State agencies responsible for implementing Department of Justice regulations for privacy and security in criminal history record information have expressed the need for cost data and principles to justify budget requests and to support proposals for the additional State legislation often required. The regulations pertain to (1) completeness and accuracy of criminal history record information; (2) dissemination of criminal history record information; (3) security; (4) audit; and (5) information access, challenge, and review. A sixth cost area was defined by the project team: the cost of planning for and developing legislation, rules, policies, standards or methods for privacy, and security compliance. The manual cost model presented has two parts. One part -- the cost analysis form -- uses short-cut estimation procedures based on values derived from data collected in five States. The second part calls for detailed cost input and calculations and summarizations. The automated model adapts the manual model to automation. It facilitates interactive question-and-answer input procedures, eliminates all interim manual computations, and provides automatic production of output reports. Cost principles are presented for each operational component of the functional requirements. The costs associated with each component were developed, tested, and documented. For Volume 2, a discussion of the automated versions of the model, see NCJ 80564. For Volume 3, an executive summary of the project, see NCJ 80565. The appendix discusses constitutional and legal aspects of the privacy debate and traces the developments that led to the promulgation of the regulations. Tabular data and 51 notes are provided.