Ask Reggi Your Question Now

Reggi is the free generative AI assistance for regulatory compliance
Ask a Question

Can I use third-party social media tools that collect personal information in Missouri? What are the requirements?

Third-Party Social Media Tools and Personal Information Collection in Missouri

Third-party social media tools that collect personal information in Missouri are subject to the Privacy and Security Requirements established by MOCS 11 CSR 30-4.090 [3.1].

According to this rule, criminal history record information (CHRI) collected by criminal justice agencies on individuals consisting of identifiable descriptions and notations of arrests, detentions, indictments, information or other formal criminal charges, any disposition arising from criminal charges, sentencing, correctional supervision, and release is subject to strict privacy and security requirements.

However, this rule does not apply to CHRI contained in posters, announcements, or lists for identifying or apprehending fugitives or wanted persons; original records of entry, such as police blotters maintained by criminal justice agencies, compiled chronologically and required by law or long-standing custom to be made public, if records are organized on a chronological basis; court records of public judicial proceedings; published court or administrative opinions or public, judicial, administrative, or legislative proceedings; records of traffic offenses maintained by state departments of transportation, motor vehicles, or the equivalent of those records for regulating the issuance, suspension, revocation, or renewal of drivers’, pilots’ or other operators’ licenses; and announcements of executive clemency [3.1].

Therefore, if the personal information collected by third-party social media tools falls under the definition of CHRI, the Privacy and Security Requirements established by MOCS 11 CSR 30-4.090 apply.

Requirements for Dissemination and Security of CHRI

The Privacy and Security Requirements established by MOCS 11 CSR 30-4.090 require criminal justice agencies to receive complete CHRI for criminal justice purposes and criminal justice employment purposes. Noncriminal justice agencies or citizens shall receive CHRI for employment, licensing purposes, or reasons stated in the request, including all conviction data, all charges for which an individual is currently under the jurisdiction of the criminal justice system, all charges resulting in an imposition of SIS until the time as the case is finally terminated, and information regarding an arrest, if it is within thirty (30) days of the arrest and no action has been taken by the prosecuting or circuit attorney [3.1].

Agencies providing security must be mindful of computer software and hardware, restriction of file access, and safeguard policies regarding computer operation in the following areas: protection through proper storage, protection through computer programs, legitimate destruction of records, detection of unauthorized penetration of programs or files, and protection of security and protection from destruction. Agencies must screen prospective employees who will have access to CHRI and be responsible for transferring or removing personnel in cases of violation. The agency must institute manual procedures for physical and data security, institute manual procedures to prevent file destruction, and limit direct access to criminal history record information. Each employee working with or having access to criminal history record information shall be made familiar with the substance and intent of these regulations [3.1].

Privacy of Computer-accessible, Confidential Personal Information

Agencies in Missouri are required to develop a policy and procedure to protect computer-accessible, confidential personal information [2.1]. Agencies shall maintain a current description of computer-accessible, confidential personal information, a list of agencies that have access to the information and the reason the information is kept. The collecting agency shall also identify the statute that is the basis to classify the personal information as confidential [2.1]. A written agreement to protect the right to privacy of computer-accessible, confidential personal information must be signed before that information is provided by an agency to any other agency or private entity acting on behalf of an agency [2.1].

Conclusion

Third-party social media tools that collect personal information in Missouri are subject to the Privacy and Security Requirements established by MOCS 11 CSR 30-4.090. If the personal information collected by third-party social media tools falls under the definition of CHRI, the Privacy and Security Requirements established by MOCS 11 CSR 30-4.090 apply. Agencies in Missouri are required to develop a policy and procedure to protect computer-accessible, confidential personal information. A written agreement to protect the right to privacy of computer-accessible, confidential personal information must be signed before that information is provided by an agency to any other agency or private entity acting on behalf of an agency [2.1][3.1].

Source(s):
Jurisdiction

Missouri