Criminal Intelligence Systems Operating Policies. Any information technology system funded or supported by Grant Funds shall comply with 28 CFR Part 23, Criminal Intelligence Systems Operating Policies, if applicable.
Criminal Intelligence Systems Operating Policies or the FBI CJIS Security Policy may be appropriate to review and reference in the Agreement in some cases. As previously mentioned, astute consortiums should endeavor to follow the latest guidelines that pertain to privacy. The agreement may want to address the privacy information within the data and the privacy information that may be collected on users of the system. Be aware that additional privacy rules may be implicated as medical or child services become involved. The data integrity efforts may need to allow for redress and other privacy actions depending on whether the information is used, stored and/or aggregated. Whether privacy needs a separate section of the Agreement or not is up to the participants; however, it is generally considered a good idea to state and demand adherence to identified best practices and to include any such requirements in the Agreement. Such guidance and/or best practices may be placed in an appendix. The Agreement should contain guidelines as to: how to capture the substantive discussion of meetings; who will take ownership of this task; where this information is stored, to whom it should be reported; and, how to respond if someone outside the committee asks for these records. Some states have “Sunshine Laws” that mandate meeting and minutes, so it is good to obtain legal guidance if this section is included. In most cases, member agencies will be required by public disclosure requirements to acknowledge entry to an Agreement with other agencies. Beyond that, the Agreement may specify who within the consortium should speak for the agencies participating in the Agreement. It may be desirable for the consortium to have a single voice and, if that is the case, the Agreement should specify how that is achieved.
