All criminal justice agencies which collect, store or disseminate criminal history record information shall:
(1) Screen and have the right to reject for employment, based on good cause, all personnel to be authorized to have direct access to criminal history record information;(2) Initiate or cause to be initiated administrative action that could result in the transfer or removal of personnel authorized to have direct access to such information when such personnel violate the provisions of these regulations or other security requirements established for the collection, storage or dissemination of criminal history record information;(3) Provide that direct access to computerized criminal history record information shall be available only to authorized officers or employees of a criminal justice agency, and, as necessary, other authorized personnel essential to the proper operation of a criminal history record information system, except that the Judicial Branch may provide disclosable information from its combined criminal and motor vehicle information systems or from its central computer system containing issued warrants and other criminal process as provided in section 54-2a to the public electronically, including through the Internet, in accordance with guidelines established by the Chief Court Administrator;(4) Provide that each employee working with or having access to criminal history record information shall be made familiar with the substance and intent of the provisions in this section;(5) Whether manual or computer processing is utilized, institute procedures to assure that an individual or agency authorized to have direct access is responsible for the physical security of criminal history record information under its control or in its custody, and for the protection of such information from unauthorized access, disclosure or dissemination. The State Police Bureau of Identification shall institute procedures to protect both its manual and computerized criminal history record information from unauthorized access, theft, sabotage, fire, flood, wind or other natural or man-made disasters;(6) Where computerized data processing is employed, institute effective and technologically advanced software and hardware designs to prevent unauthorized access to such information and restrict to authorized organizations and personnel only, access to criminal history record information system facilities, systems operating environments, systems documentation, and data file contents while in use or when stored in a media library; and(7) Develop procedures for computer operations which support criminal justice information systems, whether dedicated or shared, to assure that: (A) Criminal history record information is stored by the computer in such a manner that it cannot be modified, destroyed, accessed, changed purged, or overlaid in any fashion by noncriminal justice terminals; (B) operation programs are used that will prohibit inquiry, record updates, or destruction of records, from any terminal other than criminal justice system terminals which are so designated; (C) the destruction of records is limited to designated terminals under the direct control of the criminal justice agency responsible for creating or storing the criminal history record information; (D) operational programs are used to detect and store for the output of designated criminal justice agency employees all unauthorized attempts to penetrate any criminal history record information system, program or file; (E) the programs specified in subparagraphs (B) and (D) of this subdivision are known only to criminal justice agency employees responsible for criminal history record information system control or individuals or agencies pursuant to a specific agreement with the criminal justice agency to provide such programs and the programs are kept continuously under maximum security conditions.Conn. Gen. Stat. § 54-142i
(P.A. 78-200, S. 6; P.A. 99-215, S. 19, 29; P.A. 10-43, S. 28.)
Amended by P.A. 10-0043, S. 28 of the February 2010 Regular Session, eff. 10/1/2010.