651-F:5 Intelligence Functions of the Center. –
I. Each participating agency, as a condition of access to the center, shall comply with the requirements of this chapter governing the collection, analysis, evaluation, maintenance, sharing, and expunging of information and data included as part of the inter-jurisdictional system.
II. Nothing in this chapter shall prevent the center from gathering and disseminating non-criminal data such as traffic crash information, weather information, and other data and information relevant and useful to the non-criminal deployment of public safety resources; provided however, that the center shall not receive, obtain, use, or retain any personally identifiable data in connection with such activities other than that publicly available for individuals licensed by the state to engage in certain occupations and professions that may be needed to respond to emergencies, and contact data regarding persons in charge of or responsible for responding to incidents at critical infrastructure sites.
III. Except as provided in paragraph II, the center may collect, use, or retain personally identifiable data as part of criminal intelligence information only.
IV. The operations and policies of criminal intelligence systems in this state shall be no less stringent than those established by the United States Department of Justice in 28 C.F.R. part 23. To the extent that, in this chapter or elsewhere, the state provides greater protection of civil rights and personal privacy than applicable federal law, state law shall take precedence.
V. Criminal intelligence data may be shared on a case-by-case basis only with law enforcement, homeland security, or counter-terrorism agencies for detective, investigative, preventive, anti-terrorism, or intelligence activity only when the information is within the law enforcement or investigative jurisdiction of the receiving agency, or may assist in preventing a crime.
VI. Criminal intelligence data may be shared with officials charged with monitoring or auditing the system's compliance with this chapter and any rules or policies adopted to implement this chapter.
VII. Except as provided elsewhere in this chapter, the information and analysis center shall share criminal intelligence data only with agencies qualified to receive this information and data under this chapter and that have procedures in place regarding information and data receipt, maintenance, security, dissemination, and expunging that are consistent with constitutional and civil liberties safeguards set forth in this chapter, unless determined to be reasonably necessary to prevent impending danger to life or property.
(a) The center shall collect and maintain criminal intelligence information concerning an individual only if there is a reasonable suspicion that the individual is involved in criminal conduct or activity, or terrorist activity, and the information is directly relevant to that conduct or activity.
(b) The center shall not collect or maintain criminal intelligence information about the political, religious, or social views, associations, or activities of any individual or group, association, corporation, business, partnership, or other organization unless such information relates directly to criminal or terrorist conduct or activity and there is reasonable suspicion that the subject of the information is or may be involved in criminal or terrorist conduct or activity.
(c) If the information is received from an inter-jurisdictional source, the center is responsible for establishing that no information is entered in violation of federal or state laws, either through examination of supporting information submitted by a participating agency or by inspection and audit procedures established by the center.
(d) The center or authorized recipient of information shall disseminate criminal or terrorist intelligence only when there is a need to know and a right to know the information in the performance of a law enforcement or anti-terrorism activity. The center shall disseminate criminal intelligence information only to law enforcement authorities who shall agree to follow procedures of the center regarding information receipt, maintenance, security, and dissemination which are consistent with 28 C.F.R. part 23 or state law where state law provides greater protection of civil rights and personal privacy. This paragraph shall not limit the dissemination of an assessment of criminal intelligence information to a government official or other individual under circumstances where such dissemination is necessary to avoid imminent danger to life or property.
VIII. The information and analysis center shall implement administrative, technical, and physical safeguards to protect against unauthorized access, improper use or retention of personally identifiable data, and intentional or unintentional damage. A record indicating to whom information has been disseminated, the reason for the release of the information, and the date of each dissemination outside the center shall be kept and clearly labeled to indicate the levels of sensitivity, levels of confidence, and the identity of the submitting agency or agencies and controlling officials.
IX. The information and analysis center shall establish written definitions for the need to know and the right to know standards for dissemination to other agencies as provided in subparagraph VII(d) and shall be responsible for establishing the existence of the requester's need to know and right to know the information requested, either through inquiry or by delegation of this responsibility to a properly trained participating agency that is subject to routine audit and inspection procedures established by the center.
X. Criminal intelligence information including personally identifiable data retained in the criminal intelligence system shall be reviewed and validated for continuing compliance with system submission criteria before the expiration of the information's retention period, which in no event shall be longer than 5 years. After the initial 5 years, the retention period may be extended in one-year increments subject to annual review, if the state police commander of the center believes that there is a reasonable possibility of ongoing criminal activity sufficient to retain the information for the additional time. The commander shall annually submit to the assistant commissioner of the department of safety a listing of files that are being retained beyond the 5-year period.
XI. The information and analysis center shall implement security policies and procedures to ensure that remote access to intelligence information and personally identifiable data is available only to authorized system users and only on a case-by-case basis.
XII. The commissioner of the department of safety or a designee with general policy making authority who has been designated with such control by the commissioner, and who has certified in writing that he or she takes full responsibility for the system's compliance with the provisions of this chapter shall have control and supervision of information and collection by the information and analysis center.