AN INTRODUCTORY SECTION TOUCHES BRIEFLY ON MATTERS RELATED TO THE PHYSICAL SECURITY OF COMPUTER EQUIPMENT AND TO PRIVACY ISSUES. THE PREPONDERANCE OF THE DISCUSSION IS DEVOTED TO THE TOPIC OF DATA SECURITY, I.E., THE PROTECTION OF DATA AGAINST UNAUTHORIZED OR ACCIDENTAL MODIFICATION, DESTRUCTION, OR DISCLOSURE. DATA SECURITY GUIDELINES, DRAWN FROM AN INTERNATIONAL BUSINESS MACHINES CORPORATION PUBLICATION, COVER SYSTEMS DESIGN CONSIDERATIONS, USER IDENTIFICATION, USER AUTHORIZATION, DATA FILE PROTECTION, AND AUDIT PROCEDURES. IT IS POINTED OUT THAT LAW ENFORCEMENT AGENCIES MUST FIRST DETERMINE HOW MUCH RISK THEY FACE WITH REGARD TO DATA SECURITY AND THEN DECIDE HOW MUCH CAN BE SPENT TO REDUCE THAT RISK TO AN ACCEPTABLE LEVEL. IN LAW ENFORCEMENT AND CRIMINAL JUTICE INFORMATION SYSTEMS, MOST OF THE INFORMATION ON FILE IS AVAILABLE FROM OTHER SOURCES. THEREFORE THE LEVEL OF SECURITY REQUIRED REALLY IS THAT WHICH WOULD LEAD POTENTIAL VIOLATORS TO LOOK TO OTHER SOURCES. THE GREATEST DATA SECURITY PROBLEM IN LAW ENFORCEMENT PROBABLY IS THE CARELESS OR INADVERTENT DISCLOSURE OF INFORMATION BY EMPLOYEES WHO ARE PROPERLY AUTHORIZED BUT NOT PROPERLY INDOCTRINATED IN THE IMPORTANCE OF LIMITING DISCLOSURE. (LKM)