TITLE LXII
CRIMINAL CODE

Chapter 651-F
INFORMATION AND ANALYSIS CENTER

Section 651-F:1

    651-F:1 Definitions. –
In this chapter:
I. "Criminal intelligence information" means information and data that have been determined through evaluation to be relevant to the identification of actual and impending criminal activity by an individual or group that is reasonably suspected of involvement in criminal or terrorist activity, and meets valid criminal intelligence suspicion criteria. Criminal activity shall not include motor vehicle-related offenses.
II. "Criminal intelligence system" means the arrangements, equipment, facilities, and procedures used for the receipt, analysis, storage, interagency sharing, or dissemination of criminal intelligence information.
III. "Information and analysis center" means an organizational entity within the department of safety that compiles, analyzes, and disseminates information in support of efforts to anticipate, identify, prevent, mitigate, respond to, and recover from natural and human-caused threats to the state and its people or to the United States, on behalf of the single government agency and also operates an inter-jurisdictional intelligence sharing system on behalf of 2 or more participating agencies, whether called a criminal intelligence system, information and analysis center, fusion center, or by any other name.
IV. "Intelligence data" means information and data gathered from a number of sources that, when analyzed and evaluated, provides the basis for decision making to help ensure the safety and well-being of the people of New Hampshire from actual or impending criminal or terrorist activity.
V. "Inter-jurisdictional intelligence system" means an intelligence system that involves 2 or more participating agencies representing different governmental units or jurisdictions.
VI. "Participating agency" means an agency of a local, county, state, federal, or other governmental unit that exercises homeland security, emergency management, law enforcement, or criminal investigation authority and is authorized to submit and receive criminal intelligence data through an inter-jurisdictional intelligence system. A participating agency may be a member or non-member of an inter-jurisdictional intelligence system.
VII. "Personally identifiable data" means data or information that contains a person's name, date or place of birth, social security number, address, employment history, credit history, financial information, account numbers, cellular telephone, voice over Internet protocol or landline telephone numbers, biometric identifiers including fingerprints, facial photographs or images, retinal scans, DNA/RNA, or other identifying data unique to that individual.
VIII. "Reasonably suspected" means information received and evaluated by a law enforcement officer or intelligence analyst in consideration of his or her training and experience and the facts and circumstances under which it was received that would cause a prudent person to conclude that there are sufficient facts to believe that the information is relevant to and will aid in the detection, discovery, or interruption of actual, planned, or impending criminal or terrorist activity by an individual or group.
IX. "Validation of information" means the procedures governing the periodic review of criminal intelligence and personally identifiable data to assure its continuing compliance with system submission criteria.

Source. 2010, 82:2, eff. May 19, 2010.

Section 651-F:2

    651-F:2 Purpose and Duties. –
I. The information and analysis center shall gather information on natural and human-caused threats to the state, its people, and environment. The center shall:
(a) Gather, monitor, and analyze information from a variety of sources, examine the information, and document its significance, veracity, and possible impact on the state and its people.
(b) Evaluate critical infrastructure and key resource assets of the state and assist the director of the division of homeland security and emergency management and the director of state police in better protecting these assets.
(c) Gather available information from federal, state, and local sources and provide situational awareness, disaster intelligence, and early warning of possible terrorist activities or events, including but not limited to chemical, biological, explosive, radioactive, and nuclear threats, natural hazards, severe weather conditions, traffic hazards, fuel shortages, threats to the transportation, energy, and agricultural infrastructures, public health threats, and hazardous materials incidents.
(d) Track criminal activity in the state and provide information to the attorney general, and state, county, and local law enforcement officials to assist with the deployment of resources, to aid in the investigation of crimes, and to assist in minimizing possible conflicts in situations where 2 or more agencies are investigating the same suspect or case.
(e) Participate in planning for and monitoring various special events that might involve threats to public safety and assist the commissioner of the department of safety, the director of homeland security and emergency management, and political subdivisions in anticipating threats and adequately protecting against them.
II. The center shall monitor information from a variety of open and classified sources, analyze that information, and provide information that serves the homeland security, public safety, and emergency management needs of the state. The center shall assist in the development and use of real-time metrics in the effective and efficient deployment of public safety resources.
III. Information provided by the center shall include but not be limited to a daily report to the governor, the commissioner of the department of safety, the director of the division of state police, and the director of homeland security and emergency management that summarizes significant events or information from the previous 24-hour period that could have a significant effect on the health and safety of New Hampshire citizens and visitors, special reports regarding significant situations as they arise, responses to ad hoc requests for public safety data and information from public safety agencies, and ad hoc requests for data and analysis that will assist the department of safety in deployment of its resources.
IV. The center may allow the attendance, on detached duty with appropriate security clearances, of representatives of local police departments, county sheriffs' departments, the 911 mapping unit, the department of health and human services, the Federal Bureau of Investigation, and the Department of Homeland Security who shall be subject to the provisions of this chapter regarding access to information.

Source. 2010, 82:2, eff. May 19, 2010; 208:5, eff. Aug. 24, 2010.

Section 651-F:3

    651-F:3 Advisory Committee. –
I. The intelligence subcommittee of the advisory council on emergency preparedness and security (ACEPS) established under RSA 21-P:48 shall serve as an advisory committee to the information and analysis center, meeting periodically at the call of the chair or the commissioner of the department of safety to review the operations of the center and provide advice to the commissioner regarding security, privacy, data technology, the protection of civil rights, and other matters.
II. The attorney general or designee, and a representative of a civil liberties organization, appointed by the governor and council, shall meet with the intelligence subcommittee of ACEPS at least annually to receive reports regarding the operation of the center and provide added input to best insure the protection of civil rights and personal privacy.
III. The assistant commissioner of the department of safety shall provide ongoing oversight over the operations of the center, and shall ensure that the center compiles a report on its activities to be incorporated with the department of safety's annual report to the governor and council.
IV. On or before November 30, 2013, the advisory council on emergency preparedness and security shall report to the governor, the speaker of the house of representatives, the president of the senate, and the chairpersons of the house and senate finance committees on the progress and accomplishments of the information and analysis center and shall include recommendations for any legislative changes and whether or not the operations of the center should continue.

Source. 2010, 82:2, eff. May 19, 2010; 208:6, eff. Aug. 24, 2010.

Section 651-F:4

    651-F:4 Management. –
I. Persons working at the center shall be subject to background investigations and appropriate levels of security clearances. Security policies shall govern admittance to the center and the access to and release of data. The co-managers of the center shall develop and maintain an internal manual of procedures for persons working in the center. The manual shall be approved by the commissioner of the department of safety. Supplemental job descriptions for state personnel working within high security areas of the center shall include the requirement to obtain security clearances.
II. All personnel assigned to the center shall receive appropriate training for the functions they will perform.
III. The activities of the information and analysis center shall be budgeted as a specific activity code within the biennial budget of the department of safety and subject to the same level of program review and financial audit by the office of the legislative budget assistant as all other budgeted functions of state agencies.

Source. 2010, 82:2, eff. May 19, 2010.

Section 651-F:5

    651-F:5 Intelligence Functions of the Center. –
I. Each participating agency, as a condition of access to the center, shall comply with the requirements of this chapter governing the collection, analysis, evaluation, maintenance, sharing, and expunging of information and data included as part of the inter-jurisdictional system.
II. Nothing in this chapter shall prevent the center from gathering and disseminating non-criminal data such as traffic crash information, weather information, and other data and information relevant and useful to the non-criminal deployment of public safety resources; provided however, that the center shall not receive, obtain, use, or retain any personally identifiable data in connection with such activities other than that publicly available for individuals licensed by the state to engage in certain occupations and professions that may be needed to respond to emergencies, and contact data regarding persons in charge of or responsible for responding to incidents at critical infrastructure sites.
III. Except as provided in paragraph II, the center may collect, use, or retain personally identifiable data as part of criminal intelligence information only.
IV. The operations and policies of criminal intelligence systems in this state shall be no less stringent than those established by the United States Department of Justice in 28 C.F.R. part 23. To the extent that, in this chapter or elsewhere, the state provides greater protection of civil rights and personal privacy than applicable federal law, state law shall take precedence.
V. Criminal intelligence data may be shared on a case-by-case basis only with law enforcement, homeland security, or counter-terrorism agencies for detective, investigative, preventive, anti-terrorism, or intelligence activity only when the information is within the law enforcement or investigative jurisdiction of the receiving agency, or may assist in preventing a crime.
VI. Criminal intelligence data may be shared with officials charged with monitoring or auditing the system's compliance with this chapter and any rules or policies adopted to implement this chapter.
VII. Except as provided elsewhere in this chapter, the information and analysis center shall share criminal intelligence data only with agencies qualified to receive this information and data under this chapter and that have procedures in place regarding information and data receipt, maintenance, security, dissemination, and expunging that are consistent with constitutional and civil liberties safeguards set forth in this chapter, unless determined to be reasonably necessary to prevent impending danger to life or property.
(a) The center shall collect and maintain criminal intelligence information concerning an individual only if there is a reasonable suspicion that the individual is involved in criminal conduct or activity, or terrorist activity, and the information is directly relevant to that conduct or activity.
(b) The center shall not collect or maintain criminal intelligence information about the political, religious, or social views, associations, or activities of any individual or group, association, corporation, business, partnership, or other organization unless such information relates directly to criminal or terrorist conduct or activity and there is reasonable suspicion that the subject of the information is or may be involved in criminal or terrorist conduct or activity.
(c) If the information is received from an inter-jurisdictional source, the center is responsible for establishing that no information is entered in violation of federal or state laws, either through examination of supporting information submitted by a participating agency or by inspection and audit procedures established by the center.
(d) The center or authorized recipient of information shall disseminate criminal or terrorist intelligence only when there is a need to know and a right to know the information in the performance of a law enforcement or anti-terrorism activity. The center shall disseminate criminal intelligence information only to law enforcement authorities who shall agree to follow procedures of the center regarding information receipt, maintenance, security, and dissemination which are consistent with 28 C.F.R. part 23 or state law where state law provides greater protection of civil rights and personal privacy. This paragraph shall not limit the dissemination of an assessment of criminal intelligence information to a government official or other individual under circumstances where such dissemination is necessary to avoid imminent danger to life or property.
VIII. The information and analysis center shall implement administrative, technical, and physical safeguards to protect against unauthorized access, improper use or retention of personally identifiable data, and intentional or unintentional damage. A record indicating to whom information has been disseminated, the reason for the release of the information, and the date of each dissemination outside the center shall be kept and clearly labeled to indicate the levels of sensitivity, levels of confidence, and the identity of the submitting agency or agencies and controlling officials.
IX. The information and analysis center shall establish written definitions for the need to know and the right to know standards for dissemination to other agencies as provided in subparagraph VII(d) and shall be responsible for establishing the existence of the requester's need to know and right to know the information requested, either through inquiry or by delegation of this responsibility to a properly trained participating agency that is subject to routine audit and inspection procedures established by the center.
X. Criminal intelligence information including personally identifiable data retained in the criminal intelligence system shall be reviewed and validated for continuing compliance with system submission criteria before the expiration of the information's retention period, which in no event shall be longer than 5 years. After the initial 5 years, the retention period may be extended in one-year increments subject to annual review, if the state police commander of the center believes that there is a reasonable possibility of ongoing criminal activity sufficient to retain the information for the additional time. The commander shall annually submit to the assistant commissioner of the department of safety a listing of files that are being retained beyond the 5-year period.
XI. The information and analysis center shall implement security policies and procedures to ensure that remote access to intelligence information and personally identifiable data is available only to authorized system users and only on a case-by-case basis.
XII. The commissioner of the department of safety or a designee with general policy making authority who has been designated with such control by the commissioner, and who has certified in writing that he or she takes full responsibility for the system's compliance with the provisions of this chapter shall have control and supervision of information and collection by the information and analysis center.

Source. 2010, 82:2, eff. May 19, 2010.

Section 651-F:6

    651-F:6 Security of Data. –
I. The center shall utilize effective and technologically advanced computer software and hardware designs to prevent unauthorized access to the information contained in the system. The center shall restrict access to its facilities, operating environment, and documentation to authorized organizations and personnel.
II. The center shall store information in the system in such a manner that it cannot be modified, destroyed, accessed, or purged without authorization.
III. The center shall institute procedures to protect criminal intelligence and terrorism intelligence information from unauthorized access, theft, sabotage, fire, flood, or other natural or human-made disaster.
IV. The center shall adopt procedures for implementing its authority to screen, reject for employment, transfer, or remove personnel authorized to have direct access to the system and may only authorize and utilize a remote, off-premises system database to the extent that it complies with these security requirements and is under the exclusive control of the center.
V. The center shall adopt procedures to assure that only information relevant to the center's purpose, as defined in this chapter, is retained. Such procedures shall provide for the periodic review of information and the destruction of any information which is misleading, obsolete, or otherwise unreliable, and shall require that any recipient agencies be advised of such changes which involve errors or corrections. All information retained as a result of periodic review shall reflect the name of the reviewer, date of review, and an explanation of the decision to retain. Information retained in the system shall be reviewed and validated for continuing compliance with system submission criteria before the expiration of its retention period, which in no event shall be longer than 5 years.
VI. The center shall make remote terminal access to intelligence information available to a participating agency, provided the agency has adequate policies and procedures in place to insure that the information is accessible only to authorized users. Such access shall be on a case-by-case basis only.
VII. There shall be no purchase or use of any electronic, mechanical, or other device for surveillance purposes that is in violation of the provisions of the Electronic Communications Privacy Act of 1986, RSA 570-A:1 through RSA 570-A:11, or any other applicable federal or state statute related to civil rights, personal privacy, personally identifiable data, or wiretapping and surveillance.
VIII. The intelligence operations of the center shall not interfere with the lawful activities of any other federal or state department or agency.
IX. In addition to the penalties set forth in RSA 651-F:7, the center shall adopt internal sanctions for unauthorized access, utilization, or disclosure of information contained in the system.
X. The center and any participating inter-jurisdictional agencies shall maintain information documenting each submission to the system. Each submission shall demonstrate compliance with center entry criteria. Such submissions shall be made available for reasonable audit and inspection by center representatives who shall conduct participating agency inspections and audits in such a manner as to protect the confidentiality and sensitivity of participating agency intelligence records.

Source. 2010, 82:2, eff. May 19, 2010.

Section 651-F:7

    651-F:7 Penalties. –
I. Any person who purposely obtains, receives, uses, disseminates to an unauthorized individual, or retains any personally identifiable information on individuals in contravention of the provisions of this chapter shall be guilty of a felony and subject to a fine of $1,000 for each such violation. Prosecutions under this section shall be the responsibility of the attorney general.
II. An aggrieved individual may bring suit for civil penalties for up to $10,000 or actual damages, whichever is greater, for a violation of this section, but no action against the state shall exceed the limits to which the state has waived its sovereign immunity. The court may also award court costs and reasonable attorney's fees.

Source. 2010, 82:2, eff. May 19, 2010; 208:7, eff. Aug. 24, 2010.

Section 651-F:8

    651-F:8 Audit Requirement and Disclosure. – The department of safety shall maintain and conduct periodic audits of data access performed by personnel assigned to the center at least annually. The audit shall consist of a review of authorized credentials of persons accessing the data, a random sampling of data input quality and the type and reason for data access, and a review of the policy and procedures that govern data entry, access, and purging. The department shall report its findings in an annual report to the speaker of the house of representatives, the president of the senate, the governor, the intelligence subcommittee of the advisory council on emergency preparedness and security established under RSA 21-P:48, the attorney general, and the representative of the civil liberties organization designated under RSA 651-F:3, II.

Source. 2010, 82:2, eff. May 19, 2010.