Overview and Frequently Asked Questions Overview North Carolina Department of Public Safety owns N.C. GangNET, a gang-tracking software application used for investigative, analytical, and statistical recording and tracking of gang members and associates, gangs, and their activities from jurisdictions across the state. The NC GangNET database supports information sharing about gang members and activities among participating law enforcement agencies and the NC Division of Adult Correction. N.C. GangNET and its associated training are offered free of charge to North Carolina qualified participants. NC GangNET is based on the commercially developed GangNET software utilized by numerous federal, state, and local law enforcement agencies across the United States and Canada. NC GangNET is managed by staff of the Criminal Justice Analysis Center (CJAC) and IT support is provided by DPS Information Technology staff members. NC GangNET provides investigators a supplement to the existing law enforcement agency records management systems by providing a consolidated repository of information on gang members and associates and gang-related activity. NC GangNET allows certified users including law enforcement officers, support personnel, probation and corrections officers to search gang-oriented information in a more efficient and effective manner than is possible in local agency's standard investigative records management systems. For example, a trained and certified officer in a local police department can easily query NC GangNET for a list of members in a specific gang or check to determine if a suspected gang member from another jurisdiction who is operating within the officer's city has been identified in other jurisdictions. It is not currently possible to perform the same sort of query using many local police department's records management systems. NC GangNET has the capacity to share information with other state and local law enforcement agencies that use the GangNET software via the Washington/Baltimore High Intensity Drug Trafficking Area (W/B HIDTA) program. W/B HIDTA provides a read-only platform that allows participating local, state, and federal GangNET to share interstate gang intelligence. W/B HIDTA participants do not have the capability to edit or change information in NC GangNET. GCC requires access controls for state and local agencies as a prerequisite to gaining access to NC GangNET data. NC GangNET complies with 28 Code of Federal Regulations (C.F.R.) Part 23, a federal regulation governing federally funded multijurisdictional criminal intelligence systems to ensure they are used in conformance with the privacy and constitutional rights of individuals. Under this regulation, a project can only collect and maintain criminal intelligence information concerning an individual if there is reasonable suspicion that the individual is involved in criminal conduct or activity and the information is relevant to that criminal conduct or activity. NC GangNET has established system submission criteria that define which individuals may be recorded in the system. All systems operating under 28 C.F.R. Part 23 have a mandatory maximum retention period of five years after the last date the data is edited. In accordance with 28 C.F.R. Part 23, an individual must meet criteria established by NC GangNET to be included as either a gang member or gang associate in NC GangNET. For example, an individual that has been convicted of a gang-related offense, has admitted to gang membership, and/or has been identified as a gang member by a jail or prison in which they were confined, could be included as a gang member or associated in the NC GangNET system. NC GangNET data is not used directly as evidence to prosecute crimes. NC GangNET is solely a data repository with limited search and analytical tools that help certified users identify individuals and organizations that may be involved in gang-related criminal activity. It is incumbent on the investigator that uses NC GangNET to build their case using original data sources which are referenced in NC GangNET and not information within the system alone. Typical Transaction During the course of a criminal investigation, a gang investigator encounters an individual (for example, the officer interviews the individual) who meets the North Carolina established criteria for being a gang member. In addition to other recordkeeping activities associated with the investigation (e.g., writing a report of interview for the case file and inputting information into the local agency records management system), the officer may logon to NC GangNET and query the system to determine if the individual already has an NC GangNET record. If no record exists, the officer may create a new record and enter the available identifying information about the individual, such as name, date of birth, physical description, immigration status, suspected gang affiliation, and photograph if available. The officer may also enter notes about his encounter with the individual (i.e., the interview). If the individual already has an NC GangNET record, the agent will review the record to determine if there is any useful information that may assist in his current investigation. In addition to updating any official case records that exist pertaining to the current investigation, he will also update the NC GangNET record with any new information obtained during the interview and will enter notes about the interview itself. Characterization of the Information (Frequently Asked Questions) The following 35 questions and responses are intended to define the scope of the information requested and/or collected as well as reasons for its collection as part of the program, system, rule, or technology being developed. Juvenile Inclusion The following questions pertain to the inclusion of information about juvenile gang members, suspects and associates. In North Carolina, juvenile refers to all individuals that are under the age of 18 years. (Note: A change in juvenile age became effective Dec. 1, 2019 with implementation of Raise the Age legislation.) Question 1: Are there special rules for the use of information on juveniles in the NC GangNET system? Question 2: Why is it important to maintain information on juveniles? General Information and Sources of Data Question 3: What information is collected, used, disseminated, or maintained in the system? Question 4: What are the sources of the information in the system? Question 5: Why is the information being collected, used, disseminated, or maintained? Question 6: How is the information collected? Question 7: How will the information be checked for accuracy? Question 8: Given the amount and type of data collected, what privacy risks were identified and how were they mitigated? Uses of the Information The following questions are intended to delineate clearly the use of information and the accuracy of the data being used. Question 9: Describe all the uses of information. Question 10: What types of tools are used to analyze data and what type of data may be produced? Question 11: If the system uses commercial or publicly available data please explain why and how it is used. Question 12: Describe any types of controls that may be in place to ensure that information is handled in accordance with the above described uses. Retention The following questions are intended to outline how long information will be retained after the most recent collection edit. Question 13: What information is retained? Question 14: How long is information retained? Question 15: What are the risks associated with the length of time data is retained and how are those risks mitigated? Internal Sharing and Disclosure The following questions are intended to define the scope of sharing within and between North Carolina certified law enforcement and correctional agencies. Question 16: With which law enforcement and correctional organization(s) is the information shared, what information is shared and for what purpose? Question 17: How is the information transmitted or disclosed? Question 18: Considering the extent of internal information sharing, what privacy risks are associated with the sharing and how were they mitigated? External Sharing and Disclosure The following questions are intended to define the content, scope, and authority for information sharing external to NC GangNET certified users, which includes federal, state and local government, and other partners via W/B HIDTA. Question 19: With which external organization(s) is the information shared, what information is shared, and for what purpose? Question 20: Is the sharing of personally identifiable information outside the State compatible with the original collection? Question 21: How is the information shared outside the state and what security measures safeguard its transmission? Question 22: Given the external sharing, what privacy risks identified and describe how were they mitigated? Notice The following questions are directed at notice to the individual of the scope of information collected, the right to consent to uses of said information, and the right to decline to provide information. Question 23: Was notice provided to the individual prior to collection of information? Question 24: Do individuals have the opportunity and/or right to decline to provide information? Question 25: Do individuals have the right to consent to particular uses of the information? If so, how does the individual exercise the right? Question 26:How is notice provided to individuals, and how are the risks associated with individuals being unaware of the collection mitigated? Access, Redress and Correction The following questions are directed at an individual's ability to ensure the accuracy of the information collected about them. Question 27: What are the procedures that allow individuals to gain access to their information? Question 28: What are the privacy risks associated and what redress is available to individuals and how are those risks mitigated? Technical Access and Security The following questions are intended to describe technical safeguards and security measures. Question 29: What procedures are in place to determine which users may access the system and are they documented? Question 30: Will Department contractors have access to the system? Question 31: Describe what privacy training is provided to users either generally or specifically relevant to the program or system? Question 32: What auditing measures and technical safeguards are in place to prevent misuse of NC GangNET data? Question 33: Given the sensitivity and scope of the information collected, as well as any information sharing conducted on the system, what privacy risks were identified and how do the security controls mitigate them? Technology The following questions are directed at critically analyzing the selection process for any technologies utilized by the system, including system hardware. Question 34: What is a gang intelligence system? Question 35: Does the system employ technology which may raise privacy concerns? For a copy of this document with all questions and answers, click here. Much of the information in this document was adapted from the Department of Homeland Security ICE Gang Privacy Impact Report.