Section 78-10-010 - Responsibilities of an Authorized AgencyThe Authorized Agency head or designee will ensure all authorized users attend the NCJIS User training and appoint an agency administrator who will attend the NCJIS Administrator training.
010.01 Authorized Agencies are responsible for deactivating an Authorized Users account immediately upon an Authorized Users:010.01A Departure (transfer, termination, resignation, or retirement) from the agency.010.01B Administrative leave from the agency which results in loss of agency privileges, identification credentials, or departmental weapon or when the administrative leave will exceed six months.010.01C Arrest, charge, or conviction of a criminal violation or offense in any jurisdiction immediately upon receiving notification of the same.010.01D Upon notification or discovery of any arrest, charge, or conviction of a criminal violation or offense in any jurisdiction, the Authorized Agency head or Administrator is to notify the Executive Director of the Commission. A notice of denial will include the following:010.01D1 Name of Authorized User who was suspended; and010.01D2 Date of the arrest, conviction, or violation.010.01E Upon discovery of an Authorized User's Improper Access or Breach, the Authorized Agency head or Administrator is to notify the NCJIS Project Manager. A notice of Improper Access or Breach will include the following:010.01E1 Name of Authorized User;010.01E2 Date/Dates of Improper Access or Breach;010.01E3 Data Source of Improper Access or Breach010.01E4 Reason for deactivating; and010.01E5 Date of Discovery.010.02 Authorized Agencies are required to follow the Records Retention and Destruction that govern the disposal of PCH and NCIC files as specified in the CJIS Security Policy. Whether the information is in a physical form (printout) or an electronic form (hard drive, flash drive, etc.) the information must be disposed of in such a way that unauthorized people cannot retrieve it. For most agencies, this means ensuring printed information is shredded onsite by the user. Information retrieved via NCJIS is highly confidential and is to be afforded security to prevent unauthorized access to or use of that data. To prevent the misuse or improper dissemination of information, any printed information must be immediately destroyed after its intended use. Documents stored in electronic form (hard drive, flash drive, etc.) must be disposed of in such a way that unauthorized people cannot retrieve it. Under no circumstances should printed information be maintained in any agency files or records, including, without limitation, in personnel files.010.03 Printed information is destroyed by shredding as follows: 010.03A In-state information, including NCJIS information, may be shredded onsite or delivered to an approved shredding vendor. Regardless of who destroys the records, they must follow the destruction protocols used by the U.S. Department of Justice, Federal Bureau of Investigation (FBI) Criminal Justice Information Services (CJIS) Security Policy at § 5.8 (Media Protection).010.03B Patrol Criminal History must be shredded onsite and witnessed or carried out by authorized personnel. Paper shredding service providers are prohibited from shredding printed information offsite, but may conduct agency supervised onsite shredding. Regardless of who destroys the records, they must follow the destruction protocols used by U.S. Department of Justice, Federal Bureau of Investigation (FBI) Criminal Justice Information Services (CJIS) Security Policy at § 5.8 (Media Protection).010.04 Electronic Information is destroyed as follows: 010.04A The agency will sanitize, that is, overwrite at least three times or degauss electronic media prior to disposal or release for reuse by unauthorized individuals. Inoperable electronic media is destroyed (cut up, shredded, etc.). The agency will maintain written documentation of the steps taken to sanitize or destroy electronic media. Agencies are to ensure the sanitization or destruction is witnessed or carried out by authorized personnel and follow the destruction protocols used by the U.S. Department of Justice, Federal Bureau of Investigation (FBI) Criminal Justice Information Services (CJIS) Security Policy at § 5.8 (Media Protection).010.05 Authorized Agencies must maintain secondary dissemination logs consistent with the U.S. Department of Justice, Federal Bureau of Investigation (FBI), and the Criminal Justice Information Services (CJIS) security policy.010.06 User Access to NCJIS - To determine if a user credential should be granted to an individual, the Agency Head or Administrator considers whether the individual has any of the following: 010.06A Been charged with or convicted of a criminal offense;010.06B An active warrant or capias;010.06C An active Protection from Abuse Order or Protection Order entered against him/he;010.06D Intentionally falsified any official record;010.06E Improperly accessed NCJIS previously; or010.06F Engaged in any other activity that could endanger the security, privacy, or integrity of NCJIS.010.07 Disclosure of Familial Relationships. All Authorized Agencies will immediately report familial relationships within their agency administration to the NCJIS Project Manager.78 Neb. Admin. Code, ch. 10, § 010
Adopted effective 12/8/2020Amended effective 11/13/2021