§846-7  Security.  Wherever criminal history record information is collected, stored, or disseminated, the criminal justice agency or agencies responsible for the operation of the system shall:

     (1)  Have power to determine for legitimate security purposes which personnel can be permitted to work in a defined area where such information is stored, collected, or disseminated;

     (2)  Select and supervise all personnel authorized to have direct access to such information;

     (3)  Assure that an individual or agency authorized direct access is administratively held responsible for the physical security of criminal history record information under its control or in its custody and the protection of such information from unauthorized access, disclosure, or dissemination;

     (4)  Institute procedures to reasonably protect any data center of criminal history record information from unauthorized access, theft, sabotage, fire, flood, wind, or other natural or man-made disasters;

     (5)  Provide that each employee working with or having access to criminal history record information is to be made familiar with the substance and intent of this chapter and of regulations promulgated thereunder; and

     (6)  Require that direct access to criminal history record information is to be available only to authorized officers or employees of a criminal justice agency and, as necessary, other authorized personnel essential to the proper operation of the criminal history record information system.

     Where a noncriminal justice agency operates a system, the participating criminal justice agency shall be responsible for review, approval, and monitoring of procedures developed to assure compliance with this section. [L 1979, c 129, pt of §2]