Memorandum of Understanding Northern California Regional Intelligence Center Sheriff Greg Munks San Mateo County Sheriff?s Office Vice-Chair Northern California High intensity Drug Trafficking Area Executive Board Captain Michael Sena Director Northern California Regional intelligence Center 8: High Intensity Drug Trafficking Area Page I NCRIC MOU NORTHERN CALIFORNIA REGIONAL INTELLIGENCE CENTER MEMORANDUM or UNDERSTANDING This Memorandum of Understanding (hereinafter or "Agreement") is entered into by and between the parties represented and all future signers of this agreement, known collectively as ?Member Agencies? or individually as a "Member Agency.? WHEREAS, the Member Agencies provide public safety services within their jurisdictions; and WHEREAS, the Member Agencies are dedicated to the most efficient utilization of their resources and services in public safety endeavors within theirjurisdictions; and WHEREAS, the Member Agencies are committed to complete cooperation and coordination in providing the highest level of safety services to the public, guided by the principle that cooperative efforts are in the public?s best interest; and WHEREAS, the Member Agencies desire to facilitate the sharing of information contained within their electronic data systems, including but not limited to: Records Management Systems, Computer Aided DiSpatch Systems, Automated License Plate Readers, intelligence Management Systems, Jail Management Systems, and Law Enforcement Data Sharing Systems - which may include aggregated information collected from multiple individual or regional sources into commercially available and custom developed data integration systems; and WHEREAS, the Member Agencies desire to share data owned, aggregated, or collected by the Member Agency under the conditions set forth in this and NOW, THEREFORE, the Member Agencies hereby agree: Page 2 NCRIC MOU Mission The Northern California Regional Intelligence Center (NCRIC) is a multi-jurisdictional public safety information fusion center comprised of the Northern California High intensity Drug Trafficking Area (NCHIDTA) Investigative Support Center and the NCRIC Homeland Security Programs, The NCRIC is managed under the NCHIDTA Executive Board. The NCRIC was created to assist local, state, federal and tribal public safety agencies and critical infrastructure locations with the collection, analysis and dissemination ofall crimes threat information. It is the mission of the NCRIC to protect the citizens of the counties within its area of responsibility from the threat of narcotics trafficking; organized crime; international, domestic and street terrorism related activities through information sharing and technical operation support to public safety agencies. The NCRIC Data Sharing Partnership (NCRIC-DSP) is formed in suppOrt of this mission, under the leadership ofthe NCRIC, its Executive Board, and regional stakeholders, to develop, establish, and maintain an integrated system of information technology that maximizes the sharing of data and communication between Member Agencies in support of law enforcement and public safety, while maintaining the confidentiality of privileged or otherwise protected information shared through the system, and protecting privacy and civil liberties in accordance with applicable law, Purpose This agreement outlines the duties and responsibilities of each Member Agency, defines the working relationships and lines of authority for Member Agencies within the NCRIC-DSP, and provides for the addition of other eligible entities in the data-sha ring program created by this Memorandum of Understanding (hereinafter Page 3 MOU 1) Definitions and other Terminology 2) NCRIC Data Sharing Partnership the collective group of Member Agencies sharing data or utilizing shared data, as governed by this MOU Systems: the collective group of information technology systems via which shared data from multiple sources is aggregated, federated, replicated, standardized, or otherwise consolidated for access to Authorized Users from Member Agencies. Authorized Users: personnel from the Member Agencies that have the appropriate clearance and authority to utilize and access shared data as a function of their employment. Data: electronic records, analyses, images, and other information associated with incidents, persons, or objects, existing in a Member Agency system or database, and potentially shared with other Member Agencies via the Sharing System. Host: the entity providing the facilities, labor, and expertise used to maintain, operate, manage, and expand one or more NCRICADSP Systems, under the direction of the Host?s governance and in compliance with the policies set forth in this agreement. Member Agency: 3 law enforcement or public safety organization, whose leadership has signed this agreement, and actively participates in information sharing with other Member Agencies via the NCRIC-DSP. Member Agency Rights, Powers and Authority This Agreement does not limit the rights, powers, and authority of Member Agencies. Each Member Agency expressly retains all of its rights, powers, and authority including, but not limited to, financing, planning, developing, constructing, maintaining, repairing, managing, operating, and controlling equipment, facilities, properties, projects, and information that it deems, in its sole discretion, to be necessary for its own information system needs. Nothing in this Agreement shall be construed to require a Member Agency: 3) to disclose any information that the Member Agency determines, in its sole discretion, it does not have the ability or authority to disclose, OR b) to do any act that the Member Agency determines, in its sole discretion, is contrary to law or public policy; OR c) to provide personnel, equipment, or services to the OR d) to modify, restrict, or inhibit utilization of information systems independent of the system. Member Agencies may modify, upgrade, or otherwise alter any internal systems or processes without approval or notification of the as long as those modifications do not inhibit the systems or exchange of data implemented and/or funded by prior action of the NCRIC, unless such modifications are mandated by law. Page 4 moo 3) 4) 5) In gathering and sharing information, and in all other reSpects in performing acts related to this Agreement, the parties will comply with all applicable laws, rules, and regulations. Effective Date and Term of MOU This agreement shall remain in effect until terminated and shall be reviewed by the NCRIC every twelve months to consider any recommended modifications to the Member Agencies. The agreement may be terminated by the NCRIC by providing written notice to all Member Agencies. Data Sharing All Member Agencies agree to promote comprehensive, timely, and accurate data sharing with other Member Agencies via systems. data shall only be shared with Member Agencies, and only to authorized users of those agencies who possess a need to know and right to know the shared data towards fulfillment of assigned law enforcement or public safety duties. Member Agencies are not required to contribute data to the system. Any data shared by a Member Agency to Systems that the Member Agency later declares should not be shared, shall be withdrawn by all Hosts from all Systems within 48 hours, including deletion of any replications of the data. Each Member Agency shall determine, within its sole discretion, which data records are to be shared with the and shall maintain the databases or other sources that contain the applicable information. Data Access Data exchange and user access shall be achieved using data private networks, or other configurations that follow current best practices for information technology, are acceptable to both the Member Agency sharing data and the Host receiving data or providing user access, and adhere to current policies set forth by the Federal Bureau of Investigation Criminal Justice Information Services (CJIS) and California Department of Justice. Systems shall be generally available. Hosts agree to inform other Member Agencies in advance, whenever possible, of scheduled maintenance or other periods of inaccessibility. Page 5 NCRIC MOU 5i 7) Information Ownership and Release Member Agencies remain the official custodian of all information contributed to the DSP. To the fullest extent permissible by law, all requests for information, California Public Records Act, or Freedom of Information Act, will be referred to the Member Agency that is the owner of the requested data, and the Member Agency that is the owner of the requested data will be responsible for responding to the request. Prior to releasing data in furtherance of its statutory and constitutional obligations relating to the discovery process, a Member Agency shall seek written permission from the fellow Member Agency who is custodian of that data. In any instance where the custodian declines to grant such disclosure permission, the involved Member Agencies shall confer to reach agreement on possible limitations on disclosure (including the seeking ofjudiciai protective orders) in an attempt to protect the originating agency?s Specific concerns while allowing the prosecuting agency to meet its statutory and constitutional criminal discovery obligations. Authorized User Access and User Responsibilities Each Member Agency is responsible for management of its Authorized User accounts. Federated identity solutions will be utilized whenever possible. Each Member Agency agrees that all Authorized Users shall be current employees in good standing and be authorized to review data for legitimate purposes. if for any reason a user is no longer eligible for such access, or ends his/her employment with the agency, the agency will follow appropriate procedure and/or make necessary contacts to ensure access is removed accordingly. Each user agrees that Systems and the information contained therein are to be used solely for authorized purposes consistent with the law. Authorized users shall not use or share the information for any unauthorized purposes, and Member Agencies agree that such actions may result in the offending Member Agency or its offending Authorized User being revoked access to the system. Users may not access any Systems by using a name, password, common access card, VPN token, SSL certificate, or any other authentication mechanism that is assigned to another user. Users may not share passwords with other persons, nor allow another user to utilize the system under their credentials. Member Agencies acknowledge that data maintained in Systems consists of information that may or may not be accurate. Member Agencies do not warrant nor may rely upon the accuracy of such information. Member Agencies understand and agree to convey this caution to their employees who are Authorized Users. it shall be the responsibility ofthe Member Agency or Authorized User requesting or using the data to confirm the accuracy of the information before taking any enforcemenbrelated action. Page 6 NCRIC MOU 3) 9) The various Member Agencies agree to use information in Systems as a pointer system for investigative leads or guidance, and not as the source of probable ca use for law enforcement actions. An audit log will be maintained for a period of no less than three years to record user access to shared data, including the name and organization of the user accessing via the NCRIC-DSP and the date and time when the data was accessed. Security Requirements Member Agencies agree to maintain and enforce security requirements for the system. Each Member Agency is responsible for the internal security of their records and any technical support necessary to ensure proper security. All Member Agencies and Hosts agree to enforce and maintain security, retention, and purge requirements for the information shared as specified in the Information Practices Act, the Public Records Act, California Attorney General?s Model Standards and Procedures for Maintaining Criminal Intelligence Files and Criminal Intelligence Operational Activities, 28 Code of Federal Regulations (CFR) Part 23, FBI Criminal Justice Information Services (CNS) policy, California Department ofJustice policies, and any other laws or regulations governing applicable data types. Connecting with other data sources and analysis platforms The will work to expand the connectivity and membership of the it will also seek to acquire new analysis systems, and enhance the capabilities of existing platforms, as to provide optimal value for data shared by Member Agencies. Member Agencies grant authority to the NCRIC to execute information sharing agreements with new Member Agencies and to incorporate new information sharing systems into the Such agreements will not require further review or approval by member agencies. Such agreements will have no material changes or provisions that would adversely affect or contradict the policies ofthis MOU. 10) Admission and Withdrawal of Member Agencies Additional public agencies, or similar regional or statewide sharing systems, may become Member Agencies by execution ofa written amendment to this agreement by the proper authority of the new Member Agency. Existing and future Member Agencies have the right to withdraw from the NCRIC-DSP provided the give written notice to the NCRIC, or may be involuntarily removed upon any breach of this agreement. Page 7 NCRIC MOU 11) Mutual Indemnification Each party shall indemnify, defend, protect, hold harmless, and release the other, its officers, agents, and employees, from and against any and all claims, ioss, proceedings, damages, causes of action, liability, costs, or expense (including attorneys' fees and witness costs) arising from or in connection with, or caused by any act, omission, or negligence of such indemnifying party or its agents, empioyees, contractors, subcontractors, or invitees. This indemnification obligation shall not be limited in any way by any limitation on the I amount or type of damages or compensation payable to or for the indemnifying party under workers' compensation acts, disability benefit acts, or other employee benefit acts. 12) No Authority to Act on Be half of Other Member Agencies Member Agencies shall have no authority, either express or implied, to act on behalf of any other signatory in any capacity whatsoever. 13) Costs Member Agencies shall be responsible for their oWn costs associated with establishing, maintaining, or terminating their access to, or participation with Systems. Nothing in this agreement shall be construed to mean that Member Agencies are subject to incurring new costs as a result of participating in the NCRIC-DSP. 14) Amendments This Agreement may be amended with the unanimous written approval of all Member Agencies. Provided, however, that no amendment may be made that would adversely affect the interests of the owners of bonds, letters of credit, or other financial obligations of the NCRIC or any Member Agencies. 15) Conflicts of Interest No official, officer, or employee of Member Agencies shall have any financial interest, direct or indirect, in the or any Systems. 16) Partial Invalidity Ifany terms or conditions of this Agreement shall to any extent be judged invalid, unenforceable, or void for any reason whatsoever by a court of competent jurisdiction, the remaining terms and conditions of this agreement shall continue in full force and effect. Page 8 NCRIC moo The Member Agencies hereby execute this MOU as ofthe individual Member Agency?s date of execution: Stanislaus County Sheriff?s Office Approved as to Form: at? Robert J. Taro Date Deputy County Counsel Approved as to Content: 86 Adam Christianson Date Sheriff Sheriff of San Mateo County on behalf of Northern California Regional Intelligence Center UM 1" - 45? Greg Munks Date Sheriff San Mateo County Page 9 NCRIC moo