Protected_Information

Policy 806CSU Police Department Systemwide Policy Manual Copyright Lexipol, LLC 2025/08/10, All Rights Reserved. Published with permission by CSU Police DepartmentProtected Information - 1Protected Information 806.1 PURPOSE AND SCOPE The purpose of this policy is to provide guidelines for the access, transmission, release and security of protected information by members of the CSU Police Department. This policy addresses the protected information that is used in the day-to-day operation of the Department and not the public records information covered in the Records Maintenance and Release Policy. 806.1.1 DEFINITIONS Definitions related to this policy include: Protected information - Any information or data that is collected, stored or accessed by members of the CSU Police Department and is subject to any access or release restrictions imposed by law, regulation, order or use agreement. This includes all information contained in federal, state or local law enforcement databases that is not accessible to the public. 806.2 POLICY Members of the CSU Police Department will adhere to all applicable laws, orders, regulations, use agreements and training related to the access, use, dissemination and release of protected information. 806.3 RESPONSIBILITIES The Chief of Police shall select a member of the Department to coordinate the use of protected information. The responsibilities of this position include but are not limited to: (a)Ensuring member compliance with this policy and with requirements applicable to protected information, including requirements for the National Crime Information Center (NCIC) system, National Law Enforcement Telecommunications System (NLETS), Department of Motor Vehicles (DMV) records, and California Law Enforcement Telecommunications System (CLETS). (b)Developing, disseminating, and maintaining procedures that adopt or comply with the U.S. Department of Justice's current Criminal Justice Information Services (CJIS) Security Policy. See the CSU Police Department CJIS Access, Maintenance, and Security Policy for additional guidance. (c)Developing, disseminating, and maintaining any other procedures necessary to comply with any other requirements for the access, use, dissemination, release, and security of protected information. (d)Developing procedures to ensure training and certification requirements are met. (e)Resolving specific questions that arise regarding authorized recipients of protected information. (f)Ensuring security practices and procedures are in place to comply with requirements applicable to protected information. CSU Police Department Systemwide Policy Manual Protected Information Copyright Lexipol, LLC 2025/08/10, All Rights Reserved. Published with permission by CSU Police DepartmentProtected Information - 2806.4 ACCESS TO PROTECTED INFORMATION Protected information shall not be accessed in violation of any law, order, regulation, user agreement, CSU Police Department policy, or training. Only those members who have completed applicable training and met any applicable requirements, such as a background check, may access protected information, and only when the member has a legitimate work-related reason for such access. Unauthorized access, including access for other than a legitimate work-related purpose, is prohibited and may subject a member to administrative action pursuant to the Personnel Complaints Policy and/or criminal prosecution. See the CJIS Access, Maintenance, and Security Policy for additional guidance. 806.4.1 PENALTIES FOR MISUSE OF RECORDS It is a misdemeanor to furnish, buy, receive or possess Department of Justice criminal history information without authorization by law (Penal Code § 11143). Authorized persons or agencies violating state regulations regarding the security of Criminal Offender Record Information (CORI) maintained by the California Department of Justice may lose direct access to CORI (11 CCR 702). 806.5 RELEASE OR DISSEMINATION OF PROTECTED INFORMATION Protected information may be released only to authorized recipients who have both a right to know and a need to know. A member who is asked to release protected information that should not be released should refer the requesting person to a supervisor or to the Records Supervisor for information regarding a formal request. Unless otherwise ordered or when an investigation would be jeopardized, protected information maintained by the Department may generally be shared with authorized persons from other law enforcement agencies who are assisting in the investigation or conducting a related investigation. Any such information should be released through the Records Bureau to ensure proper documentation of the release (see the Records Maintenance and Release Policy). 806.5.1 REVIEW OF CRIMINAL OFFENDER RECORD Individuals requesting to review their own California criminal history information shall be referred to the Department of Justice (Penal Code § 11121). Individuals shall be allowed to review their arrest or conviction record on file with the Department after complying with all legal requirements regarding authority and procedures in Penal Code § 11120 through Penal Code § 11127 (Penal Code § 13321). 806.5.2 TRANSMISSION GUIDELINES Protected information, such as restricted Criminal Justice Information (CJI), which includes Criminal History Record Information (CHRI), should not be transmitted via unencrypted radio. CSU Police Department Systemwide Policy Manual Protected Information Copyright Lexipol, LLC 2025/08/10, All Rights Reserved. Published with permission by CSU Police DepartmentProtected Information - 3When circumstances reasonably indicate that the immediate safety of officers, other department members, or the public is at risk, only summary information may be transmitted. In cases where the transmission of protected information, such as Personally Identifiable Information, is necessary to accomplish a legitimate law enforcement purpose, and utilization of an encrypted radio channel is infeasible, a MDT or department-issued cellular telephone should be utilized