Bill Text: HI SB424 | 2019 | Regular Session | Introduced


Bill Title: Relating To Criminal Records.

Spectrum: Partisan Bill (Democrat 1-0)

Status: (Introduced) 2019-02-01 - The committee on JDC deferred the measure. [SB424 Detail]

Download: Hawaii-2019-SB424-Introduced.html

THE SENATE

S.B. NO.

424

THIRTIETH LEGISLATURE, 2019

 

STATE OF HAWAII

 

 

 

 

 

 

A BILL FOR AN ACT

 

 

RELATING TO CRIMINAL RECORDS.

 

 

BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF HAWAII:

 


     SECTION 1.  Chapter 846, Hawaii Revised Statutes, is amended by adding a new part to be appropriately designated and to read as follows:

"Part   .  Uniform criminal records accuracy act

a. General Provisions

     §846-A  Short title.  This part may be cited as the "Uniform Criminal Records Accuracy Act".

     §846-B  Definitions.  As used in this part:

     "Noncriminal history record information" means information collected:

     (1)  As a result of an inquiry about an activity, habit, practice, possession, association, or financial status of an individual; and

     (2)  To anticipate, prevent, monitor, or investigate criminal activity.

     "Reportable event" means any of the following relating to a felony or misdemeanor, other than a traffic violation:

     (1)  Arrest resulting in booking into a detention facility or collection of fingerprint identification information;

     (2)  Disposition after an arrest described in paragraph (1) without initiation of a criminal proceeding;

     (3)  Initiation of a criminal proceeding;

     (4)  Disposition of a criminal proceeding, including diversion, dismissal, indefinite postponement, acquittal, guilty plea, conviction, sentencing, and modification, reversal, and revocation of the disposition;

     (5)  Commitment to or release from a place of detention or custodial supervision;

     (6)  Commencement or conclusion of noncustodial supervision;

     (7)  Completion of a sentence;

     (8)  Expungement, sealing, or setting aside of criminal history record information;

     (9)  Grant of clemency, including pardon or commutation, or restoration of rights; or

    (10)  Finding of legal incapacity by a court at any stage of a criminal proceeding.

     "Subject" means an individual about whom criminal history record information is collected, stored, maintained, submitted, or disseminated as required or permitted by this part or any other law.

     §846-C  Public records.  Except as otherwise provided by law, court rule, or order, the court docket, court file, and information contained in a docket or file are public records.

     §846-D  Dissemination log.  (a)  A dissemination log required by sections 846-J or 846-N shall include each criminal history record information request and dissemination to a person identifiable by the criminal justice agency or data center.

     (b)  A dissemination log required by section 846-J or 846‑N shall be separate from noncriminal history record information and criminal history record information.  The log shall include at least:

     (1)  The name of the subject about whom criminal history record information is requested;

     (2)  The name of the person making the request and its associated address;

     (3)  The name of the individual making the dissemination;

     (4)  The date of the request;

     (5)  The date of the dissemination; and

     (6)  A statement whether the information was disseminated for a purpose other than the administration of criminal justice.

     (c)  A dissemination log required by section 846-J or 846‑N shall be made available to the public only as provided by law other than this part.

     (d)  An entry in a dissemination log required by section 846‑J or 846-N shall be maintained as long as the associated criminal history record information is maintained.

     §846-E  Establishment of procedures.  The rulemaking requirements of chapter 91 shall not apply to the establishment of procedures under this part.

B.  Criminal Justice Agencies

     §846-F  Collection and submission of information to the data center.  A criminal justice agency that has custody of, or control, authority, or jurisdiction over, an individual for a reportable event shall collect, store, and maintain criminal history record information on the event.  No later than five days after the criminal justice agency collects the information, the criminal justice agency shall submit the information to the data center in compliance with procedures established by the data center.

     §846-G  Collection and submission of fingerprint identification information.  (a)  A criminal justice agency that has custody of, or control, authority, or jurisdiction over, an individual as a result of the individual's involvement in a reportable event shall determine whether fingerprint identification information about the individual has been collected and submitted to the data center.  If the criminal justice agency is a court, the attorney general shall make the determination and report the results of its determination to the court.

     (b)  If a criminal justice agency determines under subsection (a) that fingerprint identification information has not been collected and submitted to the data center, the criminal justice agency, using any procedure available to it under law other than this part, shall collect the missing fingerprint identification information.  No later than five days after collection, the criminal justice agency shall submit the information to the data center in compliance with procedures established by the data center.

     §846-H  Accuracy and correction of information.  (a)  A criminal justice agency shall collect, store, maintain, submit, and disseminate accurate criminal history record information in compliance with procedures established by the data center.

     (b)  No later than fourteen days after a criminal justice agency discovers that it possesses inaccurate criminal history record information, the criminal justice agency shall:

     (1)  Correct its records;

     (2)  Notify the data center of the inaccuracy and correction; and

     (3)  If another criminal justice agency received the information under section 846-I(b) within one year before the discovery, notify the agency of the inaccuracy and correction.

     §846-I  Dissemination of criminal history record information.  (a)  A criminal justice agency may disseminate criminal history record information only as required or permitted by this part or by law other than this part.

     (b)  A criminal justice agency may disseminate criminal history record information to another criminal justice agency upon request from the other criminal justice agency in connection with the duties of the requesting criminal justice agency.

     §846-J  Dissemination log of criminal justice agencies.  A criminal justice agency shall create, store, and maintain a dissemination log complying with section 846-D.  No later than fourteen days after the criminal justice agency disseminates criminal history record information, the criminal justice agency shall enter the information required by section 846-D in the dissemination log.

C.  Data Center

     §846-K  Duty of the data center.  (a)  The data center shall receive, store, maintain, and disseminate criminal history record information report to the data center under this part.

     (b)  The data center may disseminate criminal history record information only as required or permitted by this part or law other than this part.

     (c)  The data center shall receive, store, maintain, and disseminate accurate criminal history record information in compliance with procedures established by the attorney general under section 846-GG.

     (d)  The data center shall establish procedures to resolve data conflicts and discover missing data for accurate criminal history record information.

     §846-L  Dissemination of information to subject.  (a)  No later than fourteen days after the data center receives a request from a subject for the subject's own criminal history record information, the data center shall search its records and:

     (1)  If the search discloses criminal history record information about the subject, disseminate the information to the subject; or

     (2)  If the search does not disclose criminal history record information about the subject, notify the subject of the fact.

     (b)  Criminal history record information disseminated under this section must include a conspicuous notice that it is provided for review by the subject and may not be relied on or considered current for use by another person.

     §846-M  Dissemination of information to person authorized by subject.  (a)  A subject may authorize another person to receive the subject's criminal history record information from the data center.

     (b)  Before the data center disseminates criminal history record information under this section, the data center shall determine whether the information contains:

     (1)  A disposition after an arrest without initiation of a criminal proceeding; or

     (2)  A disposition of a criminal proceeding, including diversion, dismissal, indefinite postponement, acquittal, guilty plea, conviction, and sentencing, and modification, reversal, and revocation of the disposition, for every arrest or initiation of a criminal proceeding.

     (c)  If the data center determines under subsection (b) that the information does not contain a disposition, the data center shall attempt to determine the disposition and, if the data center determines the disposition, include that disposition in:

     (1)  The relevant records maintained by the data center; and

     (2)  The information to be disseminated.

     (d)  After complying with subsection (c), and before the data center disseminates information under this section, the data center shall remove from the information to be disseminated any notation of an arrest or initiation of criminal proceedings if:

     (1)  Eighteen months have elapsed since the later of the date of the arrest or initiation of criminal proceedings;

     (2)  A disposition has not been identified with respect to the arrest;

     (3)  A warrant is not outstanding with respect to the arrest; and

     (4)  A proceeding is not pending with respect to the arrest which may result in a conviction.

     (e)  Subsection (d) does not apply if a law, other than this part, requires that the person receive all criminal history record information about the subject.

     (f)  No later than five days after the data center disseminates information under this section, the data center shall send the same information to the subject, based on the contact information provided by the person requesting the information.

     §846-N  Dissemination log of data center.  The data center shall create, store, and maintain a dissemination log complying with 846-D.  No later than fourteen days after the data center disseminates criminal history record information, the data center shall enter the information required by section 846-D in the dissemination log.

     §846-O  Correction of inaccurate information.  No later than fourteen days after the data center determines that it possesses inaccurate criminal history record information, the data center shall follow the procedures in section 846-V(1) through (4).

     §846-P  Establishment of procedures.  The data center shall establish procedures:

     (1)  Necessary to carry out its powers and duties under this part;

     (2)  For the manner and form in which a criminal justice agency collects, stores, maintains, submits, and disseminates criminal history record information, including fingerprint identification information;

     (3)  To ensure that all criminal history record information for the same subject is linked; and

     (4)  For reporting, exchanging, and seeking correction of criminal history record information under this part, including forms.

     §846-Q  Dissemination of information for statistical or research purposes.  Consistent with law of the State other than this part and the United States, the data center may:

     (1)  Subject to paragraph (2), disseminate criminal history record information, including personally identifiable information, for a statistical or research purpose; and

     (2)  Limit the use and subsequent dissemination of information disseminated under this section and the procedures established by the data center.

     §846-R  Public information.  (a)  The data center shall inform the public of the existence and accessibility of criminal history record information collected, stored, maintained, and disseminated by criminal justice agencies and the data center.

     (b)  The data center shall inform the public, at least annually, concerning the:

     (1)  Extent and general nature of criminal history record information collected, stored, maintained, and disseminated in this State;

     (2)  Number of corrections to criminal history record information made by the data center;

     (3)  Results of audits under section 846-EE and the status of any correction of deficiencies identified; and

     (4)  Requirements and forms for a subject to access, review, and seek correction of criminal history record information received, stored, or maintained by the data center, including the right to appeal an adverse determination.

     §846-S  Training.  (a)  The data center shall regularly provide training to criminal justice agencies concerning submitting information on a reportable event and the importance of the information to subjects, the public, and the criminal justice system.

     (b)  The data center periodically shall identify, and provide remedial training to, any criminal justice agency that does not meet the requirements of this part.

D.  Correction of Criminal History Record Information

     §846-T  Request to correct.  A subject may seek correction of criminal history record information by sending the criminal justice agency storing the information or the data center a request for correction, specifying the information alleged to be inaccurate and providing the allegedly correct information.  A criminal justice agency that receives the request shall inform the subject that only the data center can act on the subject's request and that the criminal justice agency will forward the request to the data center.  No later than five days after receiving the request, the criminal justice agency shall forward to the data center the request and any criminal history record information relating to the subject.

     §846-U  Review of request.  (a)  No later than forty days after receipt of a request under section 846-T, the data center shall review and approve or deny the request.  The administrator of the data center may extend the time to review and act on the request for up to twenty-one days if the administrator certifies that there is good cause for an extension and notifies the subject.  The extension may not be renewed unless the subject agrees.

     (b)  If the data center does not act within the period provided in subsection (a), the request is deemed denied.

     (c)  Chapter 91 governs review of action or nonaction by the data center concerning a request under section 846-T.  Notwithstanding chapter 91, if the request is deemed denied under subsection (b), the data center has the burden of proof in a subsequent review.

     §846-V  Correction of record.  If the data center approves a request under section 846-T, no later than fourteen days after the decision under section 846-U becomes final and not subject to appeal, the data center shall:

     (1)  Correct its records;

     (2)  Disseminate notice of the inaccuracy and correction to the subject and each person to whom the data center disseminated inaccurate information for a purpose of administration of criminal justice within one year before the date of approval of the correction;

     (3)  Notify the criminal justice agency that provided the inaccurate information of the inaccuracy and correction; and

     (4)  On request of the subject:

          (A)  Disseminate notice of the inaccuracy and correction to each person the subject identifies as having received the inaccurate information under section 846-M; and

          (B)  Provide the subject at no cost one certified copy of the accurate information.

E.  Mistaken Identity Prevention Registry

     §846-W  Creation and maintenance of registry.  The data center shall create and maintain a mistaken identity prevention registry:

     (1)  Consisting of information voluntarily provided by:

          (A)  A victim of mistaken identity; or

          (B)  An individual whose name or other identifying characteristic is similar to that of another individual who is the subject of criminal history record information; and

     (2)  Designed to prevent:

          (A)  Creation of inaccurate criminal history record information;

          (B)  Inaccurate modification of criminal history record information;

          (C)  Mistaken arrest; and

          (D)  Confusion of an individual with another individual when criminal history record information is searched.

     §846-X  Requirements for registry.  (a)  The data center shall establish procedures for entry of information concerning an individual in a mistaken identity prevention registry.  The procedures shall require:

     (1)  Submission by the individual of a request to be entered in the registry; and

     (2)  Collection of fingerprint identification information from the individual.

     (b)  Using the procedures under subsection (a), the data center shall determine whether the individual has a name or other identifying characteristic similar to that of another individual who is the subject of criminal history record information.  If the data center determines the individual does have such a name or characteristic, the data center shall enter the information concerning the individual in the mistaken identity protection registry.  If the data center determines the individual does not have such a name or characteristic, the individual may seek relief under chapter 91.

     §846-Y  Certification.  No later than fourteen days after entering information concerning an individual in the mistaken identity prevention registry under section 846-X, the data center shall provide the individual a certification that the individual is not a specified individual with a similar name or identifying characteristic who is the subject of criminal history record information.  The certification is prima facie evidence of the facts certified.  A person may rely on the accuracy of the information in the certification.

     §846-Z  Dissemination of registry information.  (a)  The data center may not use or disseminate information from the mistaken identity prevention registry except as provided in this subpart.

     (b)  The data center shall disseminate information from the mistaken identity prevention registry to a criminal justice agency if the data center has reason to believe that identifying information on a reportable event may be inaccurate or incorrectly associated with an individual.

     (c)  The data center may disseminate information from the mistaken identity prevention registry to a national mistaken identity prevention registry if the national registry is created and maintained by a federal law enforcement agency with a purpose and protections similar to the registry created in this subpart.

     §846-AA  Verification of identity.  If a criminal justice agency seeks to establish the identity of an individual and the individual presents a certification issued under section 846-Y, the criminal justice agency shall accept the certification of the individual's identity unless the criminal justice agency has a reasonable basis to doubt the individual's identity or the authenticity of the certification, in which case the criminal justice agency shall contact the data center to verify the authenticity of the certification, using procedures established by the data center.

     §846-BB  Limitation on use of registry information.  (a)  A criminal justice agency and the data center may access or use information from the mistaken identity prevention registry only to:

     (1)  Identify accurately an individual about whom the criminal justice agency or data center has requested or received registry information; or

     (2)  Investigate, prosecute, or adjudicate an individual for an offense relating to participating in, using, or operating the registry.

     (b)  If information in the mistaken identity prevention registry is accessed or used for a purpose other than permitted under subsection (a):

     (1)  The information and any information acquired as a result of the improper access or use are not admissible in any criminal or civil action; and

     (2)  The data center shall notify the individual whose information was accessed or used improperly, no later than five days after it discovers the access or use.

     §846-CC  Removal of information from registry.  (a)  The data center shall establish procedures regarding a request to remove information from the mistaken identity prevention registry.

     (b)  No later than fourteen days after receiving a request complying with procedures established under subsection (a) from an individual for removal of information the individual voluntarily submitted under section 846-X(a), the data center shall remove the information from the mistaken identity prevention registry.

F.  Systems Security and Audit

     §846-DD  Security requirements.  To promote the confidentiality and security of criminal history record information collected, received, stored, maintained, submitted, and disseminated under this part, the data center shall establish procedures to:

     (1)  Protect information from loss or damage;

     (2)  Allow only an authorized person access to the information;

     (3)  Select, supervise, and train individuals authorized to access the information;

     (4)  If computerized data processing is used, meet the technical guidance for the security of systems established by the office of enterprise technology services; and

     (5)  Maintain an index of each data breach.

     §846-EE  Audit.  (a)  The auditor shall cause an audit to be conducted annually of a sample of criminal justice agencies and at least once every three years of the data center.

     (b)  If the auditor certifies that an audit required by an entity of the United States satisfies the requirements of this section, an additional audit is not required of the data center or criminal justice agency subject to the audit.

     (c)  An audit under this section must:

     (1)  Assess operational practices of the data center for consistency, efficiency, and security;

     (2)  Assess the integrity of each computerized system and database and each physical location where criminal history record information is stored;

     (3)  Assess any data breach in the data center and response to the breach; and

     (4)  Review a representative sample of criminal history record information stored by a criminal justice agency or the data center and determine the number of missing reportable events and amount and nature of missing fingerprint identification information in the sample, in part by examining public records of the courts of this State.

     (d)  A criminal justice agency and the data center shall give the auditor access to the records, reports, listings, and information required to conduct an audit under this section.  An officer, employee, or contractor of this State or a political subdivision of this State with relevant information shall cooperate with the auditor and provide information requested for an audit.

     (e)  The auditor shall prepare and make available a public report containing the results of audits under this section and a list of any deficiencies and recommendations for correction of deficiencies.

G.  Enforcement and Implementation

     §846-FF  Remedies.  (a)  The attorney general, data center, or a subject, in addition to other remedies provided by this part and any other law, may commence an action to compel compliance with or enjoin a violation of this part.  The court may award to a subject who prevails in the action reasonable fees and expenses of attorneys and court costs.

     (b)  A subject has a cause of action for an intentional or reckless violation of this part or procedures established under this part.  This subsection does not affect other remedies as provided by this part or law other than this part.  If the court finds by a preponderance of the evidence that the subject was injured by an intentional or reckless violation, the court shall award:

     (1)  The greater of:

          (A)  Actual damages; or

          (B)  $500 for each violation up to $2,000 in the action; and

     (2)  Reasonable fees and expenses of attorneys and court costs.

     §846-GG  Duties and authority of the attorney general.  (a)  The attorney general shall establish procedures to implement this part.  The procedures shall include provisions that:

     (1)  Govern the accuracy, dissemination, and review of, and individual access to, criminal history record information;

     (2)  Electronic data, including fingerprint identification information, must be stored in a manner that complies with the procedures established under section 846-DD;

     (3)  Establish technical guidance for the security of systems described in paragraphs (1) and (2); and

     (4)  Set a reasonable maximum fee for the cost of disseminating criminal history record information and provide a subject free access to the subject's information at least once each calendar year.

     (b)  The attorney general may designate any governmental agency, other than the data center as a criminal justice agency.

     (c)  The attorney general may investigate any matter relating to the administration and enforcement of this part.

H.  Miscellaneous Provisions

     §846-HH  Uniformity of application and construction.  In applying and construing this uniform act, consideration must be given to the need to promote uniformity of the law with respect to its subject matter among states that enact it.

     §846-II  Transitional provision.  Sections 846-H, 846-O, 846-T, 846-U, and 846-V apply to criminal history record information that is in existence before, on, or after the effective date of this part, regardless of the date the information was created or when the reportable event occurred."

     SECTION 2.  If any provision of this Act, or the application thereof to any person or circumstance, is held invalid, the invalidity does not affect other provisions or applications of the Act that can be given effect without the invalid provision or application, and to this end the provisions of this Act are severable.

     SECTION 3.  In codifying the new sections added by section 1 of this Act, the revisor of statutes shall substitute appropriate section numbers for the letters used in designating the new sections in this Act.

     SECTION 4.  This Act shall take effect upon its approval.

 

INTRODUCED BY:

_____________________________

 

 

 

 

 

 

 

 

 

 


 


 

Report Title:

Uniform Criminal Records Accuracy Act

 

Description:

Establishes the Uniform Criminal Records Accuracy Act in the State.

 

 

 

The summary description of legislation appearing on this page is for informational purposes only and is not legislation or evidence of legislative intent.

feedback