DCJS Use & Dissemination Agreement

 
WHEREAS, the Division of Criminal Justice Services ("hereinafter DCJS") is a multi-function criminal justice support agency tasked with a variety of statutory responsibilities;

WHEREAS, among DCJS’ core agency functions is the oversight of public safety training programs;

WHEREAS, the DCJS Office of Public Safety (OPS) is responsible for the administration of these programs which are developed to enhance the effectiveness, efficiency and professionalism of public and private law enforcement, public safety and security agencies and officers in New York State;

WHEREAS, OPS has oversight responsibility over: both basic mandated and advanced in-service police and peace officer training programs, the Central State Registry of Peace and Police Officers, and the Security Guard Program, to ensure compliance with all applicable laws, regulations, standards, policies and procedures;

WHEREAS, DCJS maintains the Public Safety Credentialing and Training System ("PSCTS"), an internet-based user interface designed to manage certifications, personnel, curricula, and training records in the public safety arena which is capable of recording and maintaining data, storing files and communications, as well as delivering, monitoring and recording completion of on-line training programs; and

WHEREAS, DCJS agrees to allow [NAME OF PARTICIPATING AGENCY/EMPLOYER, CITY, New York] (Participating Agency/Employer) access to the PSCTS in accordance with the user definitions and descriptions as outlined in Exhibit A.

NOW, THEREFORE, in consideration of the mutual obligations contained herein, the parties agree as follows:

DUTIES OF DCJS (where applicable)

DCJS will collect and maintain information pursuant to all applicable laws, regulations, standards, policies and procedures, and will maintain the information in a single electronic location accessible to appropriate staff of DCJS and Participating Agency/Employer.

DCJS will ensure that the PSCTS provides a secure environment for DCJS staff and Participating Agency/Employer staff to, where applicable: maintain a police and peace officer registry; manage the curriculum approval process; maintain course content and lesson plans; manage instructor certification; administer personnel changes and organizational histories; record completion of mandated and voluntary training programs; produce statistical reports on records therein; distribute and analyze evaluation instruments; attach or link to relevant documentation; create and distribute pre-designed and ad-hoc reporting, participate in online training as offered by DCJS and other applicable obligations.

DCJS will allow Participating Agency/Employer to electronically access the PSCTS for those authorized purposes specified in Exhibit A.

DCJS, via the PSCTS, will assign each Participating Agency/Employer, and each personnel of Participating Agency/Employer who will have access to the PSCTS, a unique identifier to be used as a customer account number when accessing the system.

DCJS will monitor, audit (routine and periodic) and review the activities of Participating Agency/Employer, and each personnel of Participating Agency/Employer who will have access to the PSCTS, in order to ensure compliance with all applicable laws, regulations, standards, policies and procedures regarding the information contained in the PSCTS.

DUTIES OF PARTICIPATING AGENCY/EMPLOYER (where applicable)

The Participating Agency/Employer will adhere to applicable reporting and training requirements pursuant to statutory obligations and requirements set forth by the Commissioner of DCJS.

The Participating Agency/Employer will, when applicable, submit, maintain, review, verify, update, search, access, receive, use, and exchange all information contained in the PSCTS in compliance with all applicable laws, regulations, standards, policies and procedures.

The Participating Agency/Employer will protect the security of Personal, Private, Sensitive Information ("PPSI") contained in the PSCTS.

The Participating Agency/Employer will ensure that access to the PSCTS and PPSI are restricted to authorized personnel.

The Participating Agency/Employer will restrict access to the PSCTS for only those authorized purposes specified in Exhibit A.

The Participating Agency/Employer will keep records of access or utilization of the PSCTS as DCJS may require and make such records available to facilitate audits to ensure compliance with all applicable laws, regulations, standards, policies and procedures regarding the information contained in the PSCTS.

The Participating Agency/Employer will appoint a Terminal Agency Coordinator (TAC) who will be responsible for ensuring compliance with all applicable laws, regulations, standards, policies and procedures. The TAC will ensure that Participating Agency/Employer, and the personnel of Participating Agency/Employer who will access the PSCTS, are trained in the operation and maintenance of the PSCTS. The TAC will also maintain a complete, accurate and up-to-date listing of all PSCTS users and their Participating Agency/Employer identifications. The head of the Participating Agency/Employer will notify DCJS, in writing, of the appointment of the TAC.

State Technology Law §208 and General Business Law §899-aa require State entities and persons or businesses conducting business in New York, who own or license computerized data, which includes certain private information, including an individual's unencrypted personal information plus one or more of the following: social security number; driver's license number or non-driver ID number; account number, credit or debit card number, plus security code access code or password, which permits access to an individual's financial account, to provide notification of a breach in the security of the system to persons whose private information was, or is reasonably believed to have been, acquired by an unauthorized person. In addition to notifying the affected person(s), State entities must notify the Attorney General, the Department of State Division of Consumer Protection, and the Office of Information Technology Services' Enterprise Information Security Office. Persons or businesses conducting business in New York must also notify the Attorney General, the Department of State Division of Consumer Protection, and the Division of State Police. Information relative to the law and the notification process is available at: http://www.its.ny.gov/eiso/breach-notification.

INDEMNIFICATION

Participating Agency/Employer, to the extent permitted by State or federal law, agrees to indemnify and save harmless DCJS, its officers and employees, from and against any and all claims, demands, actions, suits and proceedings brought by others arising out of, or in any way related to, the conduct of the Participating Agency/Employer, including, but not limited to, breach of security, and wrongful disclosure of or negligent failure to protect the data provided to Participating Agency/Employer from access by unauthorized individuals.

VENUE

All legal proceedings and actions brought against DCJS by the Participating Agency/Employer shall be pursued in the New York State court system and the venue shall be in Albany, New York.

SUSPENSION, TERMINATION, MODIFICATION

DCJS may suspend all or part of the privileges granted to Participating Agency/Employer by virtue of this Agreement for a violation or a series of violations of any applicable laws,

regulations, standards, policies and procedures. DCJS may resume access to the PSCTS when it is satisfied that all violations have been corrected or eliminated. The decision to lift the suspension of a Participating Agency/Employer shall be in the sole discretion of DCJS.

DCJS or Participating Agency/Employer may terminate this Agreement, for any reason, by providing the other party with thirty (30) days written notice of their intent to terminate.

DCJS and Participating Agency/Employer agree that modifications to this Agreement shall only be effective if in writing and signed by both parties.

EFFECTIVE DATE

This Agreement shall become effective when signed by the Commissioner of DCJS, or his or her designee, and the official of the Participating Agency/Employer having authority to bind the Participating Agency/Employer to the terms and conditions enumerated herein.

EXHIBITS

This Agreement, including all appendices, attachments and exhibits, copies of which are attached and incorporated by reference as though set forth in their entirety herein, constitutes the entire Agreement between the Parties.

*Click to view and print Exhibit A*