78 Neb. Admin. Code, ch. 10, § 010

Nebraska Administrative Code

Section: 78-10-010

Jurisdiction: NE

Bluebook Citation: 78 Neb. Admin. Code, ch. 10, § 010

010 Responsibilities of an Authorized Agency. The Authorized Agency head or designee will ensure all authorized users attend the NCJIS User training and appoint an agency administrator who will attend the NCJIS Administrator training. 010.01 Authorized Agencies are responsible for deactivating an Authorized Users account immediately upon an Authorized Users: 010.01A Departure (transfer, termination, resignation, or retirement) from the agency. 010.01B Administrative leave from the agency which results in loss of agency privileges, identification credentials, departmental weapon or when the administrative leave will exceed six months. 010.01C Arrest, charge, or conviction of a criminal violation or offense in any jurisdiction immediately upon receiving notification of the same. 010.02 Upon notification or discovery of any arrest, charge, or conviction of a criminal violation or offense in any jurisdiction, the Authorized Agency head or Administrator is to notify the Executive Director of the Commission. This notice of denial will include the following information: 010.02A Name of Authorized User who was suspended; and 010.02B Date of the arrest, conviction, or violation. 010.03 Upon discovery of an Authorized User’s Improper Access or Breach, the Authorized Agency head or Administrator is to notify the NCJIS Project Manager. A notice of Improper Access or Breach will include the following: 010.03A Name of Authorized User; 010.03B Date/Dates of Improper Access or Breach; 010.03C Data Source of Improper Access or Breach 010.03D Reason for deactivating; and 010.03E Date of Discovery. 010.04 Authorized Agencies are required to follow the Records Retention and Destruction Policy that govern the disposal of PCH and NCIC files as specified in the CJIS Security Policy. Whether the information is in a physical form (printout) or an electronic form (hard drive, flash drive, etc.) the information must be disposed of in such a way that unauthorized people cannot retrieve it. For most agencies, this means ensuring printed information is shredded onsite by the user. Information retrieved via NCJIS is highly confidential and is to be afforded security to prevent unauthorized access to or use of that data. To prevent the misuse or improper dissemination of information, any printed information must be immediately destroyed after its intended use. Documents stored in electronic form (hard drive, flash drive, etc.) must be disposed of in such a way that unauthorized people cannot retrieve it. Under no circumstances should printed information be maintained in any agency files or records, including, without limitation, in personnel files. 010.05 Printed information is destroyed by shredding as follows: 010.05A In-state information, including NCJIS information, may be shredded onsite or delivered to an approved shredding vendor. Regardless of who destroys the records, they must follow the destruction protocols used by the U.S. Department of Justice, Federal Bureau of Investigation (FBI) Criminal Justice Information Services (CJIS) Security Policy at §5.8 (Media Protection). 010.05B Patrol Criminal History must be shredded onsite and witnessed or carried out by authorized personnel. Paper shredding service providers are prohibited from shredding printed information offsite, but may conduct agency supervised onsite shredding. Regardless of who destroys the records, they must follow the destruction protocols used by U.S. Department of Justice, Federal Bureau of Investigation (FBI) Criminal Justice Information Services (CJIS) Security Policy at §5.8 (Media Protection). 010.06 Electronic Information is destroyed as follows: 010.06A The agency will sanitize, that is, overwrite at least three times or degauss electronic media prior to disposal or release for reuse by unauthorized individuals. Inoperable electronic media must be destroyed (cut up, shredded, etc.). The agency will maintain written documentation of the steps taken to sanitize or destroy electronic media. Agencies are to ensure the sanitization or destruction is witnessed or carried out by authorized personnel and follow the destruction protocols used by the U.S. Department of Justice, Federal Bureau of Investigation (FBI) Criminal Justice Information Services (CJIS) Security Policy at §5.8 (Media Protection). 010.07 Authorized Agencies must maintain secondary dissemination logs consistent with the U.S. Department of Justice, Federal Bureau of Investigation (FBI), and the Criminal Justice Information Services (CJIS) security policy. 010.08 User Access to NCJIS – To determine if a user credential should be granted to an individual, the Agency Head or Administrator will consider whether the individual has any of the following: 010.08A Been charged with or convicted of a criminal offense; 010.08B An active warrant or capias; 010.08C An active Protection from Abuse Order or Protection Order entered against him/he; 010.08D Intentionally falsified any official record; 010.08E Improperly accessed NCJIS previously; or 010.08F Engaged in any other activity that could endanger the security, privacy, or integrity of NCJIS. 010.09 Disclosure of Familial Relationships. All Authorized Agencies will immediately report familial relationships within their agency administration to the NCJIS Project Manager.

Chat with this regulation using AI

Ask CiteLaw's AI Navigator anything about this regulation, verify citations, and research related authorities. Sign up for CiteLaw free today to get started.