33

Date : 02/28/11 Revision: 02/07/2 5 Reviewed: 02/07/25 HILLSBOROUGH COUNTY SHERIFF’S OFFICE CHAD CHRONISTER , SHERIFF STANDARD OPERATING PROCEDURE Number: GEN 118.0 7 Page: 1 of 5 SUBJECT: DATA POLICY I. PURPOSE : The purp ose of this standard operating procedure is to define the guidelines for the use, storage, and handling of Sheriff’s Office data. II. SCOPE : This procedure shall apply to all Sheriff's Office personnel. III. DISCUSSION : In order to maintain the integri ty of data that is used by the Sheriff’s Office, it is important for procedures and processes to be defined regarding the use , storage, and handling of data . IV. DEFINITION S: A. Criminal Justice Information (CJI) - All of the FBI CJ IS provided data neces sary for law enforcement and civil agencies to perform their missions including, but not limited to biometric, identity history, biographic, property, and case/incident history data. B. Data - Any electronic information that is created by, maintained by o r on, owned by, stored on, or accessed via Sheriff’s Office hardware, software, equipment, or systems. The applicable information can be in any form including printed, electronic files, and stored in any place or device. C. Personal ly Identifiable Inform ation (PII) - Information which can be used to distinguish or trace an individual's identity, such as name, social security number, or biometric records, alone or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, or mother's maiden name. Any FBI CJIS provided data maintained by an agency, including but not limited to, education, financial transactions, medical history, and criminal or employment history may include PII. A criminal history record for example inherently contains PII as would a Law Enforcement National Data Exchange (N -DEx) case file. D. Public Information - Information that is accessible to the public or can be provided to the public without restriction. Most information available to Sheriff’s Office personnel will have parts that are considered public and parts that are not considered public. V. PROCEDURE : A. General Information 1. Sheriff’s Office personnel have access to a wide varie ty of sensitive information stored as electronic data. It is important for Sheriff’s Office personnel to be aware of the sensitive nature of the information that is available to them. 2. Because of the wide variety of information that is available to Sh eriff’s Office personnel, there is an equally wide array of policies, state law, federal law, policies implemented by state and federal agencies, and other requirements that can apply to the access, use, or handling of the information . GEN 118.07 02/07/25 Page 2 of 5 3. Personnel must be aware of the policies, state statutes, federal law s, and requirements for the types of information that they access and use as part of their job duties. Failure to follow certain procedures can subject the employee and/or Sheriff’s Office to criminal prosecution, civil penalties, and/or monetary fines. * 4. Nothing in this standard operating procedure should be construed to restrict the sharing of any information as required under Florida State or Federal laws . It should be noted that while Florida pu blic records laws encourage the sharing of information, there are often conflicting laws that restrict certain types of information from being shared under any circumstance . It is the employee’s responsibility to know if certain information that they poss ess or have access to is considered exempt or confidential such that it may not be shared publicly. B. Access and Use of Data 1. Sheriff’s Office personnel are authorized to access and use electronic data or information only f or the purpose of perf orming their official job duties. Any other access or use of electronic data or information is expressly prohibited. 2. Sheriff’s Office personnel are authorized to share electronic data or information with other law enforcement agencies for the purpose o f official job duties only. The sharing of electronic data or information with a law enforcement agency for any other purpose requires prior authorization through the chain of command. 3. The sharing of electronic data or informatio n with any external non-law enforcement entities or persons requires prior written authorization through the chain of command. 4. The sharing of any information should be evaluated as follows: first determine if it is necessary to be shared at all; if sharing the information is necessary, then review the information being shared to determine what is contained within; and finally ensure that all applicable policies, rules, laws, and requirements are followed. In many cases, certain information is restrict ed from being shared under any circumstances , unless it is part of an active criminal investigation ( i.e., social security numbers). 5. In most cases of sharing information with non -law enfo rcement entities or persons, a written agreement should be required prior to sharing t he electronic data or information. The agreement should detail the information to be shared, the purpose of the information being shared, the frequency of the sharing, and the expiration of the information sharing agreement. The agr eement should also list the requirements of who has access to the information, what is the allowed use of the information, security and storage requirements for the information, and any