Confidentiality of Criminal History Record ... - DocumentCloud
Confidentiality of Criminal History Record Information for eJusticeNY Users
Sean M. Byrne, Actiing Commissioner, DCJS NYS Division of Criminal Justice Services 4 Tower Place, Albany, NY 12203
Overview: • NYS Executive Law requires DCJS to “adopt appropriate security measures to assure the security and privacy of identification information data.”
2
1
Purpose of Training • To increase staff awareness of the proper use and dissemination of CHRI, fingerprint data, or any other confidential information. • To make staff aware that violations of DCJS policies or any applicable laws may result in disciplinary action, termination of employment, and/or criminal prosecution.
3
Rationale of Confidentiality Policy Concerns Related To: • Privacy Issues • Identity Theft • Compromising Law Enforcement and Prosecutorial Capabilities 4
2
Criminal History Record Information (CHRI) CHRI is information collected by criminal justice agencies on individuals consisting of: • Identifiable descriptions (name, DOB, etc) • Notations of arrests • Detentions • Indictments • Criminal charges • Dispositions arising from court cases • Detention information • Correctional, supervision, and release information 5
• Employees with access to CHRI, in the performance of their duties, must adhere to DCJS policy and procedure, as well as any policies/procedures the agency puts in place. • Final responsibility for maintaining the security and confidentiality of CHRI rests with the individuals accessing and utilizing this information. 6
3
An eJusticeNY User may only: • Examine a criminal history record or any other confidential information when they are required to do so in the course of their official duties and responsibilities.
7
eJusticeNY Users may only: • Remove official documents or copies of such documents from the premises if they are acting within the scope of their assigned duties or receive specific authorization to do so from their supervisor.
8
4
eJusticeNY Users shall not: • Discuss the contents of any confidential records, including criminal history records, or otherwise disclose personal information on persons in the Division’s files or data banks with anyone unless the employee is authorized to do so and is acting within the scope of his/her official duties.
9
eJusticeNY Overview 1. When running Criminal History Record Information (CHRI), enter all appropriate information such as reason code, case number, comments, and inquiry number. 2. It is not acceptable to run any other names, records, or persons, outside the scope of official duties. 3. Running a test record is an appropriate and approved method of running CHRI. 10
5
Test Records Are Available for users: NYSID 5870633R
Name Sam Sample
11
12
6
13
Consequences for Access Misuse of CHRI:
NYS PENAL LAW • • • • • • • •
Unauthorized Use of a Computer – “A” misdemeanor, PL 156.05 Computer Trespass – “E” Felony, PL 156.10 Computer Tampering 4th Degree – “A” misdemeanor, PL 156.20 Computer Tampering 3rd Degree – “E” Felony, PL 156.25 Criminal Possession of Computer Related Material – “E” Felony, PL 156.35 Tampering with Public Records 2nd Degree – “A” misdemeanor, PL 175.20 Tampering with Public Records 1st Degree – “D” Felony, PL 175.25 Unlawful Possession of Personal Identification Information – “A” misdemeanor, PL 190.81 • Official Misconduct – “A” misdemeanor, PL 195.00
14
7
Consequences for Access Misuse of CHRI:
A violation of similar federal laws may subject any person to a fine up to $10,000.
15
Consequences for Access Misuse of CHRI Information Security Breach and Notification Act: The User Agency may also be required to notify the following when information has been compromised: • • • •
Individual New York State Attorney General’s Office New York State Consumer Protection Board Cyber Security & Critical Infrastructure Coordination (CSCIC)
16
8
Consequences for Access Misuse of CHRI Adverse consequences of the Information Security Breach and Notification Act: • Having to notify the individual and other state agencies dames the agency’s reputation. • Places a burden upon the agency of having to conduct the notifications (difficulties in locating the individual). 17
Consequences for Access Misuse of CHRI Notify the following after information has been compromised: • NYS Attorney General – [email protected] • NYS Consumer Protection Board – [email protected] • NYS CSCIC – [email protected] 18
9
eJusticeNY User Security Issues • The most proactive security measure, particularly in a PC based application, is a user who safeguards the confidentiality of their password and closes eJusticeNY promptly when completing their assigned task or leaving their work station.
19
eJusticeNY User Security Issues • A user must never leave their PC unattended while connected to eJusticeNY. • Leaving your PC unattended while connected to eJusticeNY could allow another person to make a CHRI inquiry under your user ID and password. • Your User ID, your password and your unattended PC = your responsibility. 20
10
eJusticeNY User Security Issues • The use of another person’s user ID and password is a violation of National Crime Information Center (NCIC) and DCJS policy, and is prohibited. • eJusticeNY users must never discuss CHRI or disclose the existence of CHRI to anyone, NOT even co-workers, except as authorized by law and as necessary to carry out official agency business. 21
eJusticeNY User Security Issues • CHRI must be stored in secure locations to prevent any unauthorized access to or use of the data. • Discard all CHRI information or any other confidential information in “Sensitive Scrap” bins or receptacles designated for shredding or appropriate disposal. DO NOT discard in everyday trash. 22
11
eJusticeNY User Security Issues • The use of another person’s user ID and password is a violation and is prohibited. • eJusticeNY users must never discuss or disclose the existence of CHRI, except as authorized and as necessary to carry out official agency business.
23
Role of NYS DCJS Audit & Compliance: 1. Conducts
routine reviews of staff access and use of CHRI. 2. Monitors eJusticeNY audit logs, identifies and investigates questionable searches. 3. Investigates reported misuse of CHRI by User agency staff. 4. Suspected abuse should be reported via email to: [email protected] 24
12
When in Doubt: If there is ever a question on the proper use and dissemination of criminal history or confidential information you can always: • See your Terminal Agency Coordinator (TAC). • Contact the Office of Internal Audit & Compliance at dcjs.sm.internal.audit
25
Code: DCJS01490
26
13
Sean M. Byrne, Actiing Commissioner, DCJS NYS Division of Criminal Justice Services 4 Tower Place, Albany, NY 12203
Overview: • NYS Executive Law requires DCJS to “adopt appropriate security measures to assure the security and privacy of identification information data.”
2
1
Purpose of Training • To increase staff awareness of the proper use and dissemination of CHRI, fingerprint data, or any other confidential information. • To make staff aware that violations of DCJS policies or any applicable laws may result in disciplinary action, termination of employment, and/or criminal prosecution.
3
Rationale of Confidentiality Policy Concerns Related To: • Privacy Issues • Identity Theft • Compromising Law Enforcement and Prosecutorial Capabilities 4
2
Criminal History Record Information (CHRI) CHRI is information collected by criminal justice agencies on individuals consisting of: • Identifiable descriptions (name, DOB, etc) • Notations of arrests • Detentions • Indictments • Criminal charges • Dispositions arising from court cases • Detention information • Correctional, supervision, and release information 5
• Employees with access to CHRI, in the performance of their duties, must adhere to DCJS policy and procedure, as well as any policies/procedures the agency puts in place. • Final responsibility for maintaining the security and confidentiality of CHRI rests with the individuals accessing and utilizing this information. 6
3
An eJusticeNY User may only: • Examine a criminal history record or any other confidential information when they are required to do so in the course of their official duties and responsibilities.
7
eJusticeNY Users may only: • Remove official documents or copies of such documents from the premises if they are acting within the scope of their assigned duties or receive specific authorization to do so from their supervisor.
8
4
eJusticeNY Users shall not: • Discuss the contents of any confidential records, including criminal history records, or otherwise disclose personal information on persons in the Division’s files or data banks with anyone unless the employee is authorized to do so and is acting within the scope of his/her official duties.
9
eJusticeNY Overview 1. When running Criminal History Record Information (CHRI), enter all appropriate information such as reason code, case number, comments, and inquiry number. 2. It is not acceptable to run any other names, records, or persons, outside the scope of official duties. 3. Running a test record is an appropriate and approved method of running CHRI. 10
5
Test Records Are Available for users: NYSID 5870633R
Name Sam Sample
11
12
6
13
Consequences for Access Misuse of CHRI:
NYS PENAL LAW • • • • • • • •
Unauthorized Use of a Computer – “A” misdemeanor, PL 156.05 Computer Trespass – “E” Felony, PL 156.10 Computer Tampering 4th Degree – “A” misdemeanor, PL 156.20 Computer Tampering 3rd Degree – “E” Felony, PL 156.25 Criminal Possession of Computer Related Material – “E” Felony, PL 156.35 Tampering with Public Records 2nd Degree – “A” misdemeanor, PL 175.20 Tampering with Public Records 1st Degree – “D” Felony, PL 175.25 Unlawful Possession of Personal Identification Information – “A” misdemeanor, PL 190.81 • Official Misconduct – “A” misdemeanor, PL 195.00
14
7
Consequences for Access Misuse of CHRI:
A violation of similar federal laws may subject any person to a fine up to $10,000.
15
Consequences for Access Misuse of CHRI Information Security Breach and Notification Act: The User Agency may also be required to notify the following when information has been compromised: • • • •
Individual New York State Attorney General’s Office New York State Consumer Protection Board Cyber Security & Critical Infrastructure Coordination (CSCIC)
16
8
Consequences for Access Misuse of CHRI Adverse consequences of the Information Security Breach and Notification Act: • Having to notify the individual and other state agencies dames the agency’s reputation. • Places a burden upon the agency of having to conduct the notifications (difficulties in locating the individual). 17
Consequences for Access Misuse of CHRI Notify the following after information has been compromised: • NYS Attorney General – [email protected] • NYS Consumer Protection Board – [email protected] • NYS CSCIC – [email protected] 18
9
eJusticeNY User Security Issues • The most proactive security measure, particularly in a PC based application, is a user who safeguards the confidentiality of their password and closes eJusticeNY promptly when completing their assigned task or leaving their work station.
19
eJusticeNY User Security Issues • A user must never leave their PC unattended while connected to eJusticeNY. • Leaving your PC unattended while connected to eJusticeNY could allow another person to make a CHRI inquiry under your user ID and password. • Your User ID, your password and your unattended PC = your responsibility. 20
10
eJusticeNY User Security Issues • The use of another person’s user ID and password is a violation of National Crime Information Center (NCIC) and DCJS policy, and is prohibited. • eJusticeNY users must never discuss CHRI or disclose the existence of CHRI to anyone, NOT even co-workers, except as authorized by law and as necessary to carry out official agency business. 21
eJusticeNY User Security Issues • CHRI must be stored in secure locations to prevent any unauthorized access to or use of the data. • Discard all CHRI information or any other confidential information in “Sensitive Scrap” bins or receptacles designated for shredding or appropriate disposal. DO NOT discard in everyday trash. 22
11
eJusticeNY User Security Issues • The use of another person’s user ID and password is a violation and is prohibited. • eJusticeNY users must never discuss or disclose the existence of CHRI, except as authorized and as necessary to carry out official agency business.
23
Role of NYS DCJS Audit & Compliance: 1. Conducts
routine reviews of staff access and use of CHRI. 2. Monitors eJusticeNY audit logs, identifies and investigates questionable searches. 3. Investigates reported misuse of CHRI by User agency staff. 4. Suspected abuse should be reported via email to: [email protected] 24
12
When in Doubt: If there is ever a question on the proper use and dissemination of criminal history or confidential information you can always: • See your Terminal Agency Coordinator (TAC). • Contact the Office of Internal Audit & Compliance at dcjs.sm.internal.audit
25
Code: DCJS01490
26
13
