0648: ENROLLED ANALYSIS (2-16-06) - C.J.I.S. COUNCIL CODIFICATION

C.J.I.S. COUNCIL CODIFICATION S.B. 648 & H.B. 5275-5277: ENROLLED ANALYSIS

Senate Bill 648 (as enrolled) PUBLIC ACT 308 of 2005
House Bills 5275, 5276, and 5277 (as enrolled) <b>PUBLIC ACTS 309, 310, & 311 of 2005
Sponsor: Senator Raymond E. Basham (S.B. 648) Representative Gary A. Newell (H.B. 5275) Representative Michael Nofs (H.B. 5276) Representative Paul Condino (H.B. 5277)
Senate Committee: Judiciary
House Committee: Judiciary

Date Completed: 2-16-06

RATIONALE

Executive Reorganization Order No. 1998-1 created the Criminal Justice Information Systems (CJIS) Policy Council within the Department of State Police. The executive order transferred to the CJIS Policy Council all of the statutory authority, functions, and responsibilities of the Automated Fingerprint Identification System (AFIS) Policy Council and the Law Enforcement Information Network (LEIN) Policy Council. The executive order also mandates that the CJIS Policy Council advise the Department Director on issues related to information management systems that facilitate the rapid exchange of information between components of the criminal justice system. Although the 1998 executive order abolished the LEIN Policy Council and the AFIS Policy Council as individual entities, combining them into a single CJIS Policy Council, separate statutes continued to govern the LEIN and AFIS Policy Councils. Thus, it was suggested that the CJIS Policy Council be codified in statute to reflect the measures implemented under the executive order.

Also, while the L.E.I.N. Policy Council Act required the policy council to establish policy and promulgate rules regarding operational procedures, and the A.F.I.S. Policy Council Act required that policy council to establish procedures to be followed by agencies using AFIS, some people felt that that the CJIS Policy Council should have broader policy-making authority governing access, use, and disclosure of information from the various criminal justice information systems. In addition, the L.E.I.N. Policy Council Act prohibited the unauthorized disclosure of information from LEIN and subjected violators to criminal penalties. Some suggested that improper access and use, as well as disclosure, of information form LEIN or AFIS also should be prohibited and that the penalties should apply only when those actions involve nonpublic information and are taken for personal use or gain.

CONTENT Senate Bill 648 and House Bills 5275 and 5277 amended the L.E.I.N. Policy Council Act, and House Bill 5276 amended the fingerprinting law, to do all of the following:

-- Replace the LEIN Policy Council with the CJIS Policy Council, and expand the Council's membership.
-- Require the council to establish policy and promulgate rules governing information in criminal justice information systems.
-- Require the council to advise the Governor on issues concerning criminal justice information systems.
-- Prohibit a person from gaining access to, using, or disclosing nonpublic information governed under the Act for personal use or gain (which replaced the previous prohibition against disclosing LEIN information to a private entity for any purpose); and apply the criminal
penalties only to intentional violations.
-- Prohibit the disclosure of AFIS and other criminal justice system information (as well as LEIN information) in an unauthorized manner.
-- Allow the Attorney General, a prosecuting attorney, or the court to disclose to a defendant or defense counsel information pertaining to that defendant that was obtained from LEIN.
-- Require criminal history information associated with a State identification number and supported by fingerprints to be disseminated in response to a search of the criminal history record database, unless it is nonpublic information or its dissemination is prohibited by law.
-- Repeal the A.F.I.S. Policy Council Act.

House Bill 5275 also changed the official title of the L.E.I.N. Policy Council Act to the "C.J.I.S. Policy Council Act". (References below to the "Act" mean the renamed statute. References to the "council" mean the LEIN Policy Council in the context of the former law, and the CJIS Policy Council under the amendments.)

The bills took effect on February 1, 2006. Senate Bill 648 and House Bill 5275 were tie-barred.

Senate Bill 648
Policy & Rules

The Act required the council to establish policy and promulgate rules regarding the operational procedures to be followed by agencies using LEIN. The bill requires the council, instead, to establish policies and promulgate rules governing access, use, and disclosure of information in criminal justice information systems including LEIN, AFIS, and other information systems related to administering criminal justice or law enforcement.

Among other matters, the Act previously required that the policy and rules ensure access to locator information obtained through LEIN by State and Federal agencies and the Friend of the Court for enforcement of child support programs as provided under State and Federal law, and ensure access to information of an individual being investigated by a State or county employee who was engaged in the enforcement of Michigan's child protection laws or rules. The bill, instead, requires that the policy and rules do the following:

-- Ensure access to information by a Federal, State, or local government agency to administer criminal justice or enforce any law.
-- Ensure access to information provided by LEIN or AFIS by a government agency engaged in the enforcement of child support laws, child protection laws, or vulnerable adult protection laws.

The council's policy and rules also must establish fees for access, use, or dissemination of information from criminal justice information systems.

Prohibitions & Penalties

The Act had prohibited a person from disclosing information from LEIN to a private entity for any purpose, including the enforcement of child support programs. The Act also prohibited the disclosure of information from LEIN in a manner not authorized by law or rule. The bill, instead, prohibits the access, use, or disclosure of "nonpublic information" governed under the Act for personal use or gain; and prohibits the disclosure of information governed under the Act in a manner not authorized by law or rule. (The bill defines "nonpublic information" as information to which access, use, or dissemination is restricted by any law or rule of this State or the United States.)

Previously, a first offense was a misdemeanor punishable by up to 90 days' imprisonment, a maximum fine of $500, or both. The bill retains this penalty but increases the maximum term to 93 days. A second or subsequent offense continues to be a felony punishable by up to four years' imprisonment, a maximum fine of $2,000, or both. Under the bill, the criminal penalties apply to a person who commits an intentional violation.

Other Provisions

The Act required the council to establish minimum standards for terminal sites and information. The bill instead requires the council to establish minimum standards for equipment and software and its installation. The Act previously allowed the council to remove terminals if the agency or entity controlling a terminal failed to comply with the council's policies and rules. The bill permits the council to suspend or deny the use of and access to information, or remove access from an agency, if that agency violates the council's policies and rules.

Under the bill, a person who has direct access to nonpublic information in criminal justice information systems must submit a set of fingerprints for comparison with State and Federal criminal history records to be approved for access pursuant to the CJIS security policy. A report of the comparison must be provided to the person's employer.

The bill repealed the A.F.I.S. Policy Council Act (MCL 28.151-28.158). The bill also repealed Section 6 of the L.E.I.N. Policy Council Act, which prohibited the LEIN Policy Council from approving the purchase of hardware or software with Federal or State funds without the approval of the "joint committee on computers".

House Bill 5275
Council Composition

According to the Act, the LEIN Policy Council consisted of the following members:

-- The Attorney General, or his or her designee.
-- The Secretary of State, or his or her designee.
-- The Director of the Department of Corrections, or his or her designee.
-- The Commissioner of the Detroit Police Department, or his or her designee.
-- Three representatives of the Department of State Police, appointed by the Director of that Department.
-- Three representatives of the Michigan Association of Chiefs of Police, appointed annually by that association.
-- Three representatives of the Michigan Sheriffs' Association, appointed annually by that association.
-- Three representatives of the Prosecuting Attorneys Association of Michigan, appointed annually by that association.

The bill includes those members as well as the following in the CJIS Policy Council:

-- The Director of the Department of State Police, or his or her designee.
-- A fourth representative of the Michigan Sheriffs' Association.
-- A representative of the Michigan District Judges Association, appointed by that association.
-- A representative of the Michigan Judges Association, appointed by that association.
-- The State Court Administrator, or his or her designee.
-- An individual employed in or engaged in the private security business, appointed by and serving at the pleasure of the Governor.
-- An individual representing human services concerns in Michigan, appointed by and serving at the pleasure of the Governor.
-- The Director of the Department of Information Technology, or his or her designee.

The bill also refers to the "chief", rather than the "commissioner", of the Detroit Police Department.

The bill deleted the requirement that the representatives of the police chiefs', sheriffs', and prosecutors' associations be appointed annually. Under the bill, appointed members serve two-year terms and may be reappointed.

The bill specifies that a majority of the council members constitute a quorum for conducting the business of the council.

State Police

The bill requires the council to exercise its prescribed powers, duties, functions, and responsibilities independently of the Director of the Department of State Police. The council's budgeting, procurement, and related management functions, however, must be performed under the Director's direction and supervision. In addition, the executive secretary of the council must be appointed by the Director, subject to the council's approval.

House Bill 5276
The bill amended the fingerprinting law to specify that all criminal history information associated with a State identification number and supported by fingerprint impressions or images must be disseminated in response to a fingerprint-based or name-based search of the criminal history record database. This provision, however, does not require the dissemination of criminal history information that is nonpublic or is prohibited by law from being disseminated.

House Bill 5277
The bill provides that, in a criminal case, the Attorney General or his or her designee, a prosecuting attorney, or the court may disclose to the defendant or the defendant's attorney of record information pertaining to that defendant that was obtained from LEIN.

MCL 28.214 & 28.215 (S.B. 648) 28.211-28.213a (H.B. 5275) 28.242a (H.B. 5276) 28.214 (H.B. 5277)

BACKGROUND

The LEIN Policy Council was established by Public Act 163 of 1974 to create policy and promulgate rules regarding the operational procedures to be followed by agencies using LEIN, to review applications for network terminals and approve or disapprove the applications and the sites for terminal installations, and to establish minimum standards for terminal sites and installations.

The AFIS Policy Council was established by Public Act 307 of 1988 to create policy and promulgate rules regarding the operations and audit procedures to be followed by agencies using AFIS, to design and provide for statewide identification of individuals using an AFIS, to establish minimum standards for AFIS sites and installations, to review proposed applications for AFIS and approve or disapprove the applications and the sites for system installations, and to establish policy and promulgate rules restricting the dissemination of identification information to individuals and agencies.

Before the 1998 executive order, the membership of the LEIN Policy Council was entirely represented on the AFIS Policy Council.

ARGUMENTS (Please note: The arguments contained in this analysis originate from sources outside the Senate Fiscal Agency. The Senate Fiscal Agency neither supports nor opposes legislation.)

Supporting Argument By combining the LEIN Policy Council and the AFIS Policy Council in statute, the bills codified the measures ordered in Executive Reorganization Order No. 1998-1. Then-Governor John Engler noted in that executive order that the mission and goals of the two policy councils were similar and the technologies and system interaction involved with both LEIN and AFIS were closely linked. The order also stated that the two policy councils' functions and responsibilities could be more effectively organized and carried out under the supervision and direction of one governmental body, and that combining the LEIN and AFIS Policy Councils was "in the interests of efficient administration and effectiveness of government". The combined CJIS Policy Council has been operating as a single body, overseeing both the LEIN system and AFIS, since the implementation of that 1998 executive order, making the provisions of the former L.E.I.N. Policy Council Act and the former A.F.I.S. Policy Council Act obsolete. The statutes needed to be revised to reflect those changes and to anticipate the need for oversight of future criminal justice information systems.

Supporting Argument
While the 1998 executive order transferred to the CJIS Policy Council all of the authority of the AFIS and LEIN Policy Councils, that statutory authority was fairly restrictive. As the statutes required the separate policy councils to do, the CJIS Policy Council had to establish procedures that agencies were required to follow in using LEIN and AFIS, ensure that access to certain information in LEIN was available to certain law enforcement entities, and restrict the dissemination of identification information. The bills give the CJIS Policy Council broader authority to oversee LEIN, AFIS, and other criminal justice information systems, mandating that the policy council establish policy and promulgate rules governing access, use, and disclosure of information from those systems.

Supporting Argument
The bills enhance the security of information in LEIN and other criminal justice information systems. Previously, unauthorized disclosure of LEIN information could result in criminal penalties, but, on some occasions, people reportedly gained access to or used LEIN information improperly without disclosing it. That technically was not a violation under the previous statute, because the information was not disclosed. By specifying that a person may not "access, use, or disclose" nonpublic information from LEIN, AFIS, and other systems for personal use or gain, the bills more appropriately prohibit actions that should be subject to criminal penalties.

Supporting Argument
The bills give the CJIS Policy Council greater administrative authority over the use of criminal justice information systems. In particular, the policy council now has the power to impose administrative sanctions on individuals who use information systems improperly. Previously, the policy council established minimum standards for terminal sites, and could remove a terminal from an agency if the terminal was used improperly. Some have reported that individual employees of law enforcement agencies sometimes engage in improper access to or use of LEIN information. These actions might not rise to the level of a criminal violation, either under the previous statutes or the bills, because the information might not be disclosed to another individual or the actions might not be taken for personal gain. In such cases, removing a terminal from that site, thereby imposing a sanction on the entire agency, might be too harsh. As an option, the bills authorize the CJIS Policy Council to suspend an individual's rights to gain access to and use LEIN or AFIS.
Response: Individual agencies should remain responsible for overseeing the use of information systems by their employees. Granting administrative authority over individual personnel to the CJIS Policy Council could involve it in ancillary issues such as employment relations and contract negotiation. Those matters are outside the purview of the policy council.
Legislative Analyst: Patrick Affholter

FISCAL IMPACT
The bills will have no fiscal impact on State or local government.

Fiscal Analyst: Bruce Baker
Lindsay Hollander

Analysis was prepared by nonpartisan Senate staff for use by the Senate in its deliberations and does not constitute an official statement of legislative intent. sb648etal./0506