Gang Stalking and F.O.I.A.

Gang Stalking and Freedom Of Information.

I put my sleuthing brain to the task and this is what I came up with. It's a bit of a data dump right now, but I wanted to get the information out there.

http://youthviolence.edschool.virginia.edu/threat-assessment/pdf/college-threat-recommended-practices.pdf

http://www.nabita.org/docs/whitepaper_risk_mitigation.pdf

4. Threat assessment files should be maintained in the law enforcement or security records of the institution rather than in the subject’s educational records or employment records.

5. Threat assessment files should be protected for security purposes as investigations of possible criminal behavior. The release of threat assessment information could jeopardize efforts to prevent an act of violence and it could disclose practices that nullify or reduce the effectiveness of threat assessments in future cases.

Because threat assessments are essentially investigations of criminal behavior, most, if not all, of the records created by a threat assessment should not be eligible for release under the Freedom of Information Act (FOIA). Reports generated by the threat assessment team may be exempt under Va. Code §§2.2-3705.2(4), 3706(F)(1)(3), and 3706(G)(1). A response by the team that includes a criminal arrest and prosecution may be exempt from release pursuant to Va. Code §2.2-3706(F)(1) and (3). This protection from disclosure applies to records generated by the threat assessment team for threat assessment purposes.

Records obtained from other sources, such as student academic reports, employee records, or medical records, should be protected under existing laws and regulations regarding redisclosure of protected information. For example, student scholastic records maintained by a university may Virginia College Threat Assessment 21
be exempt under Va. Code §2.2-3705.4. Employee personnel records may be exempt under Va. Code §2.2-3705.1.

The Office of the Virginia Attorney General has provided guidance to the Department of Criminal Justice Services on the exemptions from FOIA that apply to threat assessment records, but recommends that each threat assessment team consult with its own institutional legal authorities. It would be desirable if the General Assembly would pass legislation that specifically excluded the records of threat assessment teams from FOIA release.

6. Institutions that do not have an internal law enforcement agency may designate a particular office or school official to maintain threat assessment records. In all cases, threat assessment records should be regarded as law enforcement/security related records, even if the person in charge of maintaining the records is not a sworn law enforcement officer. The person designated as the campus safety official for the purpose of fulfilling Clery Act requirements may be appropriate.

7. The creation of a threat assessment file will not prevent use of other records according to existing practices. For example, disciplinary actions that would ordinarily be included in the subject’s educational or employment record should continue to be placed in those records. Incidents of threatening behavior that would ordinarily be recorded in an institutional file, such as an employment record, should continue to be placed in those locations.

G. Health Insurance Portability and Accountability Act (HIPAA)
1. According to the U.S. Department of Education, HIPAA does not apply to education records: “The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a law passed by Congress intended to establish transaction, security, privacy, and other standards to address concerns about the electronic exchange of health information. However, the HIPAA Privacy Rule excludes from its coverage those records that are protected by FERPA at school districts and postsecondary institutions that provide health or medical services to students. This is because Congress specifically addressed how education records should be protected under FERPA. For this reason, records that are protected by FERPA are not subject to the HIPAA Privacy Rule and may be shared with parents under the circumstances described above.” (http://www.ed.gov/policy/gen/guid/fpco/hottopics/ht-parents-postsecstudents.html

2. HIPAA allows disclosure of protected health information, including psychotherapy notes, concerning a patient when it is considered necessary to prevent a serious and imminent threat to others. This can include disclosure to law enforcement, family members, potential victims and others if the disclosure can be justified as reducing the risk of violence. See CFR §164.512(j).

2. Institutions of higher education, such as some community colleges, which do not have mental health professionals who can serve on a threat assessment team should contract with a mental health agency or independent practitioner in the community who can serve as a team member.

3. Institutions of higher education, such as some community colleges, which do not have an institution-based law enforcement staff that can serve on a threat assessment team should contract with a local law enforcement agency to obtain a team member.

D. Threat assessment records
Threat assessment teams should maintain confidential records of all cases for legal and security purposes. The records will not be part of a subject’s academic, medical, mental health, or employment records, if any exist at the institution. This policy does not alter any other policy regarding the placement of information in a subject’s academic, medical, mental health, or employment records.

§37.2-808. Emergency custody; issuance and execution of order.
A. Any magistrate may issue, upon the sworn petition of any responsible person or upon his own motion, an emergency custody order when he has probable cause to believe that any person within his judicial district (i) has mental illness, (ii) presents an imminent danger to himself or others as a result of mental illness or is so seriously mentally ill as to be substantially unable to care for himself, (iii) is in need of hospitalization or treatment, and (iv) is unwilling to volunteer or incapable of volunteering for hospitalization or treatment.

F. A law-enforcement officer who, based upon his observation or the reliable reports of others, has probable cause to believe that a person meets the criteria for emergency custody as stated in this section may take that person into custody and transport that person to an appropriate location to assess the need for hospitalization or treatment without prior authorization. Such evaluation shall be conducted immediately.

Virginia Criminal Information Network system established and maintained by the Department pursuant to Chapter 2 (§52-12 et seq.) of Title 52. Where practical, the court or magistrate may transfer information electronically to the Virginia Criminal Information Network system. A copy of an emergency protective order issued pursuant to this section shall be served upon the respondent as soon as possible, and upon service, the agency making service shall enter the date and time of service into the Virginia Criminal Information Network system.

E. Each threat assessment team shall establish relationships or utilize existing relationships with local and state law enforcement agencies as well as mental health agencies to expedite assessment and intervention with individuals whose behavior may present a threat to safety.

Under current regulations, personally identifiable information (PII) includes a student’s name and other direct personal identifiers, such as the student’s SSN or student number. PII also includes indirect identifiers, such as the name of the student’s parent or other family members; the student’s or family’s address, and personal characteristics or other information that would make the student’s identity easily traceable. The final regulations add biometric records to the list of personal identifiers that constitute PII, and add other indirect identifiers, such as date and place of birth and mother’s maiden name, as examples of identifiers that should be considered in determining whether information is personally identifiable. In response to public comments, the final regulations define “biometric record” to mean a record of one or more measurable biological
Virginia College Threat Assessment 82
or behavioral characteristics that can be used for automated recognition of an individual, including fingerprints, retina and iris patterns, voiceprints, DNA sequence, facial characteristics, and handwriting. The definition is based on National Security Presidential Directive 59 and Homeland Security Presidential Directive 24.
The final regulations remove from the definition of PII the reference to “other information that would make the student’s identity easily traceable” because the phrase lacked specificity and clarity, and possibly suggested a fairly low standard for protecting education records. In its place, the regulations add that PII includes “other information that, alone or in combination, is linked or linkable to a specific student that would allow a reasonable person in the school community, who does not have personal knowledge of the relevant circumstances, to identify the student with reasonable certainty.” This change brings the definition more in line with recent Office of Management and Budget (OMB) guidance to Federal agencies, with modifications tailored to the educational community. (See OMB M-07-16, “Safeguarding Against and Responding to the Breach of Personally Identifiable Information” at footnote 1:

http://www.whitehouse.gov/omb/memoranda/fy2007/m07-16.pdf.) Under the final regulations, PII also includes “information requested by a person who the educational agency or institution reasonably believes knows the identity of the student to whom the education record relates.”

In a nut shell, these threat assessment teams take in anonymous reports that are used to assess if an individuals is dangerous, mentally ill, what have you. They also take in reports from those around the target. False information can come in, but the target does not have the access to clear false information, which is allowed under most privacy laws. This is similar to what the Fusion centers do, and this is what companies like the A.C.L.U. were essentially fighting against with the fusion centers, but then here are universities and companies getting away with hiding this information from the people who need access to it, so that they can legally clear up any misinformation on their records. Not only that, but these threat assessments are being used to slander the individual in many cases, but under these guidelines they might not have information or access to the records.

This is really wrong, and legally this has to be challenged. This is one area that targets might be able to start in with a privacy lawyer. Request the information it's your right, but when it's denied, then then legal challenges can begin. I don't know if this is the case in all States, or other countries such as Canada, but it will be interesting to find out. In the U.K. the laws do allow the request and disclosure of information, but I have not yet found a similar clause that hides the information away.