28 CFR Sec. 23.20 -EXPCITE-
Title 28 CHAPTER I PART 23 -HEAD-
Sec. 23.20 Operating principles. -TEXT-
(a) Criminal intelligence information concerning an individual shall be collected and maintained only if it is reasonably suspected that the individual is involved in criminal activity and that the information is relevant to that criminal activity. (b) No records shall be maintained or collected about political, religious or social views, association or activities of any individual group, association, corporation, business or partnership unless such information directly relates to an investigation of criminal activities, and there are reasonable grounds to suspect the subject of the information is or may be involved in criminal conduct. (c) No information which has been obtained in violation of any applicable Federal, State, or local law or ordinance shall be included in any criminal intelligence system. (d) Intelligence information shall be disseminated only where there is a need to know/right to know the data in the performance of a law enforcement activity. (e)(1) Except as noted in paragraph (e)(2) of this section, intelligence information shall be disseminated only to other law enforcement authorities who shall agree to follow procedures regarding data entry, maintenance, security, and dissemination which are consistent with these standards. (2) Paragraph (e)(1) of this section shall not limit the dissemination of an assessment of criminal intelligence information to a Government official or to any other individual, when necessary, to avoid imminent danger to life or property. (f) Agencies maintaining criminal intelligence data shall adopt administrative, technical, and physical safeguards (including audit trails) to insure against unauthorized access and against intentional or unintentional damage. A written record indicating who has been given data, reason for release and date of each dissemination outside the agency is to be kept. Information shall be labeled to indicate levels of sensitivity, levels of confidence, and the identity of control agencies and officials. Each agency must establish written standards for need to know/right to know under subsection (d). (g) Procedures shall be adopted to assure that all information which is retained has relevancy and importance. Such procedures shall provide for the periodic review of data and the destruction of any information which is misleading, obsolete or otherwise unreliable and shall require that any recipient agencies be advised of such changes. All information retained as a result of this review must reflect the name of the reviewer, date of review and explanation of decision to retain. Any information that has been retained in the system but has not been reviewed for a period of two (2) years must be reviewed and validated before it can be utilized or disseminated. (h) If automated equipment for use in connection with a criminal intelligence system is to be obtained with funds under the grant, then: (1) Direct remote terminal access to data shall not be made available to system users; and (2) No modifications to system design shall be undertaken without prior LEAA approval. (i) LEAA shall be notified prior to initiation of formal information exchange procedures with any Federal, State, regional, or other information systems not indicated in the grant documents as initially approved at time of award. (j) Assurances shall be made that there will be no purchase or use in the course of the project of any electronic, mechanical, or other device for surveillance purposes that is in violation of the provisions of Title III of Pub. L. 9-351, as amended, or any applicable state statute related to wiretapping and surveillance. (k) Assurances shall be made that there shall be no harassment or interference with any lawful political activities as part of the intelligence operation. (l) Sanctions shall be adopted to control unauthorized access, utilization, or disclosure of information contained in the system.