Chapter 4501:2-10 | Law Enforcement Automated Data System (LEADS)

For purposes of this chapter:

(A) "Administration of criminal justice" means the detection, apprehension, detention, pretrial release, post-trial release, prosecution, adjudication, correctional supervision, or rehabilitation of accused persons or criminal offenders. It also includes criminal identification activities; the collection, storage, and dissemination of criminal history record information; and criminal justice employment. In addition, administration of criminal justice includes "crime prevention programs" to the extent access to criminal history record information is limited to law enforcement agencies for law enforcement programs (e.g. record checks of individuals who participate in "Neighborhood Watch" or "safe house" programs) and the result of such checks will not be disseminated outside the law enforcement agency.

(B) "Administrative message" means a criminal justice related point-to-point free form message.

(C) "Audit" means a formal, periodic examination of records to verify they are current, complete and accurate, and to verify adherence with LEADS and NCIC rules, policies, and regulations.

(D) "Bureau of Criminal Investigation (BCI)" is the agency which receives and files fingerprints, photographs and other information pertaining to both felony and misdemeanor arrests submitted by law enforcement agencies throughout the state.

(E) "Computerized criminal history (CCH)" means an electronic data processing file which is accessible using specific data fields. It contains records of arrests and dispositions of criminal proceedings entered into the system. The repository of these records is the responsibility of the bureau of criminal identification and investigation as specified in sections 109.57 and 109.60 of the Revised Code.

(F) "Agency administrator" means a person who manages and directs the affairs of a criminal justice office; i.e., police chief, sheriff, highway patrol post commander, administrative judge, FBI special agent-in-charge, chief probation/parole officer, director of intrastate regional system, prosecutor, chief park ranger, etc.

(G) "Criminal justice agency" means:

(1) Courts; and

(2) A governmental or non-governmental agency or any subunit thereof which performs the administration of criminal justice pursuant to a statute or executive order, and which allocates a substantial part (more than fifty per cent) of its annual budget to the administration of criminal justice.

(H) "CJIS systems agency (CSA)" means a duly authorized state, federal, international, tribal, or territorial criminal justice agency on the CJIS network providing statewide (or equivalent) service to its criminal justice users with respect to the CJI from various systems managed by the FBI CJIS division. The Ohio state highway patrol is the Ohio CSA.

(I) "CJIS systems officer (CSO)" means the individual located within the CJIS systems agency responsible for the administration of the CJIS network on behalf of the CJIS systems agency. For the state of Ohio, this person is appointed by the superintendent of the Ohio state highway patrol.

(J) "Criminal justice information (CJI)" is the abstract term used to refer to all of the LEADS provided data necessary for law enforcement agencies to perform their mission and enforce the laws, including but not limited to: biometric, identity history, person (includes driver's license photo, SSN, etc.), organization, property (when accompanied by any personally identifiable information), and case/incident history data. The following type of data are exempt from the protection levels required for CJI: transaction control type numbers (e.g. ORI, NIC, FNU, etc.) when not accompanied by information that reveals CJI or PII and BMV driving records.

(K) "Criminal justice information services division (CJIS)" is the FBI division responsible for the collection, warehousing, and timely dissemination of relevant CJI to the FBI and to qualified law enforcement, criminal justice, civilian, academic, employment and licensing agencies.

(L) "Dynamic Multipoint Virtual Private Network (DMVPN)" is a "Cisco Systems, Inc." solution for building scalable virtual private networks.

(M) "Interstate identification index (III)" means the CJIS service that manages automated submission and requests for criminal history record information that is warehoused subsequent to the submission of fingerprint information. Subsequent requests are directed to the originating state as needed.

(N) "Intrastate regional system" means a governmental computer system which serves as a cooperative between political subdivisions in a particular region for the purpose of providing a consolidated computerized information system for criminal justice agencies.

(O) "Organizational personnel with security responsibilities" means personnel with the responsibility to ensure the confidentiality, integrity, and availability of CJI and the implementation of technology in a manner compliant with the CJIS security policy.

(P) "Law enforcement automated data system (LEADS)" means the statewide computerized network which provides data and communications for criminal justice agencies within the state of Ohio. LEADS is administered by the Ohio state highway patrol superintendent.

(Q) "LEADS Mobile" is an application that provides web-based access to LEADS.

(R) "LEADS owned equipment" means any network connectivity equipment owned or leased by LEADS.

(S) "LEADS steering committee" is established to provide advice to the superintendent of the Ohio state highway patrol concerning the governing of LEADS.

(T) "Management control" of security requirements for information systems which process, store, or transmit criminal justice information means the criminal justice agency has the authority to set and enforce:

(1) Standards for the selection, supervision, and termination of access to criminal justice information;

(2) Policy governing the operation of networks, circuits, servers, storage, and computers used to access, store or transmit criminal justice information; and

(3) The guaranteed priority of service.

(U) "Message" refers to any information communicated from terminal to terminal through the LEADS communication network.

(V) "National crime information center (NCIC)" is an information system which stores CJI which can be queried by apprpriate federal, state, and local law enforcement and other criminal justice agencies.

(W) "National Data Exchange (N-DEx)" means the FBI information sharing system that enables criminal justice agencies to search, link, analyze, and share local, state, tribal, and federal records. The N-DEx system contains criminal justice information obtained by agencies in connection with their official duties.

(X) "N-DEx agency coordinator (NAC)" means the designated person that serves as the point of contact at agencies with N-DEx access. The NAC administers agency access and oversees compliance with N-DEx policies.

(Y) "NLETS (International Justice and Public Safety Information Sharing Network)" means the computerized message switching and filing system linking local, state, federal, and international criminal justice agencies for information exchange. This system is operated as a cooperative of the states.

(Z) "Nonterminal agency" means a criminal justice agency qualifying for an originating agency identifier which has indirect access to LEADS.

(AA) "Nonterminal agency coordinator (NTAC)" means the designated person that serves as the point-of-contact at indirect access agencies for matters relating to LEADS. A NTAC administers LEADS systems programs within the local agency and oversees the agency's compliance with LEADS policies.

(BB) "Originating agency identifier (ORI)" means a unique, nine character identifier assigned by the CJIS division to an agency which has met the established criteria. The ORI provides the correct level of access to LEADS and CJIS and will identify the agency in transactions on the NCIC system.

(CC) "Practitioner" is any person authorized to receive CJI who is "not" a certified terminal operator.

(DD) "Terminal" means a workstation, mobile device, or intrastate regional device from which LEADS, NCIC or NLETS system may be directly accessed.

(EE) "Terminal agency" means a criminal justice agency qualifying for an originating agency identifier which has direct access to LEADS.

(FF) "Terminal agency coordinator (TAC)" means the designated person that serves as the point-of-contact at direct access agencies for matters relating to LEADS. A TAC administers LEADS systems programs within the local agency and oversees the agency's compliance with LEADS systems policies.

(GG) "Validation" means the act of reviewing records to ensure the accuracy, completeness and continued interest of the data therein.

(A) The LEADS steering committee is established to provide advice to the superintendent of the Ohio state highway patrol concerning the governing of LEADS. The committee is composed of nine members who represent the following organizations:

(1) Ohio state highway patrol;

(2) Buckeye state sheriff's association;

(3) Ohio association of chiefs of police;

(4) Bureau of criminal identification and investigation;

(5) Intrastate regional systems;

(6) Police department representing smaller police departments;

(7) Municipal police department representing larger police departments;

(8) County sheriff's office representing metropolitan area sheriff's offices; and

(9) The chief justice of the Ohio supreme court or his/her designee representing courts.

(B) The LEADS steering committee's duties include providing recommendations for rules, reviewing violations of these rules by agencies to ensure equal and just sanctions have been invoked; recommending enhancements to the system; recommending user fees and other duties as assigned by the superintendent.

(C) Any person substituting for an appointed LEADS steering committee member shall have the authority to contribute and enter into discussion regarding issue(s) before the committee; however, the person shall not have authority to vote on any issue before the committee.

(D) LEADS operators, supervisors and/or agency administrators shall cooperate with any efforts of the LEADS steering committee, the superintendent of the highway patrol or persons authorized to act in their name, in actions/directives/orders, administrative reviews or other efforts to improve the system.

[Comment: For dates and availability of material incorporated by reference in this rule, see rule 4501:2-10-13 of the Administrative Code.]

(A) Participation in LEADS and the assignment of a full access or limited access originating agency identifier requires application and documentation the requester meets criteria set forth in the NCIC operating manual - ORI file section.

Access to bureau of motor vehicles records may be granted if the requester is a governmental, noncriminal justice agency, or subunit thereof, created by federal, state or local code, whose mission is to enforce or assist in enforcing federal, state or local laws or ordinances may access Ohio and other state bureau of motor vehicle data as available.

(B) Agencies approved to participate in LEADS shall be granted access subject to the following:

(1) Direct access (entry, inquiry, and message switching capabilities):

(a) A criminal justice agency that qualifies for an ORI.

(b) Entering agencies must must staff twenty-four hours a day, seven days a week, every day of the year or include instructions for after-hour hit confirmation in the miscellaneous field of applicable entries.

(c) Intrastate regional systems under criminal justice management control whose central computer system is staffed twenty-four hours a day, seven days a week, every day of the year or includes instructions for after-hour hit confirmation in the miscellaneous field of applicable entries.

(2) Indirect access:

(a) An agency which qualifies for an ORI may enter into an agreement with LEADS and separately with a terminal agency to receive service.

(b) Agencies authorized to indirectly access LEADS data are certified as such in a database prepared/maintained by LEADS, which is accessible to all terminal agencies.

(C) Agencies participating in LEADS shall meet the following requirements:

(1) Messages and/or throughput of any kind accessed through LEADS shall be restricted to the use of duly authorized law enforcement and/or criminal justice agencies for the administration of criminal justice. Access to and dissemination of LEADS throughput is governed by the CJIS security policy, LEADS manual, NCIC operating manual, III manual, N-DEx policy, NICS policy and Nlets policy.

(2) Direct access to LEADS shall be limited to certified operators. Each operator is accountable for all transactions occurring while their assigned account is logged on to a terminal accessing LEADS.

(3) Remit payment of all monetary obligations as invoiced by the Ohio state highway patrol. The following monthly fees have been established for participation in LEADS and will be reviewed annually by the superintendent or designee.

(a) Direct access is two hundred fifty dollars;

(b) Secure network connectivity is the direct access fee plus three hundred fifty dollars per router;

(c) VPN client-based network connectivity is the direct access fee plus five dollars per computer;

(d) Identity management and multi-factor authentication is five dollars per user;

(e) Indirect access is fifty dollars.

(4) Assume responsibility for, and enforce, system security and integrity.

(5) Adhere to policies and guidelines published in the NCIC operating manual, CJIS security policy, LEADS operating manual, III manual, N-DEx policy, NICS policy, Nlets policy, newsletters, and administrative messages from LEADS, all of which are either available on the LEADS intranet or disseminated to LEADS agencies.

(6) Execute all required agreements and forms. These agreements and forms must be kept current and on file for review and updated as part of the agency audit. The completed agreements and forms will be filed with LEADS and the user agency.

(7) Appoint a LEADS terminal agency coordinator (TAC) and organizational personnel with security responsibilities. Each participating non-terminal agency must have a non-terminal agency coordinator (NTAC). Agencies accessing N-DEx must appoint a N-DEx agency coordinator (NAC).

(8) Train all personnel of the agency having access to LEADS data with the capabilities, services offered and rules of LEADS. Compliance with this rule shall include, but is not limited to, completion of the LEADS provided training.

(9) All records must be kept accurate and up-to-date. Invalid records or data must be removed from the files immediately. Records not validated in accordance with LEADS and NCIC manuals are subject to removal. Failure to properly validate records as required will subject the agency to sanctions.

(10) Enter protection orders and warrants, which meet state or federal firearm prohibition criteria, within seventy-two hours of receipt to ensure all disqualifying records are accessible by the "National Instant Background Check System."

(A) Terminal agencies shall properly maintain and care for LEADS owned equipment. Any malfunction of this equipment requires LEADS be notified as soon as possible.

(B) LEADS owned equipment shall not be changed, modified, turned off, unplugged or rendered inoperable in any manner except in the case of equipment malfunction preventing operation or if directed by LEADS personnel. All repairs on LEADS owned and serviced equipment shall be initiated through LEADS. Repairs caused by alterations to or abuse of the equipment shall be billed to the user agency.

(C) LEADS owned equipment shall not be changed in any manner or moved from the installed position without permission of the CSO or the CSO's designee. Written notice of any relocation of LEADS owned equipment accessing LEADS or any change request shall be submitted in writing forty-five days in advance of the move. Prior to relocating equipment, a site inspection will be conducted and location approved by LEADS staff. Any relocation charge shall be at the expense of the user agency.

(D) Modifications or additions of any agency owned equipment connected to LEADS shall be approved in writing by the CSO or the CSO's designee.

(E) The terminal agency shall notify the CSO in writing at least forty-five days in advance of intention to cancel LEADS service.

(F) Agency owned software is not permitted to be installed in LEADS owned equipment. Agency equipment and/or software believed to be degrading LEADS service shall be disconnected until the problem is resolved.

(G) LEADS owned equipment/software or equipment/software connected to LEADS shall not be interconnected to other systems or networks without written authorization from the CSO.

(H) LEADS owned equipment/software shall not be used for personal benefit.

(I) All equipment/software use will be monitored continually by LEADS staff or their representatives. Any misuse shall be cause for administrative sanction and/or criminal prosecution.

(A) Violations of the rules within this chapter could result in denial of access to LEADS agencies. LEADS has established the following progressive sanction process to enforce administrative rules while cooperating with agencies to continue to protect the officers in the field.

Level 1: Notice of the violation. If the situation is not corrected with documentation to LEADS within forty-five days from the date notice is sent, step 2 will be initiated.

Level 2: Notice is sent to the agency administrator with a copy also forwarded to the local chief executive or designee. Notice shall include the progressive sanction steps and may include restrictions for specific operators. If the situation continues or the correction is not documented to LEADS within thirty days, step 3 will be initiated.

Level 3: The agency participation in LEADS will be reduced to limited access, i.e., inquiry only. Entry of new records into the system will be denied until the situation is corrected. If corrective action is not taken, including written documentation to LEADS within thirty days, step 4 will be initiated.

Level 4: The agency's access to the Ohio computerized criminal history (CCH) files and the NCIC interstate identification index (III) will be terminated. If corrective action is not completed, including documentation to LEADS, within thirty days, step 5 will be initiated.

Level 5: All records entered by the agency into the LEADS and NCIC files shall be cancelled and the agency will not be permitted entry capabilities. This shall remain in effect until recommendation by the LEADS steering committee and authorization of the chairperson is obtained to reinstate access for the agency. If the situation is not corrected, including documentation to LEADS within thirty days, step 6 will be initiated.

Level 6: The agency's access to the Ohio bureau of motor vehicles files shall be terminated. If the agency continues to fail to correct and document their actions to LEADS within thirty days, step 7 will be initiated.

Level 7: The agency shall no longer be permitted to participate in LEADS. All LEADS owned/leased equipment will be removed. The agency shall remain responsible for any unpaid fees due LEADS to this date.

The agency shall not be approved terminal access until review by the LEADS steering committee and approval of the chairperson. The agency may institute a non-terminal user agreement with LEADS, but this shall be limited to inquiry capabilities only and excludes access to the criminal history and NCIC III files.

(B) Exceptions and modifications to the progressive sanction process for agencies may be authorized by the LEADS steering committee chair, if in his/her opinion, circumstances warrant such action.

(C) As with any agency sanction, there is a right of review to be heard by the LEADS steering committee. This process is not under adjudication procedures (Chapter 119. of the Revised Code).

(A) This chapter includes material that has been incorporated by reference.

(1) "FBI CJIS Security Policy" may be accessed via the FBI website at https://le.fbi.gov/cjis-division/cjis-security-policy-resource-center.

(2) "NCIC Manual" may be accessed by authorized criminal justice personnel at https://www.cjis.gov.

(3) "N-DEx Manual" (November, 2022) may be accessed via the LEADS website at https://leads.ohio.gov/Manuals.

(4) "NICS Policy" (January, 2018) may be accessed by authorized criminal justice personnel at https://www.cjis.gov.

(5) "III Manual" (March, 2017) may be accessed by authorized criminal justice personnel at https://www.cjis.gov.

(6) "Nlets Policy" may be accessed at https://service.nlets.org/support/solutions/21000073988.

(7) "LEADS Manual" (January 2024) may be accessed via the LEADS website at https://leads.ohio.gov/Manuals.

(8) "BCI Manual" (2022) may be accessed by authorized criminal justice personnel at https://leads.ohio.gov/Manuals.

(B) Materials incorporated by reference are also available by writing to the "Ohio Department of Public Safety, Law Enforcement Automated Data System, 1970 West Broad Street, Columbus, Ohio 43223."