Chapter 4501:2-10 Law Enforcement Automated Data System (LEADS)

4501:2-10-01 Definitions.

For purposes of this chapter:

(A) "Administration of criminal justice" means the performance of any of the following activities: Detection, apprehension, detention, pretrial release, post-trial release, prosecution, adjudication, correctional supervision, or rehabilitation of accused persons or criminal offenders. The administration of criminal justice shall include criminal identification activities and the collection, storage, and dissemination of criminal history record information.

(B) "Automated fingerprint identification system (AFIS)" is the system developed to provide identification services to the nation's law enforcement community and to organizations where criminal background histories are a critical factor in consideration for employment. AFIS is a computer based system that can store, process, analyze, and retrieve millions of fingerprints.

(C) "Audit" means a formal, periodic examination of records to verify they are current, complete and accurate, and to verify adherence with LEADS and NCIC rules, policies, and regulations.

(D) "Audit trail" means the recorded information tracking the responsibility for hard copies of data garnered from LEADS.

(E) "Bureau of Criminal Investigation and Identification (BCI&I)" is the agency which receives and files fingerprints, photographs and other information pertaining to both felony and misdemeanor arrests submitted by law enforcement agencies throughout the state.

(F) "Bureau of motor vehicles (BMV) or division of motor vehicles (DMV)" is the state-level agency which provides vehicle licensing, titling, and registration information.

(G) "Computerized criminal history (CCH)" means an electronic data processing file which is accessible using specific data fields. It contains records of arrests and dispositions of criminal proceedings entered into the system. The repository of these records is the responsibility of the bureau of criminal identification and investigation as specified in sections 109.57 and 109.60 of the Revised Code.

(H) "Criminal justice administrator" means a person who manages and directs the affairs of a criminal justice office; i.e. police chief, sheriff, highway patrol post commander, administrative judge, FBI special agent-in-charge, chief probation/parole officer, director of intrastate regional system, prosecutor, chief park ranger, etc.

(I) "Criminal justice agency" means:

(1) Courts; and

(2) A governmental or non-governmental agency or any subunit thereof which performs the administration of criminal justice pursuant to a statute or executive order, and which allocates a substantial part (more than fifty percent) of its annual budget to the administration of criminal justice.

(J) "CJIS systems agency (CSA)" means the agency which maintains management control of the computer system on which LEADS resides. CSA responsibilities include planning for necessary hardware and software, funding, training, record validations, quality control, dissemination of manuals and other publications, security, audits, and adherence to LEADS rules. The Ohio state highway patrol is the Ohio CSA.

(K) "CJIS system agency information security officer (CSA ISO)" means the designated person within the CSA who has the responsibility to establish and maintain information security policy, assesses threats and vulnerabilities, performs risk and control assessments, oversees the governance of security operations, and establishes information security training and awareness programs.

(L) "CJIS systems officer (CSO)" means the designated person within the CSA supplying a single contact point for the state of Ohio. This person is appointed by the superintendent of the Ohio state highway patrol .

(M) "Criminal justice information (CJI)" is the abstract term used to refer to all of the LEADS provided data necessary for law enforcement agencies to perform their mission and enforce the laws, including but not limited to: biometric, identity history, person, organization, property, and case/incident history data.

(N) "Criminal justice information services (CJIS)" serves as the focal point and central repository for criminal justice information services in the FBI. This division provides identification and information services to local, state, federal and international criminal justice communities. The CJIS division includes the fingerprint identification program, national crime information center program, uniform crime reporting program, and the development of the integrated fingerprint identification system.

(O) "Electronic mail," also known as e-mail, is the capability of sending messages and data between individuals.

(P) "Encryption" means an application of a specific algorithm of data so as to alter the appearance of the data making it incomprehensible to those who are not authorized to see the information.

(Q) "Firewall" means a system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized internet users from accessing private networks connected to the internet, especially intranets.

(R) "INTERPOL (the international criminal police organization)," located in Lyon, France, is the world's largest international police organization. It was created to support and assist all organizations, authorities and services whose mission is to prevent or combat international crime.

(S) "Interstate identification index (III)" means a computerized pointer system maintained in the NCIC that identifies the repository of criminal history records. Inquiries against the III may result in responses from the FBI identification division as well as from one or more states holding records.

(T) "Intrastate regional system" means a governmental computer system which serves as a cooperative between political subdivisions in a particular region for the purpose of providing a consolidated computerized information system for criminal justice agencies. An application for regional status will be reviewed by the LEADS steering committee (LSC), and recommended to the superintendent of the Ohio state highway patrol for approval.

(U) "Local agency security officer (LASO)" means the person designated as the primary information security contact between a local law enforcement agency and the CSA. The LASO actively represents their agency in all matters pertaining to information security, disseminates information security alerts and other material to their constituents, maintains information security documentation (including system configuration data), assists with information security audits of hardware and procedures, and keeps the CSA informed as to any information security needs and problems.

(V) "Law enforcement automated data system (LEADS)" means the statewide computerized network which provides computerized data and communications for criminal justice agencies within the state of Ohio. LEADS is administered by the Ohio state highway patrol superintendent. LEADS does not include data and files separately collected and maintained by intrastate regional systems or other individual user systems.

(W) "LEADS data" is the abstract term used to refer to all of the LEADS provided data necessary for law enforcement agencies to perform their mission and enforce the laws, including but not limited to: biometric, identity, history, person, organization, property, and case/incident history data.

(X) "LEADS owned equipment" means any network connectivity equipment owned or leased by LEADS.

(Y) "LEADS steering committee" is established to provide advice to the superintendent of the Ohio state highway patrol concerning the governing of LEADS.

(Z) "LEADS trap" means the system used to protect officers involved in high-risk investigations, who have been verbally threatened with physical harm, or have reason to believe physical harm could occur as a result of performing their duties.

(AA) "LEADS access device" means a personal computer with monitor, central processing unit (CPU), operating system, any printers, and LEADS approved software.

(BB) "Managed security services" means network security services performed by a private company or contractor. Selecting a managed security service includes but is not limited to the set up, configuration, operations, maintenance and monitoring of your security infrastructure. This applies to firewalls, intrusions detection systems, syslog servers, and network monitoring equipment.

(CC) "Management control" means having the authority to set and enforce:

(1) Priorities;

(2) Standards for the selection, supervision, and termination of personnel; and

(3) Policy governing the operation of computer circuits and telecommunications terminals used to access LEADS.

(DD) "Mobile access device" is a portable/wireless terminal owned/leased by a criminal justice agency and whose operator is under the management control of the LEADS user agency.

(EE) "Message" refers to any information communicated from terminal to terminal through the LEADS communication network.

(FF) "National crime information center (NCIC)" means the nationwide computerized filing system established for criminal justice agencies at the local, state, and federal levels and is managed by the federal bureau of investigation (FBI).

(GG) "NLETS (International Justice and Public Safety Information Sharing Network)" means the computerized message switching and filing system linking local, state, federal, and international criminal justice agencies for information exchange. This system is operated as a cooperative of the states.

(HH) "Nonterminal agency" means a criminal justice agency qualifying for an originating agency identifier but not having a direct connection to LEADS.

(II) "Originating agency identifier (ORI)" means a unique, nine character identifier assigned by LEADS and NCIC to electronically address each agency and terminals within the agency.

(JJ) "Practitioner" is any person authorized to receive LEADS data who is "not" a certified terminal operator.

(KK) "Secondary dissemination" is when criminal history record information is released to another authorized agency, and that agency was not part of the releasing agency's primary information exchane agreement(s).

(LL) "Serious misdemeanors," for the purpose of being a terminal operator, include but are not limited to the following:

(1) Any offense classified by the Ohio Revised Code as a misdemeanor of the first degree;

(2) Any offense which involves a crime against a person in which physical harm or the threat of physical harm occurred;

(3) Any offense involving the use/misuse of a computer or computer system;

(4) Any offense involving theft, identity theft, fraud, or other similar offense;

(5) Any offense involving the impersonation of a law enforcement officer;

(6) Any offense where the use of LEADS information was instrumental in the commission of the offense.

An appeal process is available anytime there is denial of access to work on/within LEADS.

(MM) "Terminal" means a workstation, wireless device , or intrastate regional device from which LEADS, NCIC or NLETS data may be accessed.

(NN) "Terminal agency" means a criminal justice agency qualifying for an originating agency identifier which has a terminal accessing LEADS.

(OO) "Terminal agency coordinator (TAC)" means the designated person that serves as the point-of-contact at the local agency for matters relating to LEADS information access. A TAC administers LEADS systems programs within the local agency and oversees the agency's compliance with LEADS systems policies.

(PP) "USNCB (United States national central bureau)" is a component of the department of justice serving as the point of contact to INTERPOL for United States law enforcement agencies.

(QQ) "Validation" means the act of reviewing records to ensure the accuracy, completeness and continued interest of the data therein.

Effective: 04/05/2013
R.C. 119.032 review dates: 01/17/2013 and 12/26/2017
Promulgated Under: 119.03
Statutory Authority: R.C. 5503.10
Rule Amplifies: R.C. 5503.10
Prior Effective Dates: 10/10/91, 4/11/94, 9/29/94, 10/21/95, 5/27/96, 7/31/98, 7/1/01, 11/1/03, 12/23/04, 02/15/08

4501:2-10-02 LEADS steering committee.

(A) The LEADS steering committee is established to provide advice to the superintendent of the Ohio state highway patrol concerning the governing of LEADS. The committee is composed of nine members who shall represent the following organizations:

(1) Ohio state highway patrol;

(2) Buckeye state sheriff's association;

(3) Ohio association of chiefs of police;

(4) Bureau of criminal identification and investigation;

(5) Intrastate regional systems;

(6) Police department representing smaller police departments;

(7) Municipal police department representing larger police departments;

(8) County sheriff's office representing metropolitan area sheriff's offices; and

(9) The chief justice of the Ohio supreme court or his/her designee representing courts.

(B) The LEADS steering committee's duties include providing recommendations for rules, reviewing violations of these rules to ensure equal and just sanctions have been invoked; recommending enhancements to the system; recommending user fees and other duties as assigned by the superintendent.

(C) Any person substituting for an appointed LEADS steering committee member shall have the authority to contribute and enter into discussion regarding issue(s) before the committee; however, the person shall not have authority to vote on any issue before the committee.

(D) LEADS operators, supervisors and/or agency administrators shall cooperate with any efforts of the LEADS steering committee, the superintendent of the highway patrol or persons authorized to act in their name, in actions/directives/orders, administrative reviews or other efforts to improve the system.

Effective: 04/05/2013
R.C. 119.032 review dates: 01/17/2013 and 12/26/2017
Promulgated Under: 119.03
Statutory Authority: R.C. 5503.10
Rule Amplifies: R.C. 5503.10
Prior Effective Dates: 10/10/91, 4/11/94, 9/29/94, 10/21/95, 5/27/96, 7/31/98, 02/15/08

4501:2-10-03 Participation in LEADS.

(A) Participation in LEADS and the assignment of an originating agency identifier requires application and documentation the requester is:

(1) A criminal justice agency.

(2) An agency under the management control of a criminal justice agency. A criminal justice agency must have a written agreement with a governmental division which operates the data equipment used by agencies to access LEADS/NCIC to assure the criminal justice agency has management control. This includes regional dispatch centers as a cooperative effort entered into by political subdivisions in a particular area for the purpose of providing consolidated and computer-assisted dispatch for public safety purposes; that is, police, fire, and rescue services.

(3) A nongovernmental railroad or private campus police department which performs the administration of criminal justice and has arrest powers pursuant to state statute, which allocates a substantial part (more than fifty per cent) of its annual budget to the administration of criminal justice and which meets training requirements established by law or ordinance for such officers.

(4) A nongovernmental agency or subunit thereof which allocates a substantial part of its annual budget (more than fifty per cent) to the administration of criminal justice. The agency may have access to files, except criminal history record information, provided such access is approved by LEADS.

(5) A governmental or nongovernmental regional dispatch center, which provides communication services to criminal justice agencies may be authorized access to files. Such centers shall be required to execute an agreement with each criminal justice agency it serves and with LEADS assuring compliance with all duly promulgated LEADS rules.

(6) The national insurance crime bureau (NICB), a nongovernmental, nonprofit agency, which acts as a national clearinghouse for information on stolen vehicles and offers free assistance to law enforcement agencies concerning automobile thefts, identification and recovery of stolen vehicles may be provided limited access to the LEADS and NCIC vehicle and license plate files and to the NCIC boat files.

(7) A noncriminal justice governmental bureau of motor vehicles (BMV) or division of motor vehicles (DMV), established by a state statute, which provides vehicle registration and driver record information to criminal justice agencies and has an essential need to access the license plate and vehicle files may be authorized to participate in LEADS, excepting criminal history record information. Such registry shall be required to execute an agreement with LEADS assuring compliance with all established rules.

(8) Intrastate regional systems.

(9) A governmental, noncriminal justice agency created by federal, state or local code, whose mission is to enforce or assist in enforcing federal, state or local laws or ordinances may access Ohio and other state bureau of motor vehicle data as available.

(B) Agencies approved to participate in LEADS shall be granted access subject to the following restrictions:

(1) Full access (entry, retrieval, and message switching capabilities):

(a) The terminal must be staffed twenty-four hours a day, seven days a week, every day of the year.

(b) The agency must have the authority to act and to pursue persons entered as wanted when apprehended by another agency per the pick-up radius/extradition limitation contained within the record.

(c) Intrastate regional systems under criminal justice management control whose central computer system is staffed twenty-four hours a day, seven days a week, every day of the year.

(d) The primary purpose of LEADS is the protection of the officer on the street; therefore, terminal operators shall maximize entry capabilities to serve this purpose, i.e. packing the record.

(2) Inquiry only (retrieval and message switching capabilities):

(a) Terminals which are not staffed twenty-four hours per day, seven days per week, each day of the year.

(b) Noncriminal justice agencies permitted access to LEADS.

(3) Mobile access:

(a) Agencies utilizing mobile access devices may have full retrieval and message switching capabilities, including CCH data and hard copy printouts of all LEADS output.

(b) CCH information and/or hard copy printouts in the mobile access device environment are governed by the same rule/policy as hard wired devices. Any agency wishing to provide mobile access device service must have written approval of the CSO.

(c) A mobile access device shall not be utilized in lieu of a traditional workstation in an office environment without expressed written consent of the CSO or his/her designated authorized agent.

(4) Non-terminal agency:

(a) An agency which qualifies for an ORI may enter into an agreement with the CSA/LEADS for LEADS service. LEADS will provide the non-terminal agency with a copy of the participation agreement and with copies of the administrative rules, operating manual and training materials applicable to LEADS practitioners (road officers, secretaries, clerks, etc.).

(b) Non-terminal agencies authorized to receive LEADS data are certified as such in a database prepared/maintained by LEADS which is accessible to all terminal agencies.

(c) Unauthorized non-terminal agency ORI's will be denied inquiry capabilities. Terminal agencies must use the non-terminal ORI for inquiry functions when the request is initiated by the non-terminal agency.

(C) Agencies participating in LEADS shall meet the following requirements:

(1) Remit payment of all monetary obligations as invoiced by the Ohio state highway patrol, administrators of LEADS.

(2) Assume responsibility for, and enforce, system security and integrity.

(3) Adhere to policies and guidelines published in the NCIC operating manual, CJIS security policy, LEADS operating manual, LEADS security policy, newsletters, and administrative messages from LEADS, all of which are either available on the ODPS/LEADS intranet or disseminated to LEADS agencies.

(4) Ensure all terminal operators become LEADS certified by completing the appropriate LEADS certification test within the first six months of employment and recertify every two years thereafter. New employees are permitted to use the LEADS terminal under the supervision of a certified operator during the new employee training period.

(5) Limit LEADS access to certified operators employed by the agency assigned the originating agency identifier (ORI). Nonemployees cannot be used as LEADS terminal operators with the exception of task force, special, reserve, or auxiliary officers commissioned by the agency, or personnel under the management control of the assigned agency.

(6) Execute appropriate application, participation agreement, and holder of the record forms. These forms must be kept current and will be reviewed and updated triennially as part of the agency audit. The completed forms will be filed with LEADS and the user agency.

(7) Appoint a LEADS terminal agency coordinator (TAC) and local agency security officer (LASO). Each participating non-terminal agency must have a non-terminal agency coordinator (NTAC).

(8) Conduct a complete background investigation of all terminal operators including, but not limited to:

(a) An applicant national web-check ten-print electronic submission to BCI&I and FBI (within the policies governing their systems.

(b) The agency is required to notify the CSO of any applicant's criminal record. Existence of a criminal record may result in the denial of access.

(9) Train all personnel of the agency having access to LEADS data with the capabilities, services offered and rules of LEADS. Compliance with this rule shall include, but is not limited to, completion of the LEADS provided practitioner lesson plan and biennial security awareness training.

(10) Restrict entries in the LEADS trap file to law enforcement officers involved in high-risk investigations, threatened with physical harm, or have reason to believe physical harm could occur as a result of performing their duties.

(a) Trap requests shall include a contact number for twenty-four hour notification. Failure to include a valid twenty-four hour contact can result in the trap being deleted from the system.

(b) Trap entries shall be audited every twelve months. Failure to validate entries will result in the trap being deleted from the system.

Replaces: 4501:2-10-03

Effective: 04/05/2013
R.C. 119.032 review dates: 12/26/2017
Promulgated Under: 119.03
Statutory Authority: R.C. 5503.10
Rule Amplifies: R.C. 5503.10
Prior Effective Dates: 10/10/91, 3/28/92, 4/11/94, 9/29/94, 10/10/95, 5/27/96, 7/31/98, 7/1/01, 11/1/03, 12/23/04, 02/15/08

4501:2-10-04 LEADS points of contact.

(A) A LEADS terminal agency coordinator, hereafter referred to as TAC, shall be appointed by each terminal agency administrator. The TAC must be fully certified as a LEADS operator and have supervisory authority over the operation of LEADS approved equipment. The TAC is directly responsible to the agency administrator for the operation of LEADS. An agency administrator can also assign up to three certified assistant TACs to assist with the TAC responsibilities. A part-time employee with an agency can be assigned as the agency TAC, if they are capable of fulfilling the TAC responsibilities.

(1) LEADS TAC duties:

(a) Train LEADS terminal operators in all facets of LEADS operation.

(b) Train other affected personnel as to the operational capabilities of LEADS, administrative rules, and authorized use/dissemination.

(c) Ensure each operator reviews training materials and is recertified every two years.

(d) Attend the new TAC indoctrination training within six months of appointment.

(e) Attend inservice training sessions as scheduled.

(f) Train, functionally test and affirm the proficiency of terminal (equipment) operators within six months of hire.

(g) Properly complete the monthly records validations.

(h) Document review of all information from LEADS, including but not limited to:

(i) Newsletters

(ii) LEADS computer messages

(iii) Manuals

(iv) Training materials

(v) Record retention

(i) Maintain agency level records of LEADS certified operators for the length of employment and notify LEADS of any changes on the prescribed on-line form provided by LEADS.

(j) Review (second party check) all entries within a reasonable time frame for accuracy and completeness; and modify/cancel entries as needed.

(k) Biennially provide the functional retesting and reaffirm the proficiency of terminal operators in order to assure compliance with LEADS/NCIC policy and rules.

(l) Ensure all LEADS agreements are current.

(2) LEADS TAC requirements:

(a) Knowledge of the responsibilities, functions, organization structure, purpose, goals and objectives of the agency.

(b) Knowledge of criminal justice methods, procedures and programs.

(c) Knowledge of the NCIC, NLETS and LEADS rules, regulations, and guidelines. This knowledge includes, but is not limited to, being familiar with what services are available, user agreements, and nonterminal agency access.

(d) Knowledge of all procedures concerning broadcast messages and their proper use.

(e) Participate in audits conducted by LEADS staff.

(B) A LEADS local agency security officer, hereafter referred to as LASO, shall be appointed by each terminal agency administrator. The LASO is directly responsible to the agency administrator for the security of LEADS.

(1) LEADS LASO duties:

(a) Identify who is using the CSA approved hardware, software, and firmware and ensure no unauthorized individuals or processes have access to the same.

(b) Identify and document how the equipment is connected to the state system.

(c) Ensure that personnel security screening procedures are being followed as stated in the LEADS security policy.

(d) Ensure the approved and appropriate security measures are in place and working as expected.

(e) Support policy compliance and ensure CSA CSO is promptly informed of security incidents.

(f) Maintain all security related documentation from LEADS, including but not limited to:

(i) LEADS security policy

(ii) Security awareness training

(g) Participate in audits conducted by LEADS staff.

(2) LEADS LASO requirements:

(a) Knowledge of the LEADS security policy.

(b) Knowledge of the location and uses of all LEADS and agency owned equipment accessing LEADS within the agency.

(c) Knowledge and administration of the general maintenance of the LEADS equipment.

(C) A LEADS non-terminal agency coordinator, hereafter referred to as NTAC, shall be appointed by each non-terminal agency administrator .

(1) LEADS NTAC duties:

(a) Train affected personnel as to the capabilities of LEADS, administrative rules, and authorized use/dissemination.

(b) Maintenance of all LEADS agreements and employee training records.

Replaces: 4501:2-10-04, 4501:2-10-06 (in part)

Effective: 04/05/2013
R.C. 119.032 review dates: 12/26/2017
Promulgated Under: 119.03
Statutory Authority: R.C. 5503.10
Rule Amplifies: R.C. 5503.10
Prior Effective Dates: 10/10/91, 4/11/94, 10/21/95, 11/2/96, 7/31/98, 7/1/01, 11/1/03, 02/15/08

4501:2-10-05 Validations.

(A) All entries into the LEADS and NCIC files shall be reviewed and documented by a second person within the agency to verify the data entered matches the source document(s). The purpose of this check is to ensure accuracy and completeness of the record.

(B) Invalid records or data must be removed from the files immediately and may not be re-entered unless and until a complete validation of the data contained therein is completed.

(C) Records not validated in accordance with this chapter are subject to removal by LEADS and/or NCIC.

(D) Random or special validations may be required to maintain the accuracy and integrity of the LEADS and NCIC files.

(E) Validation schedule:

Terminal agencies permitted full access may enter records into LEADS and/or NCIC. The validation procedure outlined in the LEADS operation manual must be followed.

(F) Documents associated with the validation process are to be retained by the validating agency for one year and may then be destroyed. The documents must include who was contacted, when the contact was made, and the status of the person or property.

(G) Failure to properly validate records as required will subject the agency to sanctions.

Effective: 04/05/2013
R.C. 119.032 review dates: 01/17/2013 and 12/26/2017
Promulgated Under: 119.03
Statutory Authority: R.C. 5503.10
Rule Amplifies: R.C. 5503.10
Prior Effective Dates: 10/10/91, 4/11/94, 10/21/95, 7/31/98, 7/1/01, 11/1/03, 4/22/04, 02/15/08

4501:2-10-06 Dissemination and record keeping.

(A) LEADS shall be limited to certified operators. Each operator is accountable for all transactions occurring while their assigned password is logged on to a terminal accessing LEADS. An audit trail shall be maintained by participating LEADS agencies across the body of the printout for each dissemination, or receipt, of any printout of information from the LEADS. Formal information exchange agreements shall be required between agencies exchanging criminal justice information (CJI) obtained through LEADS.

(1) Information exchange agreements for agencies sharing CJI data that is sent to and/or received from LEADS shall specify security controls and conditions.

(2) Information exchange agreements shall be supported by documentation committing both parties to the terms of information exchange.

(3) If CJI is released to another authorized agency, and that agency was not part of the releasing agency's primary information exchange agreement(s), the releasing agency shall log such dissemination.

(B) Each LEADS CCH/III inquiry shall contain the applicable purpose code per the BCI&I training manual information which is provided by the attorney general to all user agencies. All criminal history inquiries are to be logged in the format specified in the BCI&I training manual or an automated CCH log whose format has been approved by BCI&I.

(C) Messages and/or throughput of any kind accessed through LEADS shall be restricted to the use of duly authorized law enforcement and/or criminal justice agencies for the administration of criminal justice. The data shall not be sold, transmitted, or disseminated to any non-law enforcement agency, non-criminal justice agency or unauthorized person; except as provided in rule 4501:2-10-03 of the Administrative Code. The LEADS activity report, excluding criminal justice data, may be provided to an arbitrator and/or bargaining unit representative, as necessary, for use in collective bargaining proceedings; further transmission or dissemination of the LEADS activity report is prohibited.

(D) Fatal crash data, when properly designated, is available to the media. Hazardous material files and data is to be available to fire department and emergency management personnel.

(E) Administrative messages identified by LEADS as information pertaining to homeland security when determined by the CSO or designated agent will contain additional dissemination instructions. These messages may be released outside the criminal justice system as designated.

(F) All terminal, quadrant and out-of-state messages shall be limited to those relating to formal criminal justice duties. Messages prohibited on the NLETS pursuant to rule 4501:2-10-08 of the Administrative Code are also prohibited on the LEADS.

(G) Administrative messages may be directed to specific criminal justice agencies for the purpose of local criminal record checks to complete criminal background investigations for governmental, non-criminal justice agencies, following the same application and approval outlined in rule 4501:2-10-08 of the Administrative Code. This rule does not supersede any existing laws or rules as to access to NCIC, NLETS, III or CCH.

(H) Each terminal user shall make every reasonable effort to assure the accuracy, completeness, conciseness, and timeliness of all data transmitted.

(I) Each terminal user shall respond as promptly as possible to all incoming messages that require a reply. Priority "U" (urgent) hit confirmations must be answered within ten minutes, and priority "R" (routine) hit confirmations requests must be answered within one hour; both with an indication of the current status of any wants. If the current status cannot be verified within the time limit, a message shall be sent within the time limit advising when the record will be verified.

(1) A hit request shall not be sent if the person is outside of the pick-up radius.

(2) A locate shall not be placed unless the record is confirmed.

(J) Notice of criminal justice training offered by the Ohio peace officer's training council approved academies and training offered by a criminal justice agency may be transmitted over LEADS. Notice of training offered by private concerns is not permitted over LEADS.

(K) Training manuals are not for use, or for possession, or release outside the terminal agency except as otherwise provided in this chapter, or as specifically authorized by the CSO.

(L) Hard-copy printouts of information obtained through LEADS must be rendered unreadable when no longer needed.

(M) Source documentation shall be retained either in hard copy or electronic form (in compliance with the LEADS security policy) to substantiate all information entered into LEADS and/or NCIC for the life of the entered record.

(N) Employee training records shall be kept as follows:

(1) Training records for the TAC and the NTAC are the responsibility of LEADS.

(2) Training records for operators, and practitioners and administrators are the responsibility of the LEADS user agency.

(3) Training records for non-terminal agency practitioners are the responsibility of the non-terminal agency administrator.

(4) Training and maintenance of training records for intrastate regional systems are the responsibility of the intrastate regional system.

(5) Training and maintenance of training records for mobile access device operators are the responsibility of the mobile access service provider.

Effective: 02/16/2014
R.C. 119.032 review dates: 12/26/2017
Promulgated Under: 119.03
Statutory Authority: R.C. 5503.10
Rule Amplifies: R.C. 5503.10
Prior Effective Dates: 10/10/91, 3/28/92, 4/11/94, 9/29/94, 10/10/95, 5/27/96, 7/31/98, 7/1/01, 11/1/03, 02/15/08, 4/5/13

4501:2-10-07 LEADS audits.

(A) Each agency shall, upon notice, submit to a periodic and at least triennial audit conducted by members of the LEADS staff. The audit shall include the elements of compliance; economy and efficiency; and effectiveness. The audit will have two basic objectives:

(1) To provide reasonable assurance appropriate control systems have been established by the agency administrator to ensure compliance with law and rules; and

(2) To provide reasonable assurance the terminal agency has instituted sufficient controls to guarantee their entries provide reliable and accurate information.

(B) Prior to the triennial on-site audit, the agency will be contacted by LEADS staff to schedule an audit date. The agency must complete, retain, and submit a pre-audit questionnaire, current agreements, terminal operator's list, and agency self evaluation for review at the time of the audit.

(C) The agency administrator must make every effort to be available to the auditor for an exit interview.

(D) Agencies requested to modify operations to be in compliance will receive correspondence detailing deficiencies. The agency must respond in writing within the time period specified in the correspondence. This response must document detailed actions taken to correct the deficiencies.

(E) Intrastate regional systems are responsible for trienially auditing agencies participating in their intrastate regional system. The audit plan must be approved by LEADS staff. The intrastate regional administrator will be responsible for the certification of audits within the regional system. LEADS will audit the regional agency and a sample representation of their agencies on a triennial basis in the same manner as is done for full access LEADS agencies. Upon completion, all agencies' audit reports shall be provided to the CSA.

(F) Mobile access service providers are responsible for trienially auditing agencies for which they provide service. Upon completion, all agencies' audit reports shall be provided to the CSA.

(G) Each non-terminal agency shall, upon notice, submit to a periodic audit conducted by members of LEADS staff. The objective of this audit is to provide reasonable assurance that appropriate control systems have been established by the agency administrator to ensure compliance with law and rules.

Effective: 04/05/2013
R.C. 119.032 review dates: 01/17/2013 and 12/26/2017
Promulgated Under: 119.03
Statutory Authority: R.C. 5503.10
Rule Amplifies: R.C. 5503.10
Prior Effective Dates: 10/10/91, 4/11/94, 10/21/95, 11/2/96, 7/31/98, 7/1/01/ 11/1/03, 02/15/08

4501:2-10-08 International justice and public safety information sharing network (NLETS).

(A) There are two basic types of NLETS messages: administrative and inquiry. The formats for NLETS messages as outlined in the LEADS operating manual will be followed at all times.

(B) Administrative messages:

(1) NLETS has established the following restrictions to control the sending of all points (AP) messages. These types of messages should be used only when the information is relevant nationwide. If the message pertains to a geographical area of the United States, i.e., east coast, sunbelt, etc., it should be sent using a regional broadcast code which more narrowly focuses on the states that need, or can supply, the information.

(2) Recognizing there are circumstances where the seriousness of the situation necessitates national broadcast the all points message may be sent under the following conditions:

(a) A user has information that is pertinent to a criminal investigation that is of interest to all states and cannot be entered into NCIC.

(b) A user has information regarding kidnapping, skyjacking or other serious criminal acts. Keep messages as brief as possible.

(c) A user has information on a wanted person that cannot be entered into NCIC, but is of interest to all states.

(3) NLETS may not be used in the following types of messages:

(a) No social announcements, i.e., holiday messages or retirements, etc.

(b) No solicitation of funds, seminar, conventions or training class announcements; except training and seminar announcements may be sent via regional broadcast codes to states in geographic proximity of the center. The course must provide a direct service to law enforcement and may not include a name of a private company; except nonprofit company.

(c) No recruitment of personnel.

(d) No messages in which the complainant is interested only in recovery of property.

(e) No attempts to locate vehicle (breach of trust) without a warrant.

(f) No excessively long messages.

(g) No messages supportive of, or in opposition to, political issues or announcements relative to such issues.

(h) No messages supportive of, or in opposition to, labor management issues or announcements relative to such issues.

(i) No messages supportive of, or in opposition to, proposed legislation.

(j) No messages relating to requests for information concerning salary, uniforms, personnel or related items which can be routinely obtained by correspondence or means other than NLETS.

(k) No messages relating to the advertisement or sale of equipment.

(l) No messages regarding wanted subjects or vehicles if they can be entered into NCIC.

(m) No attempt-to-locate messages.

(n) No missing persons or runaways if they can be entered into NCIC.

(o) No transmission of subpoenas.

(p) Automated positive message acknowledgment (PMA) will not be allowed except when a need can be shown that automated PMA is required in order to capture information that can be of substantial value in diagnosing an information exchange problem. Under no circumstances will the temporary use of PMA exceed forty-five days. Authorization for temporary PMA can be given by the executive director.

(C) Inquiry into the vehicle registration, driver's license information, or other data obtained via NLETS is limited to law enforcement, criminal justice, department of motor vehicles purposes or other legitimate governmental non-criminal justice purposes approved by the superintendent of the Ohio state highway patrol and NLETS.

(D) Hazardous material information obtained through NLETS may be released to emergency services personnel outside the criminal justice community, i.e., fire departments and emergency management agencies.

(E) Homeland security information obtained through NLETS may be released outside the criminal justice community as designated on the message relayed by LEADS.

Effective: 04/05/2013
R.C. 119.032 review dates: 01/17/2013 and 12/26/2017
Promulgated Under: 119.03
Statutory Authority: R.C. 5503.10
Rule Amplifies: R.C. 5503.10
Prior Effective Dates: 10/10/91, 4/11/94, 9/29/94, 10/21/95, 5/27/96, 7/31/98, 11/1/03, 02/15/08

4501:2-10-09 National crime information center (NCIC).

(A) Any agency operating a terminal accessing NCIC shall implement the necessary procedures to make that terminal secure from any unauthorized use. Departure from this responsibility may result in the removal of the offending terminal(s) from further NCIC participation.

(B) The NCIC uses hardware and software controls to help ensure system security. However, final responsibility for the maintenance of the security and confidentiality of criminal justice information rests with the individual agencies participating in the NCIC system.

(C) Use of NCIC services by any user agency shall be in accordance with the instructions and procedures contained in the NCIC operating manual, the codes contained in the NCIC code manual, and new enhancements contained in the NCIC technical and operational updates, NCIC newsletter, or any other official notification from FBI/NCIC.

(D) The interstate identification index (III) shall only be used for the administration of criminal justice. This includes the issuing of a license or permit for a weapon or explosives when a criminal history check is required to be performed by a criminal justice agency pursuant to a federal, state, or local law or ordinance. If the permits or licenses are issued by noncriminal justice agencies such as county commissioners, mayors offices, etc., a computerized criminal history check shall only be made available as provided in 28 C.F.R. 20.33 (published July 1, 2003).

(E) Federal public law 104-120 "Housing Opportunity Program Extension Act of 1996" specifies CCH/III access is authorized by federal housing authorities for purposes of screening, lease enforcement, and eviction. NCIC, LEADS, police departments, and other law enforcement agencies shall only confirm or deny the existence of criminal history records to hoursing and urban development agencies upon request.

(F) Federal public law 104-193 "Personal Responsibility and Work Opportunity Reconciliation Act of 1996" authorizes wanted person file access for state and local human services authorities. LEADS shall provide direct access capability to human services offices as users of the system are not authorized to provide this data.

(G) A public children services agency may initiate inquiries and receive computerized criminal history information through local law enforcement agencies using LEADS and NCIC.

Within fifteen days of the request for computerized criminal history information, the public children services agency shall submit to BCI&I and the FBI completed fingerprint cards of the person whose information was submitted to the local law enforcement agency.

Prior to the release of computerized criminal history information under this rule, the public children services agency shall:

(1) Apply for and/or have been issued an NCIC originating agency identifier ending in the letter T.

(2) Furnish to the terminal agency providing the computerized criminal history information the agency's NCIC originating agency identifier.

(3) Certify the computerized criminal history information received from local law enforcement agencies shall only be used when exigent circumstances exist for the safe emergency placement of a child or children and time restraints make submission of fingerprint cards unreasonable.

(H) The Adam Walsh Child Protection and Safety Act of 2006, Pub. L. No. 109-248 became effective October 1, 2006. Sections 151 and 153 of the act allow access to FBI criminal history record information (CHRI) by governmental social service agencies with child protection responsibilities.

(1) Those agencies meeting NCIC requirements will be assigned an ORI with an "F" in the ninth position and purpose code "C" will be used for inquiries made for those agencies.

(2) Terminal agencies must use the "F" ORI assigned to the non-terminal governmental social service agency requesting the NCIC or CCH/III inquiry. This procedure will enable the identification of NCIC and CCH/III transactions conducted pursuant to the act and will facilitate state and federal compliance audits.

Effective: 04/05/2013
R.C. 119.032 review dates: 01/17/2013 and 12/26/2017
Promulgated Under: 119.03
Statutory Authority: R.C. 5503.10
Rule Amplifies: R.C. 5503.10
Prior Effective Dates: 10/10/91, 4/11/94, 9/29/94. 10/21/95, 5/27/96, 7/31/98, 11/1/03, 4/22/04, 02/15/08

4501:2-10-10 LEADS owned equipment/connected agency owned equipment.

(A) Terminal agencies shall properly maintain and care for LEADS owned equipment. Any malfunction of this equipment requires LEADS be notified as soon as possible. Agency owned equipment used to access LEADS as the primary agency session shall be supported by repair service as required by the LEADS security policy as a minimum.

(B) LEADS owned equipment shall not be changed, modified, turned off, unplugged or rendered inoperable in any manner except in the case of equipment malfunction preventing operation or if directed by LEADS personnel or equipment contract repair personnel. All repairs on LEADS owned and serviced equipment shall be initiated through LEADS. Repairs caused by alterations to or abuse of the equipment shall be billed to the user agency.

(C) LEADS owned equipment shall not be changed in any manner or moved from the installed position without permission of the CSO or the CSO's designee. Written notice of any relocation of LEADS owned equipment accessing LEADS or any change request shall be submitted in writing forty-five days in advance of the move. Prior to relocating equipment, a site inspection will be conducted and location approved by LEADS staff. Any relocation charge shall be at the expense of the user agency.

(D) Modifications or additions of any agency owned equipment connected to LEADS shall be approved in writing by the CSO or the CSO's designee. Any local area network terminal accessing LEADS shall have the intelligent device, i.e. file server, and its administrator under the management control of a criminal justice agency. The proper agreements as set forth in this chapter shall be instituted prior to being permitted access to LEADS.

(E) No remote access is permitted to LEADS except as approved by LEADS. Remote access to agency owned equipment is prohibited while the equipment is on-line with LEADS, except as approved and monitored by LEADS control.

(F) The terminal agency shall notify the CSO in writing at least forty-five days in advance of intention to cancel LEADS service.

(G) Agency owned software is not permitted to be installed in LEADS owned equipment. Agency equipment and/or software believed to be degrading LEADS service shall be disconnected until the problem is resolved.

(H) LEADS owned equipment/software or equipment/software connected to LEADS shall not be interconnected to other systems or networks without written authorization from the CSO.

(I) LEADS owned equipment/software shall not be used for personal benefit.

(J) All equipment/software use will be monitored continually by LEADS control and randomly by LEADS staff or their representatives. Any misuse shall be cause for administrative sanction and/or criminal prosecution.

Effective: 04/05/2013
R.C. 119.032 review dates: 01/17/2013 and 12/26/2017
Promulgated Under: 119.03
Statutory Authority: R.C. 5503.10
Rule Amplifies: R.C. 5503.10
Prior Effective Dates: 10/10/91, 4/11/94, 10/21/95, 5/27/96, 7/31/98, 7/01/01, 11/01/03, 12/23/04, 9/22/05, 02/15/08

4501:2-10-11 Sanctions.

(A) Violations of the rules within this chapter could result in denial of access to LEADS. LEADS has established the following progressive sanction process to enforce these rules while cooperating with agencies to continue to protect the officers in the field.

Level 1: Notice of the violation. If the situation is not corrected with documentation to LEADS within forty-five days from the date notice is sent, step 2 will be initiated.

Level 2: Notice is sent to the agency administrator with a copy also forwarded to the local chief executive or designee. Notice shall include the progressive sanction steps and may include restrictions for specific operators. If the situation continues or the correction is not documented to LEADS within thirty days, step 3 will be initiated.

Level 3: The agency participation in LEADS will be reduced to limited access, i.e., inquiry only. Entry of new records into the system will be denied until the situation is corrected. If corrective action is not taken, including written documentation to LEADS within thirty days, step 4 will be initiated.

Level 4: The agency's access to the Ohio computerized criminal history (CCH) files and the NCIC interstate identification index (III) will be terminated. If corrective action is not completed, including documentation to LEADS, within thirty days, step 5 will be initiated.

Level 5: All records entered by the agency into the LEADS and NCIC files shall be cancelled and the agency will not be permitted entry capabilities. This shall remain in effect until recommendation by the LEADS steering committee and authorization of the chairperson is obtained to reinstate access for the agency. If the situation is not corrected, including documentation to LEADS within thirty days, step 6 will be initiated.

Level 6: The agency's access to the Ohio bureau of motor vehicles files shall be terminated. If the agency continues to fail to correct and document their actions to LEADS within thirty days, step 7 will be initiated.

Level 7: The agency shall no longer be permitted to participate in LEADS. All LEADS owned/leased equipment will be removed. The agency shall remain responsible for any unpaid fees due LEADS to this date.

The agency shall not be approved terminal access until review by the LEADS steering committee and approval of the chairperson. The agency may institute a non-terminal user agreement with LEADS, but this shall be limited to inquiry capabilities only and excludes access to the criminal history and NCIC III files.

(B) Exceptions and modifications to the progressive sanction process may be authorized by the LEADS steering committee chair, if in his/her opinion, circumstances warrant such action.

(C) As with any sanction, there is a right of appeal to be heard by the LEADS steering committee. This process is not under adjudication procedures (Chapter 119. of the Revised Code).

Effective: 04/05/2013
R.C. 119.032 review dates: 01/17/2013 and 12/26/2017
Promulgated Under: 119.03
Statutory Authority: R.C. 5503.10
Rule Amplifies: R.C. 5503.10
Prior Effective Dates: 10/10/91, 10/21/95, 11/2/96, 7/31/98, 7/1/01, 11/1/03, 02/15/08

4501:2-10-12 Fees for participation in LEADS.

(A) The following monthly fees have been established for participation in LEADS will be established and reviewed annually by the superintendent or his/her designee :

(1) LEADS terminal access is two hundred fifty dollars base fee plus circuit cost from telecommunications carrier;

(2) Internet-based LEADS terminal access is two hundred fifty dollars base fee plus five dollars per computer and five dollars per user;

(3) Non-terminal LEADS access is fifty dollars;

(4) Non-terminal LEADS with mobile device access is one hundred dollars.

(B) Cost sharing agreements between terminal agencies and non-terminal agencies are acceptable. The total revenue generated shall not exceed the terminal agency's monthly dollar obligation to LEADS. A cost sharing agreement shall not exempt the non-terminal agency from remitting the established fees to LEADS.

(C) Vouchers for LEADS service shall be made payable to: "Treasurer of State (Fund 83f)" and shall be mailed to "Ohio State Highway Patrol, P.O. Box 182074, Columbus, Ohio 43218-2074."

Effective: 04/05/2013
R.C. 119.032 review dates: 01/17/2013 and 12/26/2017
Promulgated Under: 119.03
Statutory Authority: R.C. 5503.10
Rule Amplifies: R.C. 5503.10
Prior Effective Dates: 10/10/91, 4/11/94, 7/31/98, 11/1/03

4501:2-10-13 [Rescinded]Participation agreement.

Effective: 04/05/2013
R.C. 119.032 review dates: 01/17/2013
Promulgated Under: 119.03
Statutory Authority: R.C. 5503.10
Rule Amplifies: R.C. 5503.10
Prior Effective Dates: 10/10/91, 4/11/94, 9/29/94, 10/21/95, 5/27/96, 7/31/98, 11/01/03, 12/23/04, 9/22/05, 02/15/08

4501:2-10-14 International criminal police organization (INTERPOL).

The United States national central bureau provides authorized law enforcement authorities access to databases and resources of INTERPOL as established in Title 28 C.F.R. Section 0.34 , 28 C.F.R. Section 0.34 , 28 C.F.R. Section 28CFR0.34 (July 1, 2007). That access is subject to the following requirements and restrictions:

(A) The data obtained through INTERPOL may only be used for law enforcement purposes;

(B) The data must be protected from improper and/or unlawful use, access, alteration, and dissemination;

(C) The data must be maintained on a secure system with restricted access limited to law enforcement officials performing their official duties;

(D) Prior to any actions taken on INTERPOL information, the USNCB must be contacted to verify the validity of the information with the source country or entity and receive additional instructions;

(E) Any restrictions placed on the use, retention, or dissemination of the information by the source entity pursuant to the INTERPOL rules on processing police information must be respected.

R.C. 119.032 review dates: 03/19/2013 and 12/26/2017
Promulgated Under: 119.03
Statutory Authority: R.C. 5503.10
Rule Amplifies: R.C. 5503.10
Prior Effective Dates: 2/15/08