CJIS Compliance Made Easy: Non-Compliance and Willful Negligence
“Improper access, use or dissemination of … (CJIS) information is serious and may result in administrative sanctions including, but not limited to, termination of services, and state and federal criminal penalties. “ -CJIS Security Policy
Back in December I wrote a blog post on the risks and punishments that can result from CJIS non-compliance. Since then I’ve had a chance to relax with a book or five, and during that time I came to the realization that I left out a key notion from my original post.
How are the punishments and violations related?
Well, the old saying appears to hold true. Intent is nine-tenths of the law. Whenever I read an agreement that uses the phrases “may result in” and “including, but not limited to” my brain tends to throw up a red flag to look closer at the wording and purpose of the agreement. In this case, the usage seems to be directed mainly at the intent behind the cause of the non-compliance.
The FBI wants every Law Enforcement Agency to be able to use the invaluable resources contained in CJIS. With that power comes great responsibility though and, if an issue did arise as a result of non-compliance, the FBI wants to be in the position to judge based on the cause and intent of the violation. This allows for them to avoid limiting their reach in the case of a non-compliance issue which was intentional and malicious, while not requiring themselves to strictly punish random Law Enforcement Agencies that accidentally or unintentionally violate CJIS compliance requirements. That way they can distinguish between intentional violations, accidental violations, and negligence related violations.
Ignorance of the law does not excuse; however, due to the complicated nature of CJIS there’s a fine line between compliance and non-compliance that is dangerously easy to toe.
How can I avoid punishment for things beyond my control?
Again, intent is nine-tenths of the law. If you want to minimize your agencies risk, make sure you follow CJIS guidelines as closely as possible. Additionally, you may want to look into consulting with external resources to verify your compliance or clarify the policy as needed. An agency that does everything they can to be compliant, is likely to be less severely judged if an issue of non-compliance arises than one which resulted from negligence.