Protection against unauthorized access.
Criminal history record systems, whether dedicated to criminal justice purposes, or shared, will be designed and operated in accordance with procedures which will assure that:
(1) Access to criminal history record information facilities and system operating areas (whether for computerized or manual systems) and the content of data files and systems documentation, will be restricted to authorized personnel. These procedures may include use of guards, keys, badges, passwords, sign-in logs, or similar safeguards.
(2) All facilities which house criminal history record information must be designed and constructed so as to reduce the possibility of physical damage to the information resulting from unauthorized access.
(3) Criminal history record information is stored in such a manner that will prevent modification, destruction, access, change, purging, or overlay of criminal history record information by unauthorized personnel.
(4) Operational programs are used in computerized systems that will prohibit inquiry, record updates, or destruction of records from any terminal other than those authorized to perform criminal history record information functions.
(5) The purging or destruction of records is limited to personnel authorized by the criminal justice agency or through contract as required under WAC
446-20-180, and consistent with WAC
446-20-230.
(6) Refuse from the criminal history record information system installations is transferred and destroyed under such reasonably secure conditions as will effectively guard against unauthorized availability.
(7) Operational procedures are used in computerized systems to detect and store unauthorized attempts to penetrate any criminal history record information system, program or file, and that such information is made available only to criminal justice agency employees with responsibility for system security, or as authorized by WAC
446-20-180.
(8) The procedures developed to meet standards of subsections (4) and (7) of this section, are known only to authorized employees responsible for criminal history records information system control.
[Statutory Authority: Chapters
10.97 and
43.43 RCW. WSR 21-05-044, § 446-20-220, filed 2/11/21, effective 3/14/21; WSR 10-01-109, § 446-20-220, filed 12/17/09, effective 1/17/10. Statutory Authority: RCW
10.97.080 and
10.97.090. WSR 80-08-057 (Order 80-2), § 446-20-220, filed 7/1/80.]