Remote Data Access Agreement

All LInX Systems may access and use all other LInX system's information for official, law enforcement purposes only.
LInX information cannot be accessed or used for any other purpose, including general licensing, employment,
eligibility for federal or state benefits, or background investigations for other agencies. A LInX region may authorize
the use of LInX data for the purpose of conducting background investigations on candidates for employment at their
own law enforcement agency. All LInX System Governance Boards will share their LInX information with the other
LInX Systems under an express promise of confidentiality. All LInX Governance Board member agencies will protect
such information from disclosure to the greatest extent possible consistent with the Freedom of Information Act, the
Privacy Act of 1974, any other applicable public access laws, and applicable compulsory process (such as a court
order). All LInX Governance Boards will notify the other LInX Governance Boards and the United States Naval
Criminal Investigative Service LInX Program Management Office immediately upon becoming aware of a lawsuit or a
preceding information demand brought in any court seeking access to information in LInX, in either verbatim or
derivative form.
1. All LInX information, including any analytical products derived there from, may not be used as a basis for
action or disseminated outside of the any LInX Program for any purpose or in any other manner, unless the
LInX agency first obtains the express permission of the agency or agencies that contributed the information
in question. Included within the prohibition is any specific inclusion of LInX information in an official case file,
and any use of LInX information in the preparation of judicial process such as affidavits, warrants, or
subpoenas. LInX users of the LInX information shall not print, copy, or electronically retain LInX information.
When LInX information is summarized or otherwise documented, the LInX user shall indicate that the
information was obtained from the contributing agency and not LInX.
2. Notwithstanding the requirement in the preceding paragraph that LInX information not be used as a basis for
action or disseminated without first obtaining the permission of the contributing agency, in accordance with
and to the extent permitted by applicable law, court process, or applicable guidelines, immediate
dissemination of LInX information without such permission can be made if:
3. There is an actual or potential threat of terrorism, immediate danger of death or serious physical injury to any
person, or imminent harm to the national security; and
4. It is necessary to disseminate such information without delay to any appropriate recipient for the purpose of
preventing or responding to such a threat, danger, or harm.
5. The LInX contributing agency shall be immediately notified of any dissemination made under this exception.
6. Any requests for reports or information in LInX will be directed to the contributing agency.
7. In some cases one LInX Governance Board's policies on the access to and use of their member agencies'
data may be more restrictive than those of the other Governance Board policies. Each Governance Board
agrees to inform their users of these restrictions and to enforce the more restrictive of the policies.

N-DEx Data Access Agreement

System Use Notification

The Federal Bureau of Investigation's (FBI) National Data Exchange (N-DEx) contains criminal justice information
obtained by criminal justice agencies in connection with their official duties administering criminal justice. N-DEx
system access is restricted to criminal justice agencies and agencies performing the administration of criminal justice.
Personnel engaged in the following activities may be granted access to N-DEx consistent with state laws:

V6.0.0.9 - Page 1 of 3 Printed on 03/15/2018 14:00:56

• Law enforcement investigations
• Pretrial release investigation
• Intake investigation
• Correctional institution investigation
• Pre-sentence investigation
• Supervision investigation
• Criminal justice employment background checks
• Data administration/management</li><li><p>Training*</li></ul><p>*Training is considered to be an
acceptable use of N-DEx, so long as it does not include curiosity searches, browsing, or self-queries. For
example, celebrities, neighbors, friends, family members or associates.

N-DEx system usage is monitored, recorded, and subject to audit. The FBI Criminal Justice Information
Services (CJIS) Division conducts compliance audits, including review of user access and N-DEx
transactions, in addition to maintaining an audit trail of each disclosure and receipt of N-DEx data. Therefore,
all N-DEx searches must provide a Use Code and search reason identifying why the search was performed.
It is recommended unique information, e.g., incident number, arrest transaction number, booking number,
project name, description, etc., be entered to assist the user in accounting for appropriate system use for
each transaction. The following Use Codes are considered acceptable when searching N-DEx:
• Administrative Use Code "A": Must be used when N-DEx is utilized by a record-owning agency to
retrieve and display N-DEx contributed records in association with performing the agency's data
administration/management duty. Responses for this purpose shall not be disseminated for any
other reason and are limited to the record-owning agency portion of N-DEx records.
• Criminal Justice Use Code "C": Must be used when N-DEx is utilized for official duties in connection
with the administration of criminal justice as the term is defined in 28 Code of Federal Regulations
(CFR) § 20.3 (2011).
• Criminal Justice Employment Use Code "J": Must be used when N-DEx is utilized to conduct
criminal justice employment background checks or the screening of employees of other agencies
over which the criminal justice agency maintains management control. See the N-DEx Policy and
Operating Manual for additional requirements regarding Use Code "J".

Prior to reliance or action upon, or secondary dissemination, a user must obtain terms of use and verify the
completeness, timeliness, accuracy, and relevancy of N-DEx information with the record-owning agency.
"Reliance upon" or "action upon" specifically includes the use or inclusion in the publication or preparation of
charts, presentations, official files, analytical products, or other documentation, to include, use in the judicial,
legal, administrative, or other criminal justice process, etc. Unauthorized use of the system and its data is
prohibited and may be subject to criminal and/or civil penalties

User Confirmation
As a user accessing criminal justice information via N-DEx:

• You must prior to reliance or action upon, obtain terms of use and verify the N-DEx information with
the record-owning agency.

V6.0.0.9 - Page 2 of 3 Printed on 03/15/2018 14:00:56

 • N-DEx Example: Advanced Permission and Verification Requirement -- A detective of the
Springfield Police Department queried the N-DEx system, which produced a result containing
information pertinent to the department's on-going investigation. The detective contacted the record-
owning agency to discuss utilizing the information in the department's investigation, verify the
relevancy of the information and request any other information the record-owner deemed applicable.
The detective then utilized the information as authorized by the record-owning agency.
• You consent to having your system usage monitored, recorded, and subject to audit.
• N-DEx Example: Use of N-DEx Audit Logs -- A state CJIS Systems Officer (CSO) contacted a local
police department regarding potentially inappropriate use of the N-DEx system using the local
department's Originating Agency Indicator (ORI). The state CSO identified the potentially
inappropriate use by processing an audit report within the N-DEx system, which identified the user,
agency, identity provider, search request, search reason and use code. The state CSO partnered
with the local police department and reviewed their findings with the agency and their users. The
discussion resulted in the CSO's suspicion being confirmed and the user's actions were corrected.
• You must adhere to the CJIS Security Policy, CJIS User Agreement, N-DEx Policy and Operating
Manual, any applicable leveraged CJIS System of Services operating procedures or policies, and
any applicable CJIS Systems Agency requirements.
• N-DEx Example: Training provided by a state CSO & Local Police Department -- A local police
department with a staff of 20 sworn law-enforcement officers and 15 support personnel partnered
with the state CSO to implement security awareness training and required all staff to complete this
training upon assignment and every two years thereafter. The local police department scheduled the
sworn law-enforcement training to coincide with their N-DEx training. The local police department
maintained the training records and provided reporting to the state CSO to help it ensure
compliance with the CJIS Security Policy.

User Authentication
Your affirmation indicates your understanding, agreement to and acceptance of the N-DEx Data Access
Agreement, policies and information contained herein.

V6.0.0.9 - Page 3 of 3 Printed on 03/15/2018 14:00:56