Establishes The Conditions And Procedures To Be Applied To Ensure Interoperability Between Information Systems Of Criminal Police Bodies

Original Language Title: Estabelece as condições e os procedimentos a aplicar para assegurar a interoperabilidade entre sistemas de informação dos órgãos de polícia criminal

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now

Read the untranslated law here: http://app.parlamento.pt/webutils/docs/doc.pdf?path=6148523063446f764c3246795a5868774d546f334e7a67774c336470626d6c7561574e7059585270646d467a4c316776644756346447397a4c334277624449334f4331594c6d527659773d3d&fich=ppl278-X.doc&Inline=false

1 PROPOSAL of law No. 278/X explanatory memorandum the new law of Organization of Criminal investigation (Act No. 49/2008, of 27 August) came to clarify that the integrated system of criminal information, whose creation was planned, from the beginning, in law No. 21/2000, of 10 August, does not correspond to a single database, resulting prior to the establishment , by appropriate technological facilities, an effective interoperability between information systems of various criminal police bodies. It is simply to ensure that the duty of mutual cooperation between the criminal police bodies, in particular at the level of sharing of information, in accordance with the needs and skills of each of them and always with safeguarding the confidentiality of Justice regimes and State secret. Regulates, in accordance with article 11 of the Law of Organization of Criminal investigation, sharing and access to information, access levels, within each organ of criminal police, take the necessary measures to provide legally implementing a platform for the exchange of criminal information. For this purpose, the technical architecture of the new instrument for collaborative work as well as the responsibilities of the entities involved, the rules to be adopted with regard to the processing of data and protection of fundamental rights of the people whom pertain the data and information and the essential supervisory mechanisms.

The Secretary General of the internal security system is in accordance with subparagraph (c)) of paragraph 2 and paragraph 4 of article 15 of the law of Organization of Criminal investigation, ensure sharing of information, ensuring the operation and all access 2 criminal police bodies to integrated information system, without access to criminal proceedings or to the constant elements of these processes and their own databases. Was heard the National Commission for Data Protection. Must be triggered queries to the Supreme Judicial Council, the Supreme Council of the public prosecutor's Office and the Bar Association. So: under d) of paragraph 1 of article 197 of the Constitution, the Government presents to the Assembly of the Republic the following Bill: TITLE I subject matter and definitions Article 1 subject-matter this law approves the conditions and procedures to be applied for establishing the integrated system of criminal information, in accordance with the provisions of article 11 of law No. 49/2008 , of 27 August, through the implementation of a platform for the exchange of criminal information that ensures an effective interoperability between information systems of criminal police bodies. Article 2 Platform for the exchange of criminal information 1-is created the platform for the exchange of criminal information by electronic means between the criminal police bodies, hereinafter abbreviated designated platform.

2-the platform aims to ensure a high level of security in the exchange of criminal information between the criminal police bodies, for the purpose of prevention actions 3 and criminal investigation with a view to strengthening prevention and criminal prosecution. Article 3 Principles 1-information systems of criminal police bodies are independent of each other and managed by each competent authority in accordance with the legal framework specifically applicable and should, however, be adopted all the necessary measures to ensure interoperability is regulated by this law, with a view to enabling the sharing of information through the platform. 2-the elements of the criminal police bodies and the judicial authorities duly authorised have access to criminal information contained in information systems referred to in the preceding paragraph with respect to matters which, within their respective powers and competences, have, in each case, need-to-know. 3-access to information systems and the treatment of the subjects there are collected according to the provisions of this law and other applicable legislation. 4-people who, in the performance of their duties, have access to information systems of criminal police bodies are bound by the obligation of professional secrecy, even after the expiry of those.

TITLE II exchange of information article 4 composition of the 1 platform-platform for the exchange of criminal information fit ensure: 4 a) safety component; b) A uniform access interface for each criminal police body; c) a database interface support and uniform access to criminal information; d) A component of indexing, research and data relationship. 2-the communications necessary for the regular functioning of the platform are made in an encrypted virtual network dedicated. Article 5 Responsibilities 1-it is the Secretary General of the internal security system to ensure the implementation and general coordination of the platform and, in particular, ensure the exchange of information, as well as the supervision and overall security of the platform. 2-Each criminal police body shall ensure the proper functioning of its information systems, as well as contribute to the functionality of the platform. 3-the creation and management of encrypted virtual network dedicated through which must be held secure exchange of data between users of the platform are the responsibility of the national network of Homeland Security, in coordination with the information technology and communications services at a criminal police body. Article 6 platform security the entities referred to in the preceding article shall adopt, of unison, the necessary measures, including a security plan, for: a) physically Protect data, including by preparing contingency plans to protect essential infrastructures; b) prevent any unauthorised person access to facilities used


5 for the processing of personal data (input control on the premises); c) prevent data media can be read, copied, modified or withdrawn without authorization (control of data media); d) Prevent the unauthorised data, as well as any query, unauthorized modification or deletion of personal data (control of conservation); e) prevent automated data processing systems may be used by unauthorized persons by means of data transmission facilities (control of use); f) ensure that persons authorised to use an automated data processing system only have access to the data covered by your authorization to access through personal and unique user identities and confidential access modes (data access control); g) ensure that all authorities with a right of access to the platform or to the data processing facilities create profiles describing the functions and responsibilities of persons who are authorised to access, enter, update, delete and query the data, and make these profiles available to the National data protection Commission without delay and at its request (personnel profiles); h) to guarantee that it is possible to verify and establish to which bodies personal data may be transmitted by means of data transmission equipment (control of transmission); I) Ensure we can verify and determine retrospectively what the personal data introduced in the automated data-processing systems, when, by whom and for what purpose (control of introduction); j) Prevent, in particular by means of appropriate encryption techniques, that the data can be read, copied, modified or deleted without authorization during the transmission of personal data or the transport of data media (transport control) 6; l) monitor the effectiveness of the security measures referred to in this paragraph and take the necessary organisational measures related to internal monitoring to ensure compliance with this law. Article 7 1 use control-all access and all exchanges of personal data through the platform are fully registered, in order to verify the legality of the appointment and the legality of the data controller, proceed to self-control and ensure the proper functioning of the platform, as well as the integrity and security of data. 2-the records contain obligatorily the history of queries, the date and time of the data transmission, the data used to make a query, the reference to the data transmitted and the name of the competent authority and the user. 3-the National Commission for Data Protection to carry out the supervision of how queries are made and complied with legal provisions on the processing of data. Article 8 provision of data and information 1-through the platform can be Accessed directly: a) data and information not covered by the secrecy of Justice; b) Required information and intelligence covered by the secrecy of Justice. 2-Each criminal police body ensures that do not apply to the supply of data requested through the platform more stringent conditions than those applied to the supply of data and information on the internal level, in the same circumstances. 3-the exchange of information and intelligence in accordance with this law, not up to 7 agreement or judicial authorization when the requested authority may, in the cases and legally prescribed terms, have access to data without such requirement. 4-in cases where access to data or information legally dependent on agreement or judicial authority, authorization must be requested by the requested authority to the competent judicial authority, in order to be decided according to rules similar to those applicable to the criminal defendant. 5-the data accessible through the platform are inserted, updated and deleted only by users of each organ systems of criminal police in accordance with the specific legislation that regulates. 6-the data and information are accessed through electronic means only on the conditions authorized by this Act. Article 9 access Profiles 1-access to platform is made according to the following profiles: a) 1 Profile-reserved for leaders of each organ of criminal police; b) Profile 2-reserved for heads of crime investigation units of each participating entity on the platform; c) Profile 3-reserved to users who perform functions of analysts. 2-simultaneously structured profiles are set horizontally, so that the access to the platform takes into account the different roles and competences of criminal police bodies arising from Act No. 49/2008, of 27 August, and other applicable legislation. 3-are approved by the Coordinating Council of the Criminal Police Bodies institutional mechanisms suitable for profiles, the rules of use and audit log of accesses, as well as other security procedures that ensure 8 compliance with article 6 4-the competent judicial authorities may, at any time and in respect of which processes hold , access to the information contained in the integrated system of criminal information. Article 10 time limits in case of indirect access 1-When obtaining information can occur through direct access, the criminal police body required the establishment of the mechanisms to respond within 8 hours to requests for data and information. 2-If the information holder criminal police cannot respond within 8 hours, shall indicate the reasons for this temporary impossibility, in which case the period of fixed answer.

3-the supply of data and information should be limited to what is considered relevant and necessary for the success of crime prevention or criminal investigation in the case. Article 11 requests for data and information 1-can be requested data and information for the purpose of prevention or criminal investigation where there are factual reasons justifying the request, and should this be stated such factual reasons and set out the purposes for which it is requested the data and information, as well as the relationship between these purposes and the person concerned information and intelligence. 2-the applicant party should refrain from requesting more data or information than


9 the necessary for the purpose for which it is intended for the application. 3-requests for data or information shall include the elements set out on forms approved in accordance with article 14 of law No. 49/2008, of 27 August, by the Coordinating Council of the Criminal Police Bodies. Article 12 Data Protection 1-personal data processed in the framework of the application of this law are protected in accordance with law No. 67/98 of 26 October.



2-Each user entity of the platform should ensure compliance with the legal rules and additional specific procedures approved by the Coordinating Council of the Criminal Police Bodies in the protection of data exchanged through the platform. 3-Is also subject to the legal provisions in force on data protection the use of data and information that have been obtained, pursuant to this law, through the platform. 4-the data and information, including personal data, obtained under this law may only be used by entities that have obtained for the purpose for which it was provided, or to prevent serious and immediate threats to internal security. Article 13 Confidentiality 1-10 entities to obtain data and information through the platform relate, in each particular case, the requirements of secrecy of Justice, ensuring the confidentiality of all data and information provided with such classification. 2-people who, in the exercise of their functions, to obtain data and information through the integrated system of criminal information shall be subject to professional secrecy, in accordance with paragraph 1 of article 17 of law No. 67/98 of 26 October.



TITLE III final provisions article 14 1 planning and execution-the Secretary General of the internal security system submits for consideration and approval by the Coordinating Council of the Criminal Police Bodies: a) the study of the design of platform for the exchange of criminal information between criminal police bodies, containing all the technological specifications of the project; b) illustrative prototype of architecture, organization and functioning of the platform under the conditions provided for in this law; c) additional procedures applicable to specific platform to strengthen data protection conditions;

11 d) the plan of actions to be undertaken for the development of a pilot system as well as for its enlargement to criminal police bodies. 2-the Secretary General of the internal security system presents to the Coordinating Council of the Criminal Police Bodies to full list of existing information systems and accessible in each criminal police body on the date of entry into force of this law, as well as periodically updated information on new applications that may be accessed through the platform.

3-The appropriate institutional mechanisms for assigning profiles, registration rules of use and access, audit the forms referred to in paragraph 3 of article 11, additional specific procedures provided for in paragraph 2 of article 12, as well as all safety procedures are subject to the prior opinion of the CNPD.

Seen and approved by the Council of Ministers of April 30 2009 the Prime Minister the Minister of Parliamentary Affairs Minister Presidency