminated along with the name of the organization for which the person works; and

(e) the specific reason for dissemination.

(6) Each entry in the secondary dissemination log will be maintained for a minimum of one year.

(7) Non-criminal justice agencies that make an adverse decision against an individual, which decision is based in any part on the individual's CHRI, shall first provide the individual with information on how to change, correct, or update the individual's criminal records in accordance with 28 CFR § 16.34.

(8) Paper copies of CHRI shall be stored in locked file cabinets and shall not be left unattended.

(9) Electronic copies of CHRI shall be stored in accordance with the provisions of the latest version of the CSP.

(10) CHRI shall only be disposed of in a secure manner. Physical media shall be cross-shredded and/or burned, and electronic records shall be deleted and repeatedly over-written with random 0s and 1s, or the media shall be degaussed.

Disclaimer: These regulations may not be the most recent version. Massachusetts may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.