Section 966 - Procedures for Requesting CARPOS De-Identified Individual-Level Data or Identified Individual-Level Data(a) A Bona Fide Researcher shall electronically submit a completed Data Request Standard Application to the Department's Research Services by following the data request process on the Attorney General's website.(b) To complete the Data Request Standard Application a Bona Fide Researcher shall provide all of the following information on the Data Request Standard Application form: (1) Designation as a new request or a modified request. If the request is to modify an existing request, include the project number assigned to the existing request.(3) Name and position title of the Bona Fide Researcher.(4) Bona Fide Researcher's address, city, state, and postal code which is connected to the Nonprofit Bona Fide Research Institution with which the Bona Fide Researcher is Affiliated.(5) Bona Fide Researcher's phone number and email address which is connected to the Nonprofit Bona Fide Research Institution with which the Bona Fide Researcher is Affiliated.(6) Name of the Nonprofit Bona Fide Research Institution with which the Bona Fide Researcher is Affiliated.(7) Name, phone number, and email address of the Nonprofit Bona Fide Research Institution's information security officer or Information Technology (IT) manager.(9) Date of anticipated completion of the project or the report.(10) List of information for each Team Member that includes all of the following: (A) Name of the Team Member.(B) The physical location from which the Team Member will access CARPOS De-Identified Individual-Level Data or Identified Individual-Level Data.(C) Whether the Team Member is part of the data analysis team.(D) Whether the Team Member is part of the IT team.(11) Signature of the Bona Fide Researcher, and date of signature of the Bona Fide Researcher.(12) Completed Data Request Standard Application checklist that includes all of the following: (A) Project outline that describes all of the following: (i) The purposes and objectives of the project or report.(ii) Specifically, how the requested data, especially Identified Individual-Level Data and PII, is required and will be used to support the project's Peer Review purposes, Research Purposes, Statistical Purposes, and/or the Study of the Prevention of Violence.(iii) The expected benefits of the project.(iv) If applicable, (1) the funding source of the project or report, including whether the funding source is a public or private grant, (2) the grant period, and (3) the grant expiration date.(v) Proposed project design and methodology, including, (1) where the data analysis will be conducted, and (2) a detailed description of how the requested CARPOS De-Identified Individual-Level Data or Identified Individual-Level Data will be used and analyzed.(vi) Information pertaining to the applicant's project approval process, including review and approval by an institutional review board.(B) Curriculum vitae of the Bona Fide Researcher.(C) Signature of the Bona Fide Researcher, and the date of signature of the Bona Fide Researcher, acknowledging the restrictions on use or disclosure of CARPOS De-Identified Individual-Level Data or Identified Individual-Level Data, as specified in section 964.(D) A signed document, which includes the following provisions: (i) The name, signature, and date of signature, of the Nonprofit Bona Fide Research Institution's information security officer or IT manager.(ii) A certification that security controls are in place to meet the requirements of the United States Department of Justice, Criminal Justice Information Services (CJIS) Security Policy, Version 5.9, dated June 1, 2020, United States Department of Justice, CJIS Requirements Companion Document to the FBI CJIS Security Policy Version 5.9, dated June 1, 2020, and the FBI CJIS Appendix A Cloud Control Catalog, which are hereby incorporated by reference.(iii) A certification that if data storage will be in a data server maintained by a cloud provider, the data storage must have undergone either (a) a Systems and Organization (SOC) 2 audit or (b) a Federal Risk and Authorization Management Program (FedRAMP) certification.(E) Any relevant research materials, including, but not limited to proposals, endorsements, and questionnaires.(F) A copy of the approval by an institutional review board or human subjects committee (including the documentation submitted as part of the approval process and the application number and expiration date), demonstrating that the institutional review board or human subjects committee considered relevant federal and state laws governing human research.(c) The Data Request Standard Application shall include written verification of formal approval of the research project by the applicant's institutional review board or human subjects committee, or by the Committee for the Protection of Human Subjects pursuant to Civil Code section 1798.24, subdivision (t). (1) If a Bona Fide Researcher chooses to obtain approval from the Committee for the Protection of Human Subjects, in accordance with Civil Code section 1798.24, subdivision (t), the Bona Fide Researcher may first submit its application to the Department's Research Services. The Department's Research Services may provide written documentation to the Bona Fide Researcher to allow the Committee for the Protection of Human Subjects to review the Bona Fide Researcher's application. The Bona Fide Researcher must provide written verification to the Department's Research Services of formal approvals by the Committee for the Protection of Human Subjects or the Bona Fide Researcher's institutional review board, if operating under a written agreement under Civil Code section 1798.24, subdivision (t), before receiving the CARPOS data. The written verification must include the review and determination by the Committee for the Protection of Human Subjects or the Bona Fide Researcher's institutional review board, if operating under a written agreement under Civil Code section 1798.24, subdivision (t), that the data security approvals required by Civil Code section 1798.24, subdivision (t), have been satisfied.(d) The Bona Fide Researcher shall provide written verification to the Department's Research Services on official letterhead and signed by an authorized official, verifying that the Bona Fide Researcher is Affiliated with the Nonprofit Bona Fide Research Institution.(e) The Bona Fide Researcher shall submit the certificates demonstrating that the Bona Fide Researcher and all Team Members have received human subject protection and ethics training.(f) In cases of requests for CARPOS Identified Individual-Level Data, the Bona Fide Researcher and Team Members shall complete and pass a background check before the release of, and access to, the CARPOS Identified Individual-Level Data. Bona Fide Researchers shall verify that their Team Members have completed and passed a background check before accessing CARPOS Identified Individual-Level Data.(g) If a Data Request Standard Application is denied, then within 10 business days of the denial the Department's Research Services will provide a written statement of specific reasons for denial to the Bona Fide Researcher.(h) If a Data Request Standard Application is approved, the Bona Fide Researcher may submit a request for a letter of support for research to datarequests@doj.ca.gov. Within 30 business days of the request, the Department's Research Services will send to the Bona Fide Researcher either the requested letter of support, or a written statement of specific reasons for denying the letter of support.(i) A Bona Fide Researcher may appeal the denial of a Data Request Standard Application, the failure to pass a background check, or the denial of a letter of support as described below: (1) Any appeal shall be Filed with the Chief of the CJIS Division within 10 calendar days of notice of denial or failure to pass the background check. The appeal shall be filed at datarequests@doj.ca.gov.(2) The Chief of the CJIS Division may serve as the appeal officer, or may appoint another designee. At their sole discretion, the appeal officer reserves the right to collect additional facts or information to aid in the resolution of any appeal, and to set the timeline for any additional collection of facts.(3) The appeal officer may request other entities, that may have relevant information or evidence that would assist in making the decision, that may be impacted by the decision, and/or that may be affiliated with the Department of Justice, Nonprofit Bona Fide Research Institution, Bona Fide Researcher, including but not limited to, the Department's Research Services, to submit a written response to the appeal request, and has discretion to set the deadlines for any additional written responses.(4) The decision of the appeal officer shall be based on all relevant statutory authority and these regulations, all facts and evidence, including, but not limited to, the Department's Research Services' denial and any written statement in support of the denial, the appeal, any other written responses, any additional facts or information collected, the underlying Data Request Standard Application, and any other documents submitted by the Nonprofit Bona Fide Research Institution or Bona Fide Researcher related to the Data Request Standard Application. The decision of the appeal officer shall consider the relevant statutory authority, these regulations, and the balance of harms to the Nonprofit Bona Fide Research Institution or Bona Fide Researcher and the public.(5) The appeal officer shall render a decision in writing within 30 calendar days of receiving the appeal.(6) The decision of the appeal officer shall be final and there will be no further administrative appeal.(j) Ninety (90) days before the expiration date, the Department's Research Services shall notify the Bona Fide Researcher to submit a project renewal request. The Bona Fide Researcher shall complete the project renewal process before the expiration date of the project. A project renewal request shall be submitted in writing on official letterhead to the Department's Research Services and include all of the following information: (1) Any changes in personnel and updated contact information, including removal or addition of the Bona Fide Researcher or Team Members.(2) Any changes in the details of the project.(3) Any technology changes, including software or hardware changes to the computers or servers used for the project.(4) Any changes to the location where the CARPOS De-Identified Individual-Level Data or Identified Individual-Level Data is stored or accessed.(5) Any changes to the security protocols used to prevent unauthorized access to CARPOS De-Identified Individual-Level Data or Identified Individual-Level Data.(6) If applicable, any changes or updates in the approval of the institutional review board or human subjects committee approval (including all documentation submitted as part of the approval process, the application number and expiration date).Cal. Code Regs. Tit. 11, § 966
Note: Authority cited: Sections 13202, 14231.5 and 14240, Penal Code. Reference: Sections 13125, 13202, 14231.5 and 14240, Penal Code; and Sections 1798.21 and 1798.24, Civil Code.
Note: Authority cited: Sections 13202, 14231.5 and 14240, Penal Code. Reference: Sections 13125, 13202, 14231.5 and 14240, Penal Code; and Sections 1798.21 and 1798.24, Civil Code.
1. New section filed 4-7-2022; operative 7/1/2022 (Register 2022, No. 14). Filing deadline specified in Government Code section 11349.3(a) extended 60 calendar days pursuant to Executive Order N-40-20.
2. Change without regulatory effect amending subsections (a), (c)(1), (d), (g)-(h), (i)(3)-(4) and (j) filed 5-29-2024 pursuant to section 100, title 1, California Code of Regulations (Register 2024, No. 22).