This policy applies to all computer and electronic devices used by police department employees to access data, files, software, etc.
The department recognizes the responsibility for safeguarding confidential data stored in electronic files and the need to systematically enhance protection as technology advances.
To prevent unauthorized access, the technology unit commander will review and approve all permissions and authorizations for access to electronic files, databases, and websites. The technology unit commander will allow only “minimum necessary” access to authorized individuals according to applicable federal and state laws and regulations.
Each unit commander/supervisor is responsible to review and manage activation, de-activation, and restrictions for individuals under their command, and to notify the technology unit commander of personnel changes that affect user authorizations. The unit commander/supervisor is also responsible for ensuring submission of appropriate one-time and annual paperwork, including authorizations and agreements required for DVS, city email and Internet, CJIS, MNCIS, CIBRS, and access and use.
Saint Paul Police Department (SPPD) has a Terminal Agency Coordinator (TAC) which serves as a point of contact for matters relating to CJIS information access. The TAC administers CJIS system programs within the agency and oversees the compliance with CJIS policies. All issues and questions related to CJIS should be directed to our TAC.
All employees are responsible to use department computers and devices with access to protected or not public data (e.g., DVS, city and police networks, CJIS/MNCIS) only as authorized by Criminal Justice Information Services Security Policy and the Minnesota Government Data Practices Act. This includes complying with standards pertaining to device security, passwords, session locks, authentication, and minimum necessary access.
Passwords and Credentials
[Redacted].
[Redacted].
[Redacted].
[Redacted].
[Redacted].
[Redacted].
All Saint Paul Police Department staff accessing city devices [redacted], authorized by the technology unit commander, City of Saint Paul’s Office of Technology and Communications (OTC), or external access administrator, as applicable. Employees must change their passwords as prompted and within the time frame set forth in the prompt or access may be shut off.
Employees may not share their unique login credentials with others.
[Redacted]
[Redacted]
Access
All employees are required to provide the computer system with true information when gaining access to data, including name, employee number, or any access code. Using another’s name, login, access codes, passwords, or other credentials to access applications or data is a violation of this policy and may result in discipline up to and including termination. The sharing of your login, password, access codes or other credentials is prohibited.
All department computers and devices with access to protected, or nonpublic, data (e.g., DVS, city and police networks, CJIS/MNCIS) must be secured in a squad car or used only in secure locations, unless the technology unit commander has authorized access from an alternate location. Examples of secure locations are headquarters or district buildings. Examples of unsecure [redacted]. Employees must obtain authorization from the technology unit commander to access data from an alternate location or to access data from a mobile device. Authorization to access data from an alternate location or mobile device will only be granted if the access and device are deemed to be appropriately secured and in CJIS compliance. To request such access the remote access form must be completed and approved by the unit commander/manager and technology commander. All laptop and mobile devices must be [redacted] CJIS requirements [redacted].
The Saint Paul Police Department will when feasible deploy smart technology that is designed to prevent the tampering and manipulating of evidence, to include automated audit trails.
All data is subject to the controls detailed in General Order 235.00: Data Practices and the Minnesota Data Practices Act. In addition, criminal justice data are subject to controls detailed in General Order 238: Criminal Justice Data Policy and CJIS standards.
Remote Access
[Redacted]
[Redacted]
Data Ports/USB
No employee may attach any personal device(s) to a city-owned data/ port without OTC’s prior written approval. This includes any private/personnel devices that contain files mixed with city and personal data. See city policy for further details. USB memory devices are available from the property room. Proper virus protection and/or encryption are needed for employees using these devices.
Hardware and Software
The technology unit is responsible for installing, maintaining, and upgrading computer systems, software, and hardware in partnership with OTC. All new software and hardware, project proposals, including test products, must be approved by the technology unit commander. No hardware or software may be used by SPPD staff unless and until all applicable agreements and forms are accepted through proper channels. All new requests for software or hardware must be initiated with the technology unit commander.
Software is copyrighted material and protected by copyright laws. As such, duplication of any application for use on more than one device is prohibited.
It is the responsibility of all SPPD employees to adhere to the data privacy policies. Employees may only access and use private data as allowed by SPPD policy and applicable laws and regulations. Employees must take all reasonable steps to ensure data security.
See the following policies for further information: 235.00 to 241.00, 440.00, 442.17.
Revised April 24, 2018