 |
Virginia Administrative Code (Last Updated: January 10, 2017) |
 |
Title 6. Criminal Justice and Corrections |
|
Agency 20. Department of Criminal Justice Services |
|
Chapter 120. Regulations Relating to Criminal History Record Information Use and Security |
Section 160. Computer operations
-
A. Where computerized data processing is employed, effective and technologically advanced software and hardware design shall be instituted to prevent unauthorized access to this information.
B. Computer operations, whether dedicated or shared, that support criminal justice information systems shall operate in accordance with procedures developed or approved by the participating criminal justice agencies.
C. Criminal history record information shall be stored by the computer in such a manner that it cannot be modified, destroyed, accessed, changed, purged, or overlaid in any fashion by noncriminal justice terminals.
D. Operational programs shall be used that will prohibit inquiry, record updates, or destruction of records from terminals other than criminal justice system terminals that are so designated.
E. The destruction of record shall be limited to designated terminals under the direct control of the criminal justice agency responsible for creating or storing the criminal history record information.
F. Operational programs shall be used to detect and log all unauthorized attempts to penetrate criminal history record information systems, programs, or files.
G. Programs designed (i) for the purpose of prohibiting unauthorized inquiries, unauthorized record updates, or unauthorized destruction of records or (ii) for the detection and logging of unauthorized attempts to penetrate criminal history record information systems shall be known only to the criminal justice agency employees responsible for criminal history record information system control or individuals and agencies pursuant to a specific agreement with the criminal justice agency to provide such security programs. The program or programs shall be kept under maximum security conditions.
H. Criminal justice agencies having automated criminal history record files shall designate a system administrator to maintain and control authorized user accounts, system management, and the implementation of security measures.
I. The criminal justice agency shall have the right to audit, monitor, and inspect procedures established pursuant to this chapter.
Historical Notes
Derived from VR240-02-1 § 3.6, eff. April 1, 1986; amended, Volume 06, Issue 04, eff. January 1, 1990; Volume 10, Issue 07, eff. February 1, 1994; Volume 33, Issue 03, eff. November 4, 2016.