1.2relating to public safety; classifying criminal intelligence data under the Data
1.3Practices Act; establishing standards;proposing coding for new law in Minnesota Statutes, chapter 13.
1.5BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF MINNESOTA:
1.6 Section 1.
[13.824] CRIMINAL INTELLIGENCE DATA.
1.7 Subdivision 1. Definitions. (a) The terms defined in this section have the meanings
1.8given them.
1.9(b) "Association data" means data that document the associations or activities of a
1.10person and that are about that person's political, religious, or social views.
1.11(c) "Criminal intelligence data" means data a law enforcement agency uses to
1.12anticipate, prevent, or monitor possible criminal or terrorist activity by a person. Criminal
1.13intelligence data does not include association data unless the association data have a direct
1.14relationship to criminal or terrorist activities by a person.
1.15(d) "Criminal intelligence data assessment" means an analysis based on criminal
1.16intelligence data.
1.17(e) "Criminal predicate" means sufficient, articulable facts, along with rational
1.18inferences from those facts, to give employees working under the supervision of a law
1.19enforcement agency a basis to believe that there is a reasonable possibility that a person is
1.20involved in criminal or terrorist activity.
1.21(f) "Critical infrastructure" means physical or virtual assets that, when incapacitated
1.22or destroyed, would have a debilitating impact on the physical or economic security,
1.23public health, or public safety of the citizens of the state.
2.1(g) "Law enforcement agency" means a government agency at the federal, state, or
2.2local level, including agencies in other states, that are charged with detecting criminal
2.3activity, enforcing criminal laws, or protecting critical infrastructure.
2.4(h) "Terrorist activity" means acts dangerous to human life that violate the criminal
2.5laws of this state or the United States and appear to be intended to:
2.6(1) intimidate or coerce the civilian population;
2.7(2) influence the policy of the state by intimidation or coercion; or
2.8(3) affect the state by mass destruction, assassination, or kidnapping.
2.9(i) "Threat of imminent serious harm" means a credible impending threat to the
2.10safety of a person, government entity, or property.
2.11 Subd. 2. Data classification and retention. (a) Criminal intelligence data are
2.12classified as confidential data on individuals or protected nonpublic data for a period of
2.13one year. After one year, the data classification changes to private data on individuals or
2.14nonpublic data unless the following criteria are met:
2.15(1) the source of the data is reliable and verifiable;
2.16(2) the person alleged to be involved in criminal activity can be identified;
2.17(3) the allegations of criminal activity are supported by a criminal predicate;
2.18(4) the data were collected in a lawful manner; and
2.19(5) the data are accurate and current.
2.20If the criteria are met, the data remain classified as confidential data on individuals
2.21or protected nonpublic data.
2.22(b) The informed consent of the subject of the data is not effective if the data are
2.23classified as private data on individuals or nonpublic data.
2.24(c) Notwithstanding any other law to the contrary, data that have changed
2.25classification as required by paragraph (a) shall not be maintained by a government entity
2.26for more than three years from the last date the classification changed.
2.27(d) If, prior to the destruction required by paragraph (c), the criteria in paragraph (a)
2.28can be met, the data classification reverts to confidential data on individuals or protected
2.29nonpublic data.
2.30(e) Criminal intelligence data assessments and dissemination records are classified
2.31as confidential data on individuals or protected nonpublic data.
2.32 Subd. 3. Sharing authorized. (a) Criminal intelligence data may be shared with:
2.33(1) a law enforcement agency, if the recipient demonstrates a criminal predicate
2.34related to the data requested;
2.35(2) a law enforcement agency to charge a person with a crime or allege that a
2.36juvenile is delinquent;
3.1(3) a person or government entity when the dissemination is needed to protect the
3.2person, government entity, or property from the threat of imminent serious harm;
3.3(4) a person or government entity to protect critical infrastructure;
3.4(5) a law enforcement agency conducting the background check required by section
3.5626.87; or
3.6(6) the public to promote public health or safety or to dispel widespread rumor
3.7or unrest.
3.8(b) Criminal intelligence data assessments may be shared with:
3.9(1) a law enforcement agency;
3.10(2) a person or government entity when the dissemination is needed to protect the
3.11person, government entity, or property from the threat of imminent serious harm;
3.12(3) a person or government entity to protect critical infrastructure; or
3.13(4) the public to promote public health or safety or to dispel widespread rumor
3.14or unrest.
3.15 Subd. 4. Data prohibitions. (a) Unless there is a criminal predicate, a law
3.16enforcement agency may not maintain or use criminal intelligence data.
3.17(b) Association data may not be maintained by a Minnesota law enforcement agency
3.18or shared with any law enforcement agency.
3.19 Subd. 5. Dissemination record. A law enforcement agency shall keep a
3.20dissemination record of each sharing made under subdivision 3, paragraph (a).
3.21 Sec. 2.
[13.8735] CRIMINAL INTELLIGENCE SYSTEMS.
3.22 Subdivision 1. Definitions. (a) For purposes of this section, the terms in this
3.23subdivision have the meanings given them.
3.24(b) "Criminal intelligence data" means data that has been evaluated to determine
3.25that it:
3.26(1) is relevant to the identification of and the criminal activity engaged in by an
3.27individual or organization reasonably suspected of involvement in criminal activity; and
3.28(2) meets criminal intelligence system submission criteria.
3.29(c) "Criminal intelligence system" or "intelligence system" means the arrangements,
3.30equipment, facilities, and procedures used for the receipt, storage, interagency exchange
3.31or dissemination, and analysis of criminal intelligence data.
3.32(d) "Intelligence project" or "project" means the organizational unit that operates an
3.33intelligence system on behalf of and for the benefit of a single agency or the organization
3.34that operates an interjurisdictional intelligence system on behalf of a group of participating
3.35agencies.
4.1(e) "Interjurisdictional intelligence system" means an intelligence system that
4.2involves two or more participating agencies representing different government entities
4.3or jurisdictions.
4.4(f) "Participating agency" means an agency of local, county, state, federal, or other
4.5governmental unit that exercises law enforcement or criminal investigation authority
4.6and which is authorized to submit and receive criminal intelligence data through an
4.7interjurisdictional intelligence system. A participating agency may be a member or a
4.8nonmember of an interjurisdictional intelligence system.
4.9(g) "Validation of data" means the procedures governing the periodic review of
4.10criminal intelligence data to assure its continuing compliance with system submission
4.11criteria established by regulation or program policy.
4.12 Subd. 2. Operating principles. (a) A project shall collect and maintain criminal
4.13intelligence data concerning an individual only if there is reasonable suspicion that the
4.14individual is involved in criminal conduct or activity and the information is relevant to
4.15that criminal conduct or activity.
4.16(b) A project shall not collect or maintain criminal intelligence data about the
4.17political, religious, or social views, associations, or activities of any individual or any
4.18group, association, corporation, business, partnership, or other organization unless the data
4.19directly relates to criminal conduct or activity and there is reasonable suspicion that the
4.20data subject is or may be involved in criminal conduct or activity.
4.21(c) Reasonable suspicion or criminal predicate is established when data exists that
4.22establishes sufficient facts to give a trained law enforcement or criminal investigative
4.23agency officer, investigator, or employee a basis to believe that there is a reasonable
4.24possibility that an individual or organization is involved in a definable criminal activity
4.25or enterprise. In an interjurisdictional intelligence system, the project is responsible for
4.26establishing the existence of reasonable suspicion of criminal activity either through
4.27examination of supporting data submitted by a participating agency or by delegation
4.28of this responsibility to a properly trained participating agency that is subject to audit
4.29procedures established by subdivision 4.
4.30(d) A project shall not include in any criminal intelligence system data that has
4.31been obtained in violation of any applicable federal, state, or local law or ordinance.
4.32In an interjurisdictional intelligence system, the project is responsible for establishing
4.33that no information is entered in violation of federal, state, or local laws, either through
4.34examination of supporting information submitted by a participating agency or by
4.35delegation of this responsibility to a properly trained participating agency which is subject
4.36to routine inspection and audit procedures established by subdivision 4.
5.1(e) A project shall disseminate criminal intelligence data only where there is a need
5.2to know and a right to know the data in the performance of a law enforcement activity.
5.3(f) A project shall disseminate criminal intelligence data only to law enforcement
5.4authorities who shall agree to follow procedures regarding data receipt, maintenance,
5.5security, and dissemination which are consistent with this section. This paragraph shall
5.6not limit the dissemination of an assessment of criminal intelligence data to a government
5.7official or to any other individual, when necessary, to avoid imminent danger to life or
5.8property.
5.9(g) A project maintaining criminal intelligence data shall adopt administrative,
5.10technical, and physical safeguards, including audit trails, to prevent unauthorized access
5.11and against intentional or unintentional damage. A record indicating who has been
5.12given data, the reason for release of the data, and the date of each dissemination outside
5.13the project shall be kept. Data shall be labeled to indicate levels of sensitivity, levels of
5.14confidence, and the identity of submitting agencies and control officials. Each project
5.15must establish written definitions for the "need to know" and "right to know" standards for
5.16dissemination to other agencies as provided in paragraph (e). The project is responsible
5.17for establishing the existence of an inquirer's need to know and right to know the data
5.18being requested either through inquiry or by delegation of this responsibility to a properly
5.19trained participating agency that is subject to routine inspection and audit procedures
5.20established by the project.
5.21(h) A project:
5.22(1) where appropriate, must adopt effective and technologically advanced computer
5.23software and hardware designs to prevent unauthorized access to the information
5.24contained in the system;
5.25(2) must restrict access to its facilities, operating environment, and documentation
5.26to organizations and personnel authorized by the project;
5.27(3) must store data in the system in a manner that prevents the data from being
5.28modified, destroyed, accessed, or purged without authorization;
5.29(4) must institute procedures to protect criminal intelligence data from unauthorized
5.30access, theft, sabotage, fire, flood, or other natural or man-made disaster;
5.31(5) must adopt rules based on good cause to implement its authority to screen,
5.32reject for employment, transfer, or remove personnel authorized to have direct access
5.33to the system; and
5.34(6) may authorize and utilize off-site system databases to the extent that they comply
5.35with these security requirements.
6.1(i) All projects shall adopt procedures to ensure that all data retained by a project
6.2has relevancy and importance. The procedures shall provide for the periodic review of
6.3data and the destruction of any data that is misleading, obsolete, or otherwise unreliable,
6.4and shall require that any recipient agencies be advised of any errors or corrections. All
6.5data retained as a result of this review must identify the name of the reviewer, date of
6.6review, and explanation of the decision to retain. Data retained in the system must be
6.7reviewed and validated for continuing compliance with system submission criteria before
6.8the expiration of its retention period, which in no event shall be longer than five years.
6.9(j) A project must not purchase or use in the course of the project any electronic,
6.10mechanical, or other device for surveillance purposes that is in violation of sections
6.11626A.01 to 626A.381 and the Electronic Communications Privacy Act of 1986, Public
6.12Law 99-508, United States Code, title 18, sections 2510-2520, 2701-2709, and 3121-3125.
6.13(k) A project must not harass or interfere with any lawful political activities as
6.14part of the intelligence operation.
6.15(l) A project shall adopt sanctions for unauthorized access, utilization, or disclosure
6.16of data contained in the system.
6.17(m) A participating agency of an interjurisdictional intelligence system must
6.18maintain in its agency files data that documents each submission to the system and
6.19supports compliance with project entry criteria. Participating agency files supporting
6.20system submissions must be made available for reasonable audit and inspection as
6.21provided in subdivision 4.
6.22 Subd. 3. Supervision. The head of an agency, or an individual expressly delegated
6.23control and supervision by the head of the agency, maintaining an interjurisdictional
6.24criminal intelligence system shall:
6.25(1) assume official responsibility and accountability for actions taken in the name of
6.26the joint entity; and
6.27(2) certify in writing that the official takes full responsibility and will be accountable
6.28for insuring that the data transmitted to the interjurisdictional system or to participating
6.29agencies will be in compliance with the principles in this chapter.
6.30The principles in this section shall be included in bylaws or operating procedures for
6.31each system. Each participating agency, as a condition of participation, must accept in
6.32writing those principles which govern the submission, maintenance, and dissemination
6.33of data included as part of an interjurisdictional system.
6.34 Subd. 4. Audit of data submitted to system; reports. At least once every three
6.35years, the Bureau of Criminal Apprehension shall conduct periodic audits of criminal
6.36intelligence systems and interjurisdictional criminal intelligence systems for compliance
7.1with this section. The bureau shall have access to the documenting data for purposes
7.2of conducting an audit. The bureau shall conduct the audit in a manner that protects
7.3the confidentiality and sensitivity of participating agency intelligence records. By
7.4October 1 of each year, the bureau shall submit a report on the results of the audits to the
7.5commissioner of public safety.
7.6 Subd. 5. Classification of intelligence data. Criminal intelligence data is classified
7.7as confidential data on individuals, or protected nonpublic data.
7.8EFFECTIVE DATE.This section is effective August 1, 2012.