Loading...
HomeMy WebLinkAboutCriminal Justice User Agreement - 2009FDLE Criminal Justice User Agreement CRIMINAL JUSTICE USER AGREEMENT This Agreement, is entered into between the Florida Department of Law Enforcement (hereinafter referred to as FDLE), an agency of the State of Florida with headquarters at 2331 Phillips Road, Tallahassee, Florida and the Sebastian Police Department with headquarters at 1201 Main St. Sebastian, FL. 32958 with the primary ORI of: FL0310200 , (hereinafter referred to as the User). Whereas, FDLE is authorized by law to operate and regulate the Criminal Justice Network (hereinafter CJNet) as an intra-agency information and data-sharing network for use by the state's criminal justice agencies; Whereas, FDLE is authorized by law to establish and operate the Florida Crime Information Center (hereinafter FCIC) for the exchange of information relating to crimes, criminals and criminal activity; Whereas, FDLE participates in the National Crime Information Center (hereinafter NCIC), a service of the United States Department of Justice, the Interstate Identification Index (hereinafter III), and the International Justice and Public Safety Information Sharing Network (hereinafter NLETS), and serves as Florida's Criminal Justice Information Services (CJIS) Systems Agency (CSA) for the interstate transmission of criminal justice information to and from agencies in Florida and agencies in the continental United States, Alaska, Hawaii, U.S. Virgin Islands, Canada and Puerto Rico; Whereas, the User requires access to intrastate and interstate criminal justice information systems provided by FDLE through the CJNet in order to effectively discharge its public duties; Whereas, FDLE will facilitate local law enforcement and other criminal justice agencies' requests to participate in the information services provided on CJNet, provided the User agrees to abide by applicable federal and state laws; administrative code, and all policies, procedures and regulations related to these systems. FDLE retains full control over the management and operation of CJNet and FCIC. Therefore, in consideration of the mutual benefits to be derived from this Agreement, the FDLE and the User do hereby agree as follows: (This User Agreement is designed for use with all Florida criminal justice agencies. If the User does not perform a specific function, the provisions regarding that function will not apply to the User.) Jan 2009 Page 1 of 15 FDLE Criminal Justice User Agreement SECTION (FCIC/NCIC/CJNET FDLE REQUIREMENTS FDLE is duly authorized and agrees to ensure access to the information services provided on CJNet and adhere to the following: Serve as the CSA for the State of Florida and provide the User with access to criminal justice information as is available in the FCIC/NCIC and III systems and NLETS through CJNet, and to serve as the means of exchanging criminal justice information between the User and other criminal justice agencies on CJNet. 2. Provide the opportunity for CJIS certification/re-certification and CJIS Security Awareness training. 3. Provide the User with information concerning privacy and security requirements imposed by state and federal laws, rules and regulations. 4. Provide state criminal history record check services for non-criminal justice purposes as provided by law. 5. Act as the central state repository; provide identification, record keeping, and exchange of Criminal History Record Information (CHRI) services. 6. Facilitate access, using CJNet, to other information applications or systems that the User may be authorized to access. SECTION II FCIC/NCIC/CJNET USER REQUIREMENTS By accepting access as set forth above, the User agrees to adhere to the following to ensure continuation of access: USE OF THE SYSTEM: Use of the CJNet and any system accessed via the CJNet is restricted to the administration of criminal justice or as otherwise specifically authorized or required by statute. Information obtained from the FCIC/NCIC files, or computer interfaces to other state or federal systems, by means of access granted through CJNet, can only be used for authorized purposes in compliance with FCIC/NCIC and III rules, regulations and operating procedures, and state and federal law. It is the responsibility of the User to insure access to CJNet is for authorized purposes only, and to regulate proper use of the network and information at all times. The User must establish appropriate written standards, which may be incorporated with existing codes of conduct, for disciplining violators of this and any incorporated policy. If the User provides an interface between FDLE and other criminal justice agencies it must abide by all of the provisions of this agreement. Agencies that access FDLE systems by interfacing through other agencies must, likewise, abide by all provisions of this agreement. An Interagency User Agreement is required when access to CJNet is provided by the User to another agency. Jan 2009 Page 2 of 15 FDLE Criminal Justice User Agreement a. MESSAGES: Only law enforcement and other criminal justice messages shall be sent over and through the CJNet. All messages will be treated as privileged unless otherwise indicated. User should make prudent use of regional and statewide broadcast message requests. All messages must use plain English text in the message. b. COMPLIANCE: Access FCIC/NCIC and other CJNet applications in strict compliance with applicable CJNet, FCIC, NCIC, III and NLETS policies including, but not limited to, policies, practices and procedures relating to: i) TIMELINESS: FCIC/NCIC records must be entered, modified, located, cleared, and canceled promptly in order to ensure system accuracy and effectiveness. Users that perform FCIC/NCIC updates for other agencies must comply with timeliness requirements for the records entered for the serviced agencies as well. ii) HOT FILE ENTRIES: User agencies that have personnel dedicated to maintain a 24-hour, seven-day a week FCIC/NCIC operation will be allowed to make entries into the FCIC/NCIC Hot Files. (a) Users making entries for another law enforcement agency must execute an Interagency Agreement outlining each agency's responsibilities. (b) Adult Warrants, Missing Persons and all property records of the FCIC Hot File records, entered by state and local agencies, will be made available to the public on the Internet via the FCIC Public Access System (PAS), unless explicitly flagged by the User for exclusion. iii) QUALITY ASSURANCE: Appropriate and reasonable quality assurance procedures must be in place, including second party verification during entry, to ensure all entries in FCIC/NCIC are complete, accurate, and valid. iv) VALIDATION: The User must validate all records that the User has entered into the system for accuracy and retention. To be in compliance with FCIC/NCIC rules, regulations and operating procedures, the User must ensure each record is modified to confirm the successful validation of each record on file in FCIC/NCIC. Failure to modify a record to indicate validation may result in its removal from the file. Users that make entries into the FCIC/NCIC Hot Files are responsible for maintaining written validation procedures. Jan 2009 Page 3 of 15 FDLE Criminal Justice User Agreement v) HIT CONFIRMATION: The User must comply with FCIC/NCIC rules, regulations and operating procedures by responding to the hit confirmations in a timely manner (within ten minutes or one-hour depending on priority). vi) DISSEMINATION: Information obtained from the FCIC/NCIC h_ot files, CJNet or computer interfaces to other state or federal systems, by means of access granted pursuant to Section 943.0525, F.S., can only be used for official criminal justice purposes. Compliance with Chapter 119, F.S., is accomplished by directing record requests to FDLE per Chapter 11 C-6, F.A.C., and section 943.053(3), F.S. It is the responsibility of the User to ensure that access to the CJNet is for authorized criminal justice purposes only, and to regulate proper access to and use of the network and information at all times. The User will disseminate CHRI derived from federal records or systems only to criminal justice agencies and only for criminal justice purposes. Criminal justice purposes include criminal justice employment screening. The User, if functioning in the capacity of a pretrial release program or providing CHRI for a pretrial release program, may disseminate Florida public record information only, in compliance with s. 907.043 (3)(b)7, F.S., which requires "[e]ach pretrial release program [to] prepare a register displaying information that is relevant to the defendants released through such a program." This dissemination shall be restricted to county probation services offices and those criminal justice entities providing the probation offices with information obtained via the FCIC II message switch for the administration of criminal justice. vii) RETENTION: Criminal history records, whether retrieved from III or the state system, which the User maintains, must be kept in a secure records environment to prevent unauthorized access. (a) Retention of criminal history records, whether retrieved from III or the state system, for extended periods should only be considered when the time sensitivity of the specific record is important. (b) When retention of criminal history records, whether retrieved from III or the state system, is no longer required, final disposition will be accomplished in a secure manner in compliance with state law, FCIC/NCIC and III rules, regulations and operating procedures to preclude unauthorized access. Jan 2009 Page 4 of 15 FDLE Criminal Justice User Agreement (c) Because CHRI may become outdated at any time, a current criminal history record check should be performed whenever CHRI is used or relied upon by the User. Entry or retention of criminal history records in a separate or local database would be inconsistent with this principle, and is therefore discouraged. The retention of criminal history records, whether retrieved from III or the state system, in a secondary (non-FDLE) database is not authorized by law. viii) CRIMINAL HISTORY TRANSMISSION: Any electronic device that uses wireless or radio technology to transmit voice data may be used for the transmission of CHRI only when an officer determines there is an immediate need for this information to further an investigation or there is a situation affecting the safety of an officer or the public. A facsimile machine may be used to transmit criminal history information between criminal justice agencies, provided both agencies have an NCIC Originating Agency Identifier (ORI) and are authorized to receive criminal history information. Appropriate measures must be taken to prevent unauthorized viewing or receipt by unauthorized persons ix) LOGGING: Each interface agency accessing FCIC/NCIC Hot File and III systems shall ensure that an automated log is maintained. The Hot File portion of this log must be maintained for a minimum of twelve months, and the III portion must be maintained for a minimum of four years. (a) Automated logging is a feature included in the application software provided by FDLE, and local agencies are encouraged to retain these logs for future reference. Users purchasing or developing an interface to FCIC must ensure logging is an included feature. (b) The automated transaction log must identify: the operator on all transactions, the agency authorizing all transactions, the requester and secondary recipient for all criminal history transactions. This information can be captured at log-on and can be a name, badge number, serial number, or other unique identifier. (c) The User may only disseminate information to another authorized recipient and must maintain a record of any dissemination of state or federal criminal history information. This record will reflect at a minimum: (1) date of release; (2) to whom the information relates; (3) to whom the information was released; (4) the State Identification (SID) and/or the FBI number(s); and (5) the purpose Jan 2009 Page B of 15 FDLE Criminal Justice User Agreement for which the information was requested. The User must also be able to identify the reason for all III inquiries upon request from the FBI or FDLE. x) INFORMATION ACCESS: The User will allow only properly screened, authorized personnel performing a criminal justice function who have received proper security training to have access to information contained within the CJNet, FCIC/NCIC or other state criminal justice information system files. The User will also provide assistance to other criminal justice agencies not equipped with direct FCIC access in compliance with FCIC/NCIC and III rules, regulations and operating procedures, but only to the extent that such assistance is not otherwise prohibited. (a) The User will ensure that all personnel who initiate a transaction to the FCIC II message switch are current in CJIS certification. (b) The User will ensure that persons allowed to complete CJIS certification are at least 18 years of age and are U.S. citizens or have a valid immigration status/visa. FDLE reserves the right to deny FCIC, CJNet or related programs/ systems access to any individual based on valid, articulable concerns for the security and integrity of FCIC, CJNet or related programs/ systems. xi) WORKSTATION: FDLE is not responsible for the workstation acquisition, maintenance, operation, repair, supplies or workstation operation personnel costs. The User must notify FDLE immediately, should an FCIC/NCIC workstation malfunction or become inoperable. All costs associated with returning the workstation to operation, other than CJNet costs, will be the User's responsibility. FDLE will assist with executing trouble-shooting procedures. c. Interface Operations: For systems implemented after December 31, 2008, the User will ensure that all automated interfaces that programmatically (i.e., without human intervention) generate transactions to the FCIC II message switch are restricted to no more than one transaction per second per interface. 2. AUDITS: All. agencies having access to CJNet, FCIC/NCIC and the III data shall permit an FDLE appointed inspection team to conduct inquiries with regard to any allegations or potential security violations, as well as for routine audits. Jan 2009 Page 6 of 15 FDLE Criminal Justice User Agreement FDLE conducts regularly scheduled compliance and technical security audits of every agency accessing the CJNet to ensure network security, conformity with state law, and compliance with all applicable FDLE, CJNet, FCIC/NCIC and III rules, regulations and operating procedures. Compliance and technical security audits may be conducted at other than regularly scheduled times. 3. TRAINING: The User is responsible for complying with training requirements established in CJIS Security Policy and the rules, regulations, and policies established by FCIC/NCIC, III, FDLE and other CJNet applications. The User is responsible for remaining current in the applications, procedures, and policies and ensuring personnel attend these training sessions. a. Only operators who have successfully completed CJIS certification shall be allowed to have unsupervised access to the FCIC/NCIC system. b. FCIC/NCIC operators who are in their initial six months of assignment may be permitted supervised access to FCIC/NCIC. Operators must successfully complete CJIS certification within six months of appointment or assignment to duties requiring direct access to FCIC/NCIC. c. The User will require all personnel who initiate a transaction to the FCIC II message switch to successfully complete CJIS Certification. The User agrees to remove from FCIC/NCIC access any employee who fails to achieve required certification standards, whose certification has expired, whose certificate is otherwise rescinded or as directed by FDLE. d. The User will require all information technology (IT) personnel, including any vendor who will in the course of their official duties initiate a transaction to the FCIC II message switch, to successfully complete CJIS certification. e. The User will maintain certification records of all CJIS certified personnel in a current status. The User will require all IT personnel, including any vendor, responsible for maintaining/supporting any IT component used to process, store or transmit any unencrypted information to or from the FCIC II message switch, to successfully complete the CJIS Online Security Training provided by FDLE. Jan 2009 Page 7 of 15 FDLE Criminal Justice User Agreement 4. RELOCATION: Should the User desire to relocate the data circuit(s) and/or equipment connected to CJNet, the User must provide FDLE written notice 90 days in advance of the projected move. All costs associated with the relocation of the equipment and the data circuit(s), including delays in work order dates, will be borne by User unless FDLE has funding to make changes without charge. The repair and cost of any damages resulting from such relocation will be the User's responsibility. The User must also provide 90 days advance notice when requesting additional access to FCIC/CJNet. 5. LIABILITY: The User understands that the FDLE, its officers, and employees shall not be liable in any claim, demand, action, suit, or proceeding, including, but not limited to, any suit in law or in equity, for damages by reason of, or arising out of, any false arrest or imprisonment or for any loss, cost, expense or damages resulting from or arising out of the acts, omissions, or detrimental reliance of the personnel of the User in entering, removing, or relying upon information transmitted through CJNet or in the FCIC/NCIC and NLETS information systems. 6. CRIMINAL HISTORY RECORDS: FDLE is authorized to establish an intrastate automated fingerprint identification system (IAFIS) and an intrastate system for the communication of information relating to crimes, criminals and criminal activity. To support the creation and maintenance of the criminal history files, the User, as appropriate, will: a. Provide for inclusion in criminal history records information systems, adult and juvenile criminal fingerprints on all felony arrests; adult criminal fingerprints on all misdemeanors and comparable ordinance violation arrests; and juvenile fingerprints on misdemeanor arrests specified at Section 943.051, F.S. The submission of other juvenile misdemeanor arrest fingerprints is optional. b. Provide security for CHRI and systems that process or store CHRI, and security training for personnel who receive, handle or have access to CHRI. c. Screen all personnel who will have direct access to CHRI and reject for employment personnel who have violated or appear unwilling or incapable of abiding by the requirements outlined in this agreement. d. Defer to FDLE on any determination as to what purposes qualify for criminal justice versus non-criminal justice designation, as well as with respect to other purposes that may be authorized by law. Jan 2009 Page 8 of 15 FDLE Criminal Justice User Agreement e. Pursuant to a signed interagency agreement as authorized by Florida Statutes and/or federal regulations, the User may share state CHRI. Dissemination of information requires compliance with all applicable statutes, FCIC/NCIC and III rules, regulations and operating procedures, including logging. Agencies must maintain confidentiality of such record information that is otherwise exempt from Section 119.07(1), F.S., as provided by law. Provide security and establish policies to prevent unauthorized access to or dissemination of sealed records. SECTION III SECURITY REQUIREMENTS The User must ensure compliance with the FBI CJIS Security Policy and the rules, regulations, policies and procedures established for CJNet, FCIC/NCIC, III and NLETS, which include but are not limited to System Security, Personnel Security, Physical Security, User Authorization, Technical Security, Dissemination of Information Obtained from the Systems, and Destruction of Records. By accepting access as set forth above, the User agrees to adhere to the following security policies in order to ensure continuation of that access: PERSONNEL BACKGROUND SCREENING and POLICY FOR DISCIPLINE: The User is required to conduct a background investigation on all personnel who are authorized to access FCIC/NCIC/III/CJNet data or systems, IT personnel who maintain/support information technology components used to process, transmit or store unencrypted data to and/or from the FCIC II message switch, and other personnel accessing workstation areas that are unescorted by authorized personnel. Good management practices dictate the investigation should be completed prior to employment, but it must, at a minimum, be conducted within the first thirty (30) days of employment or assignment. The User may conduct a preliminary on-line criminal justice employment check. Before the background is completed the following requirements must be met: a. The User must submit applicant fingerprints for positive comparison against the state and national criminal history and for searching of the Hot Files. b. If a record of any kind is found, the User will not permit the operator to have access to the FCIC/NCIC system nor access workstation areas. The User will formally notify the FDLE CJIS Systems Officer (CSO) indicating access will be delayed pending review of the criminal history. c. When identification of the applicant has been established by fingerprint comparison and the applicant appears to be a fugitive, have pending criminal charges; have an arrest history for a felony or serious misdemeanor; have been found guilty of, regardless of adjudication, or entered a plea of polo contendere or guilty to any felony or serious misdemeanor; or to be under the Jan 2009 Page 9 of 15 FDLE Criminal Justice User Agreement supervision of the court, the User will refer the matter to the FDLE CSO for review. d. Applicants who have been found guilty of, regardless of adjudication, or entered a plea of nolo contendere or guilty to a felony, will generally be denied access to FCIC/NCIC. For applicants who have. been adjudicated guilty of or have had adjudication withheld on a misdemeanor, the User will notify the CSO of the misdemeanor(s) and acknowledge an intent to permit FCIC/CJNet access. Access will also generally be denied to any person under court supervision for a criminal offense or against whom criminal charges are pending. If a determination is made by FDLE that FCIC/NCIC access by the applicant would not be in the public interest, such access will be denied and the User will be notified in writing of the access denial. e. Once the original background screening has been completed, if the User learns that a CJIS certified employee has a criminal history or pending charge(s), the User will first determine if the pending charge(s) or record(s) adversely affect(s) the employee's continued employment/access/status with the User. If the employee is placed on leave, terminated or denied access to FCIC by the User, as a result of any pending or unresolved charge(s), the User will notify the CSO of the action taken. Generally, denial of access, pending satisfactory resolution of any such charge(s), and notification to the CSO of that action, will be deemed sufficient corrective action by the User. If the User determines that no action is required while the charge(s) are pending or unresolved; i.e., that the employee will continue to be allowed access to FCIC, the User will notify the CSO and explain its rationale for continued access. FDLE reserves the right, as CSA, to deny access to FCIC and associated databases until any such charge(s) are resolved or the situation is clarified. The User will have a written policy for discipline of personnel who access CJNet for purposes that are not authorized, disclose information to unauthorized individuals, or violate FCIC/NCIC or III rules, regulations or operating procedures. 2. PHYSICAL SECURITY: The User will determine the perimeter for the physical security of devices that access or provide access to CJNet. Access shall be limited as to allow completion of required duties. The User must have a written policy that ensures and implements security measures, secures devices that access FCIC/NCIC/CJNet and prevents unauthorized use or viewing of information on these devices. The use of screen blanking software with password protection is recommended for devices that access FCIC/NCIC when the operator may leave the computer unsupervised. FDLE reserves the right to object to equipment location, security measures, qualifications and number of personnel who will be accessing FCIC/NCIC and to suspend or withhold service until such matters are corrected to its reasonable satisfaction. Jan 2009 Page 10 of 15 FDLE Criminal Justice User Agreement 3. ADMINISTRATIVE SECURITY: The User must designate individual agency contacts to assist the User and FDLE with the information services covered by this agreement. Training for these positions is provided by FDLE, and the User must ensure that its designee is keenly aware of the duties and responsibilities of each respective position. The User is required to provide FDLE with up-to-date contact information. a. TERMINAL AGENCY COORDINATOR: Agencies accessing the FCIC/NCIC system must designate a Terminal Agency Coordinator (TAC) to ensure compliance with FCIC/NCIC and III rules, regulations and operating procedures, and to facilitate communication between FDLE and the User. The TAC must maintain a current CJIS Certification. TACs appointed after February 2005 must attend TAC training within six (6) months of being assigned to the position. b. INFORMATION SECURITY OFFICER: Agencies accessing the FCIC/NCIC system and/or the CJNet, must designate an Information Security Officer (ISO) to ensure security of the FCIC/NCIC workstations, the connection to CJNet, and any access to the information services provided on CJNet to or by the User. c. CJNet POINT OF CONTACT: Agencies accessing applications using Public Key Infrastructure (PKI) security certificates on CJNet must designate a Point of Contact (POC). The POC will receive and approve the issuance and revocation of PKI certificates for the User's members. d. FCIC PUBLIC ACCESS SYSTEM (PAS) CONTACT: Agencies making entries into the FCIC Hot Files must designate a PAS Contact. The PAS Contact is responsible for any follow-up activities deemed appropriate by the User in response to tips resulting from the posting of records on the PAS. FDLE reserves the right to object to the Users appointment of a TAC, LAI, CJNet Point of Contact or ISO based on valid, articulable concerns for the security and integrity of FCIC, CJNet or related programs/systems. 4. TECHNICAL SECURITY a. Dial-up services to FCIC/NCIC and CJNet will be permitted provided the User establishes appropriate security measures to ensure compliance with all rules, regulations, procedures, and the FBI CJIS Security Policy. b. All FCIC/NCIC/III data transmitted over any public network segment must be encrypted as required by the FBI CJIS Security Policy. This requirement also applies to any private data circuit that is shared with non-criminal justice users and/or is not under the direct security control of a criminal justice agency. Jan 2009 Page 11 of 15 FDLE Criminal Justice User Agreement c. The User must maintain, in current status, and provide upon request by FDLE a complete topological drawing, which depicts the User's network configuration as connected to CJNet. This documentation must clearly indicate all network connections, service agencies and interfaces to other information systems. d. The User will ensure only authorized criminal justice agencies or agencies authorized by FDLE are permitted access to the CJNet via the User's CJNet connection. e. The User must ensure all devices with connectivity to CJNet employ virus protection software and such software shall be maintained in accordance with the software vendor's published updates. FCIC and CJNet may only be accessed via computers or interface devices owned by the User or contracted entity. Vendors under contract with the User may be allowed access provided all requirements of the DOJ Security Addendum are complied with and member security training is current. g. The User will ensure that CJNet-only devices have a Windows or network type password to prevent unauthorized access. h. To ensure appropriate security precautions are in place, and upon approval from the FDLE Network Administration staff, the User may employ wireless network connectivity (for example the 802.11 wireless networking protocol). 5. COMPUTER SECURITY INCIDENT RESPONSE CAPABILITY: The User must have a written policy documenting the actions to be taken in response to a possible computer security incident. The policy should include identifying, reporting, investigating and recovery from computer security incidents. The User will immediately notify FDLE of any suspected compromise of the CJNet. 6. PENETRATION TESTING: The User shall allow the FBI and/or FDLE to periodically test the ability to penetrate the CJNet through the external network connection or system. 7. SECURITY AUTHORITY: All policies, procedures and operating instructions contained in the FBI CJIS Security Policy and FCIC/NCIC, III and NLETS documents, operating manuals and technical memoranda, are hereby incorporated into and made a part of this agreement, except to the extent that they are inconsistent herewith or legally superseded by higher authority. 8. CLIENT SOFTWARE LICENSE: The FCIC II Client Software (eAgent) license from Diverse Computing, Incorporated is located in the Help menu of the eAgent client software. The FCIC II Client Software (eAgent) license is made a part of and incorporated by reference into this User Agreement and shall be binding on the User upon acceptance of the software. Jan 2009 Page 12 of 15 FDLE Criminal Justice User Agreement 9. PRIVATE VENDORS: Private vendors which, under contract with the User, are permitted access to information systems that process FCIC/NCIC/III data, shall abide by all aspects of the FBI CJIS Security Addendum. The contract between the User and the vendor will incorporate the Security Addendum to ensure adequate security of FCIC/NCIC/III data. The User will maintain the Security Addendum Certification form for each member of the vendor staff with access to information systems that process FCIC/NCIC/III data. Private vendors permitted such access should be aware of the provisions of s. 817.5681, regarding breach of security of personal information. 10. PASSWORDS: The User will ensure that all personnel who initiate a transaction to the FCIC II message switch have a separate and distinct password for the software/interface used to initiate the transaction. The User will ensure that all interfaces with the FCIC II message switch, operated by the User, follow the password requirements as outlined in the FBI CJIS Security Policy. 11. INDIVIDUAL USER ACCESS: The User will deactivate individual user access to eAgent and/or other FCIC interfaces, other CJNet applications, and FBI Law Enforcement On-line (LEO), upon separation, reassignment or termination of duties, provide individual user access is no longer required for the administration of criminal justice. SECTION IV MISCELLANEOUS REQUIREMENTS FDLE has received funding from the United States Department of Justice and is subject to and must demand intrastate users of its criminal history record services adhere to US Code (28 U.S.C. section 534), State Statute (Chapter 943 F.S.), Code of Federal Regulations (28 C.F.R. Part 20), Florida Administrative Code (Chapter 11C-6, F.A.C.), FCIC/NCIC and III rules, regulations and operating procedures which this agreement incorporates both present and future. 2. PENALTIES AND LIABILITIES: Any non-compliance with the terms of this Agreement concerning the use and dissemination of criminal history information may subject the User's officers or employees to a fine not to exceed $11,000 as provided for in the Code of Federal Regulations, Title 28, Section 20.25, and/or discontinuance of service. Moreover, certain offenses against system security and the information contained therein are crimes under Florida Statutes and can result in criminal prosecution. 3. PROVISIONS INCORPORATED: The User shall be bound by applicable federal and state laws, federal regulations and the rules of FDLE to the same extent that the User would be if such provisions were fully set out herein. Moreover, this Agreement incorporates both present and future law, regulations and rules. 4. TERMINATION: Either party may terminate this Agreement, with or without cause, upon providing advanced written notice of 45 days. Termination for cause includes, but is not limited to, any change in the law that affects either party's Jan 2009 Page 13 of 15 FDLE Criminal Justice User Agreement ability to substantially perform as originally provided in this Agreement. Should the aforementioned circumstances arise, either party may terminate or modify the Agreement accordingly. FDLE reserves the right to terminate service, without notice, upon presentation of reasonable and credible evidence that the User is violating this Agreement or any pertinent federal or state law, regulation or rule. 5. MODIFICATIONS: Modifications to the provisions in this Agreement shall be valid only through execution of a formal Agreement amendment. 6. ACCOUNTABILITY: To the extent provided by the laws of Florida, the User agrees to be responsible for the negligent acts or omissions of its personnel arising out of or involving any information contained in, received from, entered into or through CJNet, FCIC/NCIC, III and NLETS. 7. ACKNOWLEDGEMENT: The User hereby acknowledges the duties and responsibilities as set out in this Agreement. The User acknowledges that these duties and responsibilities have been developed and approved by FDLE to ensure the reliability, confidentiality, completeness, and accuracy of all records contained in or obtained by means of the CJNet, including the FCIC/NCIC System. The User further acknowledges that failure to comply with these duties and responsibilities will subject its access to various sanctions as approved by the FBI Criminal Justice Information Services Advisory Policy Board. These sanctions may include termination of NCIC services to the User. The User may appeal these sanctions through the CSA. 8. TERM OF AGREEMENT: This agreement will remain in force until it is determined by FDLE that a new agreement is required. The User should initiate the execution of a new agreement when a change of agency chief executive occurs. Jan 2009 Page 14 of 15