Memorandum of Understanding Northern California Regional Intelligence Center Sheriff Greg Munks San Mateo County Sheriff's Office Vice-Chair Northern California High Intensity Drug Trafficking Area Executive Board Captain Michael Sena Director Northern California Regional Intelligence Center High Intensity Drug Trafficking Area Page 1 MOU NORTHERN REGIONAL INTELUGENCE CENTER MEMORANDUM OF UNDERSTANDING This Memorandum of Understanding (hereinafter or ?Agreement?) is made and entered into on this day of by and between the parties below and all future signers of this agreement, known collectively as ?Member Agencies? or individually as a ?Member Agency. WHEREAS, the Member Agencies provide public safety services within theirjurisdictions; and - WHEREAS, the Member Agencies are dedicated to the most efficient utilization of their resources and services in public safety endeavors within theirjurisdictions; and WHEREAS, the Member Agencies are committed to complete cooperation and coordination in providing the highest level of safety services to the public, guided by the principle that cooperative efforts are in the public?s best interest; and WHEREAS, the Member Agencies desire to facilitate the sharing of information contained within their electronic data systems, including but not limited to: Records Management Systems, Computer Aided Dispatch Systems, Automated License Plate Readers, intelligence Management Systems, Jail Management Systems, and Law Enforcement Data Sharing Systems - which may include aggregated information collected from multiple individual or regional sources into commercially available and custom developed data integration systems; and WHEREAS, the Member Agencies desire to share data owned, aggregated, or collected by the Member Agency under the conditions set forth in this and NOW, THEREFORE, the Member Agencies hereby agree: Page 2 NCRIC MOU Mission The Northern California Regional Intelligence Center (NCRIC) is a multi-jurisdictional public safety information fusion center comprised of the Northern California High intensity Drug Trafficking Area Investigative Support Center and the NCRIC Homeland Security Programs. The NCRIC is managed under the NCHIDTA Executive Board. The NCRIC was created to assist local, state, federal and tribal public safety agencies and critical infrastructure locations with the collection, analysis and dissemination of all crimes and threat information. it is the mission of the to protect the citizens of the counties within its area of responsibility from the threat of narcotics trafficking; organized crime; international, domestic and street terrorism related activities through information sharing and technical operation support to public safety agencies. The NCRIC Data Sharing Partnership is formed in support of this mission, under the leadership of the NCRIC, its Executive Board, and regional stakeholders, to develop, establish, and maintain an integrated system of information technology that maximizes the sharing of data and communication between Member Agencies in support of law enforcement and public safety, while maintaining the confidentiality of privileged or otherwise protected information shared through the system, and protecting privacy and civil liberties in accordance with applicable law. Purpose This agreement outlines the duties and responsibilities of each Member Agency, defines the working relationships and lines of authority for Member Agencies within the and provides for the addition of other eiigible entities in the dataesharing program created by this Memorandum of Understanding (hereinafter Page 3 NCRIC MOU 1) 2) Definitions and other Terminology Data Sharing Partnership the collective group of Member Agencies sharing data or utilizing shared data, as governed by this MOU Systems: the collective group of information technology systems via which shared data from multiple sources is aggregated, federated, replicated, standardized, or otherwise consolidated for access to Authorized Users from Member Agencies. Authorized Users: personnel from the Member Agencies that have the appropriate clearance and authority to utilize and access shared data as a function of their employment. Data: electronic records, analyses, images, and other information associated with incidents, persons, or objects, existing in a Member Agency system or database, and potentially shared with other Member Agencies via the Sharing System. Host: the entity providing the facilities, labor, and expertise used to maintain, operate, manage, and expand one or more Systems, under the direction of the Host?s governance and in compliance with the policies set forth in this agreement. Member Agency: a law enforcement or public safety organization, whose leadership has signed this agreement, and actively participates in information sharing with other Member Agencies via the NCRIC-DSP. Member Agency Rights. Powers and Authority This Agreement does not limit the rights, powers, and authority of Member Agencies. Each Member Agency expressly retains all of its rights, powers, and authority including, but not limited to, financing, planning, developing, constructing, maintaining, repairing, managing, operating, and controlling equipment, facilities, properties, projects, and information that it deems, in its sole discretion, to be necessary for its own information system needs. Nothing in this Agreement shall be construed to require a Member Agency: a) to disclose any information that the Member Agency determines, in its sole discretion, it does not have the ability or authority to disclose; OR b) to do any act that the Member Agency determines, in its sole discretion, is contrary to law or public policy; OR c) to provide personnel, equipment, or services to the OR d) to modify, restrict, or inhibit utilization of information systems independent of the system. Member Agencies may modify, upgrade, or otherwise alter any internal systems or processes without approval or notification of the as long as those modifications do not inhibit the systems or exchange of data implemented and/or funded by prior action of the unless such modifications are mandated by law. Page 4 NCRIC MOU 3) 4} 5) In gathering and sharing information, and in all other respects in performing acts related to this Agreement, the parties will comply with all applicable laws, rules, and regulations. Effective Date and Term of MOU This agreement shall remain in effect until terminated and shall be reviewed by the NCRIC every twelve months to consider any recommended modifications to the Member Agencies. The agreement can only be terminated as provided in this Agreement. Data Sharing All Member Agencies agree to promote comprehensive, timely, and accurate data sharing with other Member Agencies via systems. data shall only be shared with Member Agencies, and only to authorized users of those agencies who possess a need to know and right to know the shared data towards fulfillment of assigned law enforcement or public safety duties. Member Agencies are not required to contribute data to the system. Any data shared by a Member Agency to Systems that the Member Agency later declares should not be shared, shall be withdrawn by all Hosts from all Systems within 48 hours, including deletion of any replications of the data. Each Member Agency shall determine, within its sole discretion, which data records are to be shared with the NCRIC-DSP and shall maintain the databases or other sources that contain the applicable information. Data Access Data exchange and user access shall be achieved using data private networks, or other configurations that follow current best practices for information technology, are acceptable to both the Member Agency sharing data and the Host receiving data or providing user access, and adhere to current policies set forth by the Federal Bureau of Investigation Criminal Justice Information Services (CJIS) and California Department of Justice. Systems shall be generally available. Hosts agree to inform other Member Agencies in advance, whenever possible, of scheduled maintenance or other periods of inaccessibility. Page 5 NCRIC MOU 5) 7) Information Ownership and Release Member Agencies remain the official custodian of all information contributed to the DSP. To the fullest extent permissible by law, all requests for information, California Public Records Act, or Freedom of Information Act, will be referred to the Member Agency that is the owner of the requested data, and the Member Agency that is the owner of the requested data will be responsible for responding to the request. Prior to releasing data in furtherance of its statutory and constitutional obligations relating to the discovery process, a Member Agency shall seek written permission from the fellow Member Agency who is custodian of that data. In any instance where the custodian declines to grant such disclosure permission, the involved Member Agencies shall confer to reach agreement on possible limitations on disclosure (including the seeking of judicial protective orders) in an attempt to protect the originating agency?s specific concerns while allowing the prosecuting agency to meet its statutory and constitutional criminal discovery obligations. Authorized User Access and User Responsibilities Each Member Agency is responsible for management of its Authorized User accounts. Federated identity solutions will be utilized whenever possible. Each Member Agency agrees that all Authorized Users shall be current employees in good standing and be authorized to review data for legitimate purposes. if for any reason a user is no longer eligible for such access, or ends his/ her employment with the agency, the agency will follow appropriate procedure and/or make necessary contacts to ensure access is removed accordingly. Each user agrees that Systems and the information contained therein are to be used solely for authorized purposes consistent with the law. Authorized users shall not use or share the information for any unauthorized purposes, and Member Agencies agree that such actions may result in the offending Member Agency or its offending Authorized User being revoked access to the NCRIC-DSP system. Users may not access any Systems by using a name, password, common access card, VPN token, SSL certificate, or any other authentication mechanism that is assigned to another user. Users may not share passwords with other persons, nor allow another user to utilize the system under their credentials. Member Agencies acknowledge that data maintained in Systems consists of information that may or may not be accurate. Member Agencies do not warrant nor may rely upon the accuracy of such information. Member Agencies understand and agree to convey this caution to their employees who are Authorized Users. It shall be the responsibility of the Member Agency or Authorized User requesting or using the data to confirm the accuracy of the information before ta king any enforcement-related action. Page 6 NCRIC MOU 8) 9) The various Member Agencies agree to use information in Systems as a pointer system for investigative leads or guidance, and not as the source of probable cause for law enforcement actions. An audit log will be maintained for a period of no less than three years to record user access to shared data, including the name and organization of the user accessing via the and the date and time when the data was accessed. Security Requirements Member Agencies agree to maintain and enforce security requirements for the system. Each Member Agency is responsible for the internal security of their records and any technical support necessary to ensure proper security. All Member Agencies and Hosts agree to enforce and maintain security, retention, and purge requirements for the information shared as specified in the Information Practices Act, the Public Records Act, California Attorney General?s Model Standards and Procedures for Maintaining Criminal Intelligence Files and Criminal intelligence Operational Activities, 28 Code of Federal Regulations (CFR) Part 23, Criminal Justice Information Services (CJIS) policy, California Department ofJustice policies, and any other laws or regulations governing applicable data types. Connecting with other data sources and analysis platforms The will work to expand the connectivity and membership of the It will also seek to acquire new analysis systems, and enhance the capabilities of existing platforms, as to provide optimal value for data shared by Member Agencies. Member Agencies grant authority to the to execute information sharing agreements with new Member Agencies and to incorporate new information sharing systems into the Such agreements will not require further review or approval by member agencies. Such agreements will have no material changes or provisions that would adversely affect or contradict the policies of this MOU. 10) Admission and Withdrawal of Member Agencies Additional public agencies, or similar regional or statewide sharing systems, may become Member Agencies by execution of a written amendment to this agreement by the proper authority of the new Member Agency. Existing and future Member Agencies have the right to withdraw from the provided written notice to the or may be involuntarily removed upon any breach of this agreement. Page 7 NCRIC MOU 11) Liability and indemnification Member Agencies agree to indemnify, defend, and hold harmless all other Member Agencies to the fullest extent permitted by law from and against any and all claims, losses, and expenses related to this agreement and arising from the negligent or willful misconduct of an employee, official or agent of the Member Agency. Each Member Agency takes legal and financial responsibility for the actions of their employees, officers, and agents. Each Member Agency is solely responsible for any and all claims, damages, fines, and expenses arising by reason of negligent acts, errors, omissions, or willful misconduct. 12) No Authority to Act on Behalf of Other Member Agencies Member Agencies shall have no authority, either express or implied, to act on behalf of any other signatory in any capacity whatsoever. 13) Costs Member Agencies shall be responsible for their own costs associated with establishing, maintaining, or terminating their access to, or participation with Systems. Nothing in this agreement shall be construed to mean that Member Agencies are subject to incurring new costs as a result of participating in the NCRIC-DSP. 14) Amendments This Agreement may be amended with the unanimous written approval of all Member Agencies. Provided, however, that no amendment may be made that would adversely affect the interests of the owners of bonds, letters of credit, or other financial obligations of the NCRIC or any Member Agencies. 15) Conflicts of Interest No official, officer, or employee of Member Agencies shall have any financial interest, direct or indirect, in the or any Systems. 16) Partial Invalidity if any terms or conditions of this Agreement shall to any extent be judged invalid, unenforceable, or void for any reason whatsoever by a court of competent jurisdiction, the remaining terms and conditions of this agreement shall continue in full force and effect. Page 8 NCRIC MOU The Member Agencies hereby execute this MOU as of the individual Member Agency?s date of execution: (JURISDICTION) Mat/6' Name Date 7g ?ll/Ff Department/Agency/ Sheriff of San Mateo County/ on behalf of Northern California Regional Intelligence Center QM MAJ, gg?ir/? Greg Munks Date Sheriff San Mateo County Page 9 NCRIC MOU