§846-7  Security.  Wherever criminal
history record information is collected, stored, or disseminated, the criminal
justice agency or agencies responsible for the operation of the system shall:



(1)  Have power to determine for legitimate security
purposes which personnel can be permitted to work in a defined area where such
information is stored, collected, or disseminated;



(2)  Select and supervise all personnel authorized to
have direct access to such information;



(3)  Assure that an individual or agency authorized
direct access is administratively held responsible for the physical security of
criminal history record information under its control or in its custody and the
protection of such information from unauthorized access, disclosure, or dissemination;



(4)  Institute procedures to reasonably protect any
data center of criminal history record information from unauthorized access,
theft, sabotage, fire, flood, wind, or other natural or man-made disasters;



(5)  Provide that each employee working with or having
access to criminal history record information is to be made familiar with the
substance and intent of this chapter and of regulations promulgated thereunder;
and



(6)  Require that direct access to criminal history
record information is to be available only to authorized officers or employees
of a criminal justice agency and, as necessary, other authorized personnel
essential to the proper operation of the criminal history record information
system.



Where a noncriminal justice agency operates a
system, the participating criminal justice agency shall be responsible for
review, approval, and monitoring of procedures developed to assure compliance
with this section. [L 1979, c 129, pt of §2]