Current through Register 1531, September 27, 2024
(1) DCJIS may grant
non-criminal justice agencies access to Criminal History Record Information
(CHRI) in accordance with state and federal laws and regulations.
(2) In order to access CHRI in accordance
with applicable law, the non-criminal justice agency head shall be responsible
for the following:
(a) executing a
Non-criminal Justice Agency User Agreement with DCJIS;
(b) submitting requests for, reviewing, and
disseminating CHRI results only as authorized by law;
(c) executing and providing DCJIS with an
employee designation form for each employee with direct access to the DCJIS
system used to obtain CHRI;
(d)
ensuring that all employees with direct access to the DCJIS system used to
obtain CHRI have been fingerprinted and have had a complete background
investigation in accordance with the latest version of the CSP;
(e) designating a local agency security
officer (LASO);
(f) ensuring that
all employees with access to CHRI have completed an Individual Agreement of
Non-disclosure (AOND) form;
(g)
ensuring that all employees with access to CHRI have completed
training;
(h) responding to audit
questionnaires, complaints, and any other inquiries from DCJIS or from the FBI
within the time period specified by DCJIS or the FBI;
(i) reporting to DCJIS as soon as possible
any misuse of CHRI or CJIS, including improper access to or improper
dissemination CHRI or other information contained within or obtained through
CJIS;
(j) providing to DCJIS or the
FBI the results of any investigation into the misuse of CHRI or CJIS or any
system or source to which DCJIS provides access;
(k) ensuring that the agency adheres to all
DCJIS and FBI policies and procedures, including the CSP;
(l) notifying DCJIS as soon as practicable of
any changes in contact information for the agency, including the agency head,
local agency security officer, and any employees authorized to access DCJIS
systems; and
(m) ensuring
compliance with all state and federal laws, regulations, and policies related
to CHRI, CJIS, and/or any other system or source to which DCJIS provides
access.
(3) The local
agency security officer shall be responsible for the following:
(a) completing the fingerprint-based criminal
history background investigation, training, and AOND form;
(b) submitting requests for, reviewing, and
disseminating CHRI results only as authorized by law;
(c) ensuring compliance with security
procedures related to CHRI and DCJIS systems;
(d) coordinating and reporting all personnel
security clearance requests and any subsequent criminal history activity
relating to an approved employee to the DCJIS CJIS Systems Officer (CSO) within
five business days;
(e) notifying
the DCJIS Information Security Officer (ISO) of any and all security incidents
within 48 hours of the discovery of the incident.
(f) responding to audit questionnaires,
complaints, and any other inquiries from DCJIS or from the FBI within the time
period specified by DCJIS or the FBI;
(g) reporting to DCJIS as soon as possible
any misuse of CHRI or CJIS, including improper access to or improper
dissemination CHRI or other information contained within or obtained through
CJIS;
(h) providing to DCJIS or the
FBI the results of any investigations into the misuse of CHRI or CJIS or any
system or source to which DCJIS provides access;
(i) ensuring that the agency adheres to all
DCJIS and FBI policies and procedures, including the CSP;
(j) notifying DCJIS as soon as practicable of
any changes in contact information for the agency, including the agency head,
local agency security officer, and any employees authorized to access DCJIS
systems;
(k) keeping user codes and
passwords used to access CHRI confidential; and
(l) ensuring compliance with all state and
federal laws, regulations, and policies related to CHRI, CJIS, and/or any other
system or source to which DCJIS provides access.
(4) Employees and other personnel designated
by their agency head to access CHRI shall be responsible for the following:
(a) completing the fingerprint-based criminal
background investigation (employees with direct access to DCJIS systems and
CHRI only);
(b) completing the AOND
form and training requirements;
(c)
submitting requests for, reviewing, and disseminating CHRI results only as
authorized by law;
(d) reporting
any of their own subsequent criminal history to the LASO within five
days;
(e) reporting to the LASO as
soon as possible any misuse of CHRI or CJIS, including improper access to or
improper dissemination CHRI or other information contained within or obtained
through CJIS;
(f) keeping user
codes and passwords used to access CHRI confidential;
(g) notifying DCJIS as soon as practicable of
any changes in contact information; and
(h) ensuring compliance with all state and
federal laws, regulations, and policies related to CHRI, CJIS, and/or any other
system or source to which DCJIS provides access.
(5) CHRI shall not be disseminated except in
accordance with the law that provides the non-criminal justice agency with
access to CHRI. Whenever CHRI is disseminated, the non-criminal justice agency
shall record it in a secondary dissemination log that it shall maintain. The
log will record the following information for each dissemination:
(a) the subject's name;
(b) the subject's date of birth;
(c) the date and time of
dissemination;
(d) the name of the
person to whom the CHRI was disseminated along with the name of the
organization for which the person works; and
(e) the specific reason for
dissemination.
(6) Each
entry in the secondary dissemination log will be maintained for a minimum of
one year.
(7) Non-criminal justice
agencies that make an adverse decision against an individual, which decision is
based in any part on the individual's CHRI, shall first provide the individual
with information on how to change, correct, or update the individual's criminal
records in accordance with 28 CFR §
16.34.
(8) Paper copies of CHRI shall be stored in
locked file cabinets and shall not be left unattended.
(9) Electronic copies of CHRI shall be stored
in accordance with the provisions of the latest version of the CSP.
(10) CHRI shall only be disposed of in a
secure manner. Physical media shall be cross-shredded and/or burned, and
electronic records shall be deleted and repeatedly over-written with random 0s
and 1s, or the media shall be degaussed.