This project was supported by Grant Numbers 2010-DG-BX-K044 and 2014-DP-BX-K017, awarded by the Bureau of Justice
Assistance. The Bureau of Justice Assistance is a component of the Department of Justice’s Office of Justice Programs, which
also includes the Bureau of Justice Statistics, the National Institute of Justice, the Office of Juvenile Justice and Delinquency
Prevention, the Office for Victims of Crime, and the SMART Office. Points of view or opinions in this document are those of the
author and do not necessarily represent the official position or policies of the U.S. Department of Justice.
Bureau of Justice Assistance
U.S. Department of Justice
Database Operations Training
Purging or Validating Data
Purging and validation of criminal intelligence
information helps to ensure that the information
in the system remains current and relevant. Purge
requirements should be set forth in the project’s
operational policy, including, but not limited to, the
retention period, who can perform purge activities,
and whether there is a validation process.
A criminal intelligence record must be purged from
the database by the expiration of its retention period
(no longer than ve years), unless the record has been
reviewed and validated for an additional retention period
by the submitting agency.
Validation means the submitter has determined that the
subject continues to be reasonably suspected of current
involvement in a denable criminal activity or enterprise.
Administrative and Security Issues
There are several security and administrative
requirements a criminal intelligence project should
ensure are implemented to protect the condentiality of
sensitive information and achieve compliance with the
regulation. The project should provide:
Physical, technical, and administrative security of
the system, including user identication, passwords,
audit trails, and hardware and software designed to
prevent unauthorized access to the information.
A written agreement signed by each participating
agency to certify its commitment to compliance
with 28 CFR Part 23 standards and system
requirements with regard to criminal intelligence
submitted to or received from the criminal
intelligence system.
A process for audit and inspection of backup
documentation supporting participating agency
submissions to the criminal intelligence database.
In addition, the project must make assurances that
there will be no harassment or interference with any
lawful political activities as part of the intelligence
operation and that its users do not violate the Electronic
Communications Privacy Act (Title III) or any applicable
federal or state statute related to wiretapping and
surveillance during the gathering of information.
Online Training
To facilitate greater understanding of 28 CFR Part 23, BJA
has developed online training designed to help SLTT law
enforcement agency personnel understand and follow the
guidelines that govern the development and implementation
of policies and systems that facilitate criminal intelligence
sharing. Online training topics include:
28 CFR Part 23—An Overview of the Regulation
Complying With the Regulation
Submission/Collection, Processing, and Storage of
Criminal Intelligence Information
Inquiry and Dissemination
Review and Purge or Validate
28 CFR Part 23 online training is available on the National
Criminal Intelligence Resource Center Web site
(http://www.ncirc.gov) and can be accessed from your secure
system or by using the following secure portals:
RISSNET™: For access to RISSNET, contact the Regional
Information Sharing Systems® Center that serves your
geographic area. http://www.riss.net/Centers.aspx
The FBI’s Law Enforcement Enterprise Portal (LEEP):
Users may also access RISSNET through LEEP.
https://www.cjis.gov/CJISEAI/EAIController
Training and Technical Assistance
Training and technical assistance focus on an understanding
of the value of intelligence gathering and analysis while
complying with 28 CFR Part 23 and the importance and need
for law enforcement to protect the privacy and constitutional
rights of individuals. The Criminal Intelligence Sharing:
Protecting Privacy, Civil Rights, and Civil Liberties Training
course expands the discussion of 28 CFR Part 23 to include:
Intelligence and information sharing trends
The legal perspective regarding key concepts found in
28 CFR Part 23, such as privacy and reasonableness
28 CFR Part 23 and how to apply its principles to
everyday situations
How to limit the potential for violating an individual’s
privacy, civil rights, and civil liberties while limiting your
agency’s liability
Training or technical assistance may be requested via e-mail
at 28cfr23info@ncirc.gov.