Laserfiche WebLink
<br />unintentional damage. A record indicating who has been given information, the <br />reason for release of the information, and the date of each dissemination outside <br />the project shall be kept. Information shall be labeled to indicate levels of <br />sensitivity, levels of confidence, and the identity of submitting agencies and <br />control officials. Each project must establish written definitions for the need to <br />know and right to know standards for dissemination to other agencies as <br />provided in paragraph (e) of this section. The project is responsible for <br />establishing the existence of an inquirer's need to know and right to know the <br />information being requested either through inquiry or by delegation of this <br />responsibility to a properly trained participating agency which is subject to routine <br />inspection and audit procedures established by the project. Each intelligence <br />project shall assure that the following security requirements are implemented: <br /> <br />(1 ) Where appropriate, projects must adopt effective and technologically <br />advanced computer software and hardware designs to prevent unauthorized <br />access to the information contained in the system; <br /> <br />(2) The project must restrict access to its facilities, operating environment and <br />documentation to organizations and personnel authorized by the project; (3) The <br />project must store information in the system in a manner such that it cannot be <br />modified, destroyed, accessed, or purged without authorization; (4) The project <br />must institute procedures to protect criminal intelligence information from <br />unauthorized access, theft, sabotage, fire, flood, or other natural or man made <br />disaster; (5) The project must promulgate rules and regulations based on good <br />cause for implementing its authority to screen, reject for employment, transfer, or <br />remove personnel authorized to have direct access to the system; and (6) A <br />project may authorize and utilize remote (off-premises) system data bases to the <br />extent that they comply with these security requirements. <br /> <br />(h) All projects shall adopt procedures to assure that all information which is <br />retained by a project has relevancy and importance. Such procedures shall <br />provide for the periodic review of information and the destruction of any <br />information which is misleading, obsolete or otherwise unreliable and shall <br />require that any recipient agencies be advised of such changes which involve <br />errors or corrections. All information retained as a result of this review must <br />reflect the name of the reviewer, date of review and explanation of decision to <br />retain. Information retained in the system must be reviewed and validated for <br />continuing compliance with system submission criteria before the expiration of its <br />retention period, which in no event shall be longer than five (5) years. (i) If funds <br />awarded under the Act are used to support the operation of an intelligence <br />system, then: <br /> <br />(1) No project shall make direct remote terminal access to intelligence <br />information available to system participants, except as specifically approved by <br />the Office of Justice Programs (OJP) based on a determination that the system <br />has adequate policies and procedures in place to insure that it is accessible only <br />to authorized systems users; and (2) A project shall undertake no major <br />modifications to system design without prior grantor agency approval. <br /> <br />WEISS West Bay Region Node MOU Agreement <br /> <br />Page 42 of 48 <br />