Laserfiche WebLink
<br />project from liability for disseminating illegally obtained information. A clear <br />project policy that prohibits the submission of illegally obtained information, <br />coupled with an examination of supporting information to determine that the <br />information was obtained legally or the delegation of such authority to a properly <br />trained participating agency, and the establishment and performance of routine <br />inspection and audit of participating agency records, should be sufficient to shield <br />a project from potential liability based on negligence in the performance of its <br />intelligence information screening function. OPERATING PRINCIPLES - <br />SECTION 23.20(h) Comment: One commentor requested clarification of the <br />"periodic review" requirement in Section 23.20(h) and what constitutes an <br />"explanation of decision to retain" information. <br /> <br />Response: The periodic review requirement is designed to insure that system <br />information is accurate and as up-to-date as reasonably possible. When a review <br />has occurred, the record is appropriately updated and notated. The explanation <br />of decision to retain can be a variety of reasons including "active investigation", <br />"preliminary review in progress", "subject believed still active in jurisdiction", and <br />the like. When information that has been reviewed or updated and a <br />determination made that it continues to meet system submission criteria, the <br />information has been "validated" and begins a new retention period. The <br />regulation limits the retention period to a maximum of five years without a review <br />and validation of the information. OPERATING PRINCIPLES - SECTION 23.20(i) <br />Comment: One commentor requested a definition of "remote terminal" and asked <br />how OJP would determine whether "adequate policies and procedures" are in <br />place to insure the continued integrity of a criminal intelligence system. <br />Response: A "remote terminal" is hardware that enables a participating agency to <br />input into or access information from a project's criminal intelligence data base <br />without the intervention of project staff. While the security requirements set forth <br />in Section 23.20(g)(1 )-(5) should minimize the threat to system integrity from <br />unauthorized access to and the use of system information, special measures are <br />called for when direct remote terminal access is authorized. The Office of Justice <br />Programs will expect any request for approval of remote terminal access to <br />include information on the following system protection measures: 1. Procedures <br />for identification of authorized remote terminals and security of terminals; 2. <br />Authorized access officer (remote terminal operator) identification and verification <br />procedures; 3. Provisions for the levels of dissemination of information as <br />directed by the submitting agency; 4. Provisions for the rejection of submissions <br />unless critical data fields are completed; 5. Technological safeguards on system <br />access, use, dissemination, and review and purge; 6. Physical security of the <br />system; <br /> <br />- 12- <br /> <br />7. Training and certification of system-participating agency personnel; 8. <br />Provisions for the audit of system-participating agencies, to include: file data <br />supporting submissions to the system; security of access terminals; and policy <br />and procedure compliance; and 9. Documentation for audit trails of the entire <br />system operation. Moreover, a waiver provision has been added to ensure <br /> <br />WBISS West Bay Region Node MOU Agreement <br /> <br />Page 37 of 48 <br />