DAR File No. 37769

Public Safety, Criminal Investigations and Technical Services, Criminal Identification

Rule R722-900

Review and Challenge of Criminal Record

Notice of Proposed Rule

(Repeal and Reenact)

DAR File No.: 37769
Filed: 06/26/2013 11:15:28 AM

RULE ANALYSIS

Purpose of the rule or reason for the change:

The Bureau of Criminal Identification (BCI) houses and maintains criminal history records for the state of Utah. Access to and dissemination of this information is governed by statute which includes the requirement to propose rules to outline the procedure for requesting and obtaining access to these criminal history records. This rule has only addressed the public's access to and the challenge of the criminal history record. Many other entities -- law enforcement, criminal justice agencies, non-criminal justice agencies, and others -- have, by statute, the authority to access and disseminate these records. The reenactment of this rule will include these additional procedures for access authorization.

Summary of the rule or change:

Rule R722-900 contains procedures for an individual to access his/her criminal history record, and the procedures for challenging anything contained in his/her found record. The proposed repeal and reenactment of Rule R722-900 still contains the procedures for individuals, but additionally outlines procedures for access to bureau records for criminal justice agencies and qualifying entities, as well as procedures for auditing, reporting misuse, and appeal of denied access.

State statutory or constitutional authorization for this rule:

• Subsection 53-10-108(8)
• Subsection 53-10-108(7)

Anticipated cost or savings to:

the state budget:

There is no aggregate anticipated cost or savings to the state budget. This rule addresses the process by which an entity may request access and the ability to disseminate criminal history records from BCI files. Certain of these entities have been allowed access to these files prior to this. The proposed rule now includes the process for any entity requesting access and the authority to disseminate the information obtained from the access.

local governments:

There is no aggregate anticipated cost or savings to local government. This rule addresses the process by which an entity may request access and the ability to disseminate criminal history records from BCI files. The proposed rule now includes the process for any entity requesting access and the authority to disseminate the information obtained from the access.

small businesses:

There is no aggregate anticipated cost or savings to small businesses. This rule addresses the process by which an entity may request access and the ability to disseminate criminal history records from BCI files. The proposed rule now includes the process for any entity requesting access and the authority to disseminate the information obtained from the access.

persons other than small businesses, businesses, or local governmental entities:

There is no aggregate anticipated cost or savings to persons other than small businesses, businesses, or local government entities. This rule addresses the process by which an entity may request access and the ability to disseminate criminal history records from BCI files. The proposed rule now includes the process for any entity requesting access and the authority to disseminate the information obtained from the access.

Compliance costs for affected persons:

There are no compliance costs for affected persons. This rule addresses the process by which an entity may request access and the ability to disseminate criminal history records from BCI files. The proposed rule now includes the process for the entity requesting access and the authority to disseminate the information obtained from the access.

Comments by the department head on the fiscal impact the rule may have on businesses:

There is no anticipated fiscal impact on businesses associated with this rule. This rule currently describes the process of requesting access to criminal history information, and obtaining the authority to disseminate that information, for individuals only. The repeal and reenactment of this rule is being submitted in order to describe the process of requesting access to criminal history information, and obtaining the authority to disseminate that information, by all entities outlined in statute.

Lance Davenport, Commisioner

The full text of this rule may be inspected, during regular business hours, at the Division of Administrative Rules, or at:

Public Safety
Criminal Investigations and Technical Services, Criminal Identification
3888 W 5400 S
TAYLORSVILLE, UT 84118

Direct questions regarding this rule to:

• Alice Moffat at the above address, by phone at 801-965-4939, by FAX at 801-965-4944, or by Internet E-mail at aerickso@utah.gov

Interested persons may present their views on this rule by submitting written comments to the address above no later than 5:00 p.m. on:

08/14/2013

This rule may become effective on:

08/21/2013

Authorized by:

Alice Moffat, Bureau Chief

R722. Public Safety, Criminal Investigations and Technical Services, Criminal Identification.

[ R722-900. Review and Challenge of Criminal Record.

R722-900-1. Purpose.

Subsection 53-10-108(8)(a) requires the Commissioner of Public Safety to establish procedures to allow an individual to review his criminal history record information. Subsection 53-10-108(8)(c) requires the Commissioner to establish procedures to allow an individual to challenge the completeness and accuracy of his criminal history record information as contained in the department's computerized criminal history files. The purpose of this rule is to establish those procedures.

 

R722-900-2. Authority.

This rule is authorized by Sections 53-10-108 and 63G-3-201.

 

R722-900-3. Review.

An individual may review the department's criminal history record information about him, by contacting the Bureau of Criminal Identification (BCI) and:

(a) filling out an application provided by BCI;

(b) providing a set of fingerprints;

(c) providing a copy of a government issued photo i.d.;

(d) filling out and signing a criminal history waiver form provided by BCI; and

(e) paying a $10 processing fee.

 

R722-900-4. Application by Mail.

(a) Individuals who are unable to apply in person may obtain an application from BCI, be fingerprinted at a local law enforcement agency, and then mail the completed application, fingerprints, signed waiver, and $10 processing fee to BCI at Box 148280, Salt Lake City, Utah 84114-8280.

(b) The local law enforcement agency verifies the identity of the individual by checking a government issued photo i.d. at the time of fingerprinting and signs the application form.

 

R722-900-5. Challenge.

(a) An individual may challenge the completeness and accuracy of his criminal history record information by filling out a challenge form provided by BCI. The submittal of a challenge form will be handled as an informal adjudicative proceeding in accordance with Section 63G-4-203. If the department denies the challenge, no further hearing, review, or reconsideration shall be granted. The individual making the challenge will be required to prove to the satisfaction of BCI through the use of appropriate documentation that the department's criminal history record information is incomplete or inaccurate.

(b) If BCI is satisfied that the individual has sufficiently documented that his/her criminal history record information is incomplete or inaccurate, BCI will amend the individual's files accordingly.

(c) An individual who is dissatisfied with the decision made by BCI regarding the completeness or accuracy of the department's criminal history record information on him/her, may appeal the decision to district court in accordance with Section 63G-4-402.

] R722-900. Access to Bureau Records.

R722-900-1. Purpose.

The purpose of this rule is to establish procedures whereby criminal justice agencies, qualified entities, and individuals may obtain access to bureau records.

 

R722-900-2. Authority.

This rule is authorized by Subsections 53-10-108(7) and (8).

 

R722-900-3. Definitions.

(1) Terms used in this rule are found in Section 53-10-102.

(2) In addition:

(a) "agency" means a criminal justice agency as defined in Subsection 53-10-102(9) and 28 U.S.C. Subsection 534(e), or a non-criminal entity authorized to access CJIS under federal law;

(b) "bureau" means the Utah Bureau of Criminal Identification within the Department of Public Safety established by Section 53-10-201;

(c) "CJIS" means the Criminal Justice Information System administered by the FBI;

(d) "entity" means an entity qualified to access criminal history information under state or federal law;

(e) "entity id" means an entity's unique identifier that is used to access criminal history information;

(f) "FBI" means the Federal Bureau of Investigation within the United States Department of Justice;

(g) "login id" means a unique identifier in UCJIS for a user or non-user;

(h) "misuse" means the access, use, disclosure, or dissemination of records for a purpose prohibited or not permitted by statute, rule, regulation, or policy of a governmental entity;

(i) "NCIC" means the National Crime Information Center;

(j) "non-user" means a person working for or with an agency, who does not have direct access to UCJIS but has indirect access to records, including individuals who may:

(i) access computer systems or programs used to access UCJIS files; or

(ii) have unrestricted access to a location containing UCJIS records or a computer with UCJIS access;

(k) "ORI" means originating agency identifier;

(l) "provider" means a law enforcement agency as defined in Subsection 53-1-102(1)(c), the Utah Attorney General's Office, a county attorney's office, a district attorney's office, or a city prosecutor's office;

(m) "records" means records created, maintained, or to which access is granted by the bureau, including criminal history information;

(n) "right of access program" means a program established under Subsection 53-10-108(8) in which a provider makes an individual's UCCH and warrant of arrest information available to the subject of the record;

(o) "TAC" means an agency's terminal agency coordinator;

(p) "UCCH" means Utah Computerized Criminal History;

(q) "UCJIS" means Utah Criminal Justice Information System, which includes the Criminal Justice Information System; and

(r) "user" means a person working for or with an agency who has direct access to UCJIS or who obtains UCJIS records from a person who has direct access.

 

R722-900-4. Direct Access to UCJIS for Agencies.

(1) An agency seeking direct access to UJCIS shall submit a completed Criminal Justice Agency Application Packet to the bureau.

(2)(a) The bureau shall submit the agency's information to the FBI, which shall determine whether the agency meets the requirements for access to CJIS records established by the FBI.

(b) If the FBI determines the agency is entitled to access any CJIS records, the FBI shall assign the agency an ORI and the bureau shall notify the agency in writing what records it may access on UCJIS using the assigned ORI.

(c)(i) If the FBI determines that the agency is not entitled to access records on CJIS, the bureau shall notify the agency of the FBI's decision and refer the agency to the agencies whose records are available on UCJIS to determine if the agency may have access to those records.

(ii) If the agency is granted access to any records on UJCIS, the bureau shall assign the agency an ORI and notify the agency in writing which records the agency may access using that ORI.

(iii) If the agency is not entitled to access any records on UCJIS, the bureau shall notify the agency in writing and provide notice of the right to appeal pursuant to R722-900-10.

(3)(a) Within 30 days after an agency is granted access to records on UCJIS, it shall submit the following documents to the bureau:

(i) a Criminal Justice Agency Agreement, signed by the agency administrator; and

(ii) a CJIS fingerprint submission form with a legible FD258 fingerprint card for the TAC.

(b) The bureau shall conduct a fingerprint-based criminal history background check of the TAC.

(c) If the bureau determines that the TAC meets all the requirements for access to UCJIS, the TAC shall complete the new TAC orientation training provided by the bureau within six months.

(d) If the bureau determines that the TAC does not meet the requirements for access to UCJIS, the bureau shall notify the agency and the TAC in writing including notice of the right to appeal pursuant to R722-900-10.

(4)(a) The agency TAC shall conduct a criminal history check using the name and date of birth of each user or non-user at the agency.

(b) If the criminal history check indicates that the user or non-user does not have any criminal history, the TAC shall create an account on UCJIS and assign the user or non-user a login id.

(c) Within 30 days of assigning a login id to a user or non-user, the TAC shall submit to the bureau:

(i) a UCJIS User Agreement for each user and non-user; and

(ii) a CJIS fingerprint submission form with a legible FD258 fingerprint card for all users and non-users employed at the agency.

(d) The bureau shall conduct a fingerprint-based criminal history background check for all users and non-users employed at the agency.

(e) If the bureau determines that a user or non-user meets the requirements for access to CJIS, the bureau shall notify the TAC that the user or non-user has been approved.

(f) If the bureau determines a user or non-user does not meet the requirements for access to CJIS, the bureau shall notify the user or non-user, the TAC, and the agency administrator in writing which includes the right to appeal pursuant to R722-900-10.

(5)(a) Within six months of assigning a login id to a user or non-user, the TAC shall train the user or non-user in accordance with the BCI Operations Manual.

(b) Upon completion of the training, the TAC shall administer a test to the users and submit to the bureau a signed testing agreement form from each user indicating that the user passed all of the required training and testing.

(6)(a) The TAC shall attend the annual TAC training meeting and provide updates to all users and non-user at the agency based on the training.

(b) The TAC shall be responsible for ensuring that all users or non-users at the agency complete all training required by the bureau.

(c) The TAC shall be responsible for ensuring that all users at the agency complete all re-testing required by the bureau.

(d) The bureau may suspend or revoke a TAC's, user's, non-user's access to records if the TAC, user, or non-user fails to complete the required training or testing.

 

R722-900-5. Access for Entities.

(1)(a) An entity seeking access to criminal background check information for employment background checks or other screening purposes shall submit a completed Qualified Entity Application Packet to the bureau, which includes the following:

(i) a Qualified Entity Application Form;

(ii) documentation that it is a business, organization, or governmental entity that is qualified to access criminal background check information;

(iii) a description of why the entity is seeking to conduct employment background checks or other screenings;

(iv) billing information; and

(v) contact information for:

(A) the entity's administrator; and

(B) a point of contact.

(2)(a) The bureau shall review the entity's application to determine whether the entity meets the requirements for access to criminal background check information found in state or federal law.

(b) The bureau may request additional documentation from the entity to verify whether the entity is qualified to access criminal history information.

(c) If the bureau determines that an entity is qualified to access criminal background check information, it shall notify the entity in writing and assign it an entity id.

(d) If the bureau determines the entity is not qualified to access criminal background check information, the bureau shall notify the entity of the bureau's decision in writing and provide notice of the right to appeal pursuant to R722-900-10.

(3)(a) Once an entity has been granted access to criminal background check information, it shall submit the following documents to the bureau:

(i) a Qualified Entity Agreement, signed by the entity administrator; and

(ii) a signed Qualified Entity Employee Agreement for each employee of the entity who will have access to criminal background check information.

(b) Any employee of the entity who has access to criminal background check information shall successfully complete all training and testing required by the bureau.

(c) The bureau may suspend or revoke access to criminal background check information if an employee of an entity fails to complete the required training and testing.

 

R722-900-6. Individual Right of Access.

(1) An individual may review his or her own criminal history record information contained in a UCCH, by submitting a completed Criminal History Record Application to the bureau along with:

(a) a set of fingerprints which have been verified with photo identification at the time the fingerprints were taken;

(b) a copy of a government issued photo identification; and

(c) payment of the processing fee required by Subsection 53-10-108(8)(b).

(2)(a) An individual may challenge the completeness and accuracy of the information contained in the individual's UCCH by submitting a completed Application to Challenge Criminal History Records to the bureau along with:

(i) the challenge fee; and

(ii) documentation to establish what information is missing or incorrect on the UCCH.

(b) The challenge process shall be an informal adjudicative proceeding under Section 63G-4-203.

(c)(i) If the bureau determines that the individual's criminal history record information is incomplete or inaccurate, the bureau shall amend the UCCH.

(ii) The bureau shall send the individual a letter notifying the individual of the changes made to the individual's UCCH and a copy of the individual's corrected UCCH.

(d)(i) If the bureau determines that the criminal history record information is correct, the bureau shall notify the individual in writing that the UCCH shall not be amended.

(ii) An individual may appeal the bureau's decision not to amend a record to district court in accordance with Section 63G-4-402.

(e) If the bureau determines that the individual seeking to challenge the information in the UCCH is not the subject of the record, the bureau shall notify the individual in writing.

 

R722-900-7. Right of Access Programs.

(1) A provider seeking to establish a right of access program shall submit a completed Right of Access Contract.

(2)(a) The bureau shall review the Right of Access Provider Contract to determine whether the provider may conduct a right of access program.

(b) The bureau may request additional information from the provider to determine whether the provider may conduct a right of access program.

(c) If the bureau determines that a provider is qualified to conduct a right of access program, it shall notify the provider in writing.

(d) If the bureau determines the provider is not qualified to conduct a right of access program, it shall notify the provider of the bureau's decision in writing.

 

R722-900-8. Audits

(1)(a) All agencies and entities shall submit to audits conducted by the bureau.

(b) Upon request, an agency and entity shall complete the Pre-audit Request within 30 days from the date it is sent by the bureau.

(c) An agency and entity shall complete the Audit Survey within 30 days from the date it is sent out by the bureau.

(d) The bureau shall review the information submitted by the agency and entity to determine if the agency and entity is in compliance with applicable state and federal statutes, rules, and regulations.

(e) The bureau shall notify the agency and entity of the audit results in writing and give the agency, entity, or provider an opportunity to rectify any issues it found during the audit.

(f) The bureau may suspend or revoke an agency's access to UCJIS or an entity's access to criminal background check information if it fails to comply with the audit or rectify issues found during the audit.

 

R722-900-9. Misuse.

(1) Anyone who has reason to believe that records have been misused may submit a written complaint to the bureau.

(2)(a) The bureau shall conduct a review of its records to determine if there is any evidence to support the complaint.

(b) If the bureau finds evidence indicating records may have been accessed, used, disclosed, or disseminated, the bureau shall notify the agency TAC or entity point of contact and request that an internal review be conducted.

(3) The agency or entity shall be responsible for conducting an internal review to determine if there has been misuse of a record and submit its findings to the bureau within 30 days.

(4)(a) If the agency or entity determines there was misuse, the agency or entity shall submit a corrective action plan to the bureau.

(b) The bureau shall review the corrective action plan to determine if the action taken by the agency or entity was sufficient to address the misuse.

(5) If the bureau finds that an agency, entity, TAC, user, non-user, or employee of an entity misused records, the bureau may:

(a) suspend or revoke the access of the agency, entity, TAC, user, non-user, or employee of the entity; and

(b) refer the matter to the appropriate law enforcement agency for investigation and prosecution.

(6) The bureau may suspend or revoke access to records by an agency, entity, TAC, user, non-user, or employee of the entity if the agency, entity, TAC, user, non-user, or employee of the entity fails to comply with any terms of the signed agreement.

 

R722-900-10. Appeal.

(1)(a) An agency or entity denied access to records may appeal the bureau's decision by sending a written request for review to the bureau within 30 days of the date of the denial of access.

(b) An agency may appeal the bureau's decision to deny a TAC, user, or non-user access to records by sending a written request for review to the bureau within 30 days of the date of the denial of access.

(2) A request for review shall include:

(a) a description of the grounds for review; and

(b) supporting documentation.

(3)(a) The bureau director or the director's designee shall review the request for review and issue a written decision within 30 days from the date of the appeal.

(b) If the bureau's decision to deny an agency or entity is upheld, the bureau shall notify the agency or entity of the right to appeal to the district court by complying with the requirements in Section 63G-4-402.

(c) If the bureau's decision to deny a TAC, user, non-user is upheld, there shall be no further right of appeal.

 

KEY: [criminal records]access to records, UCJIS, criminal justice agencies, qualified entities

Date of Enactment or Last Substantive Amendment: [December 15, 1998]2013

Notice of Continuation: April 10, 2013

Authorizing, and Implemented or Interpreted Law: [53-10-108(8)]53-10-102; 53-10-108