Automated License Plate Reader Privacy and Usage Policy
Effective: January 15, 2021
The Bureau of Automotive Repair (BAR) collects Smog Check Program audit data from random Smog Check inspections performed on California roadways (“Roadside Inspections”). BAR is updating its Roadside data collection equipment to include an Automated License Plate Reader (ALPR). The ALPR data will be used for the purpose of facilitating the efficient collection of Roadside data and evaluating the effectiveness of the Smog Check Program.
The ALPR system component is a mobile or fixed camera that is combined with computer software to capture and record a vehicle’s license plate information. These systems typically operate by photographing an image of a license plate, using optical character recognition (OCR) software to convert the image into the alpha-numeric characters of the license plate, and then comparing the alpha-numeric data to data held in other databases. The ALPR system captures other data as well, including the geographic location of a license plate and the time and date that the license plate was scanned. The ALPR system can also provide a "contextual" photo of the car itself, making information about car make and model, distinguishing features, state of registration, and driver and passenger potentially available. The ALPR system does not identify a specific person.
The photograph the system generates is not considered “personally identifiable information” (PII) because it does not contain an individual’s first name or first initial and last name, and it is not paired with data elements such as an individual’s social security number, or driver’s license number. However, the data generated from the photograph with the use of an ALPR system can be linked to an identifiable person through a registration database, such as the Department of Motor Vehicles (DMV). When ALPR information is cross referenced with DMV registration data, it provides make and model year along with the registered owner information. BAR has a long history of managing DMV data and fully adheres to DMV data management requirements as outlined in the DMV Information Security Agreement (DISA), as well as all Department of Consumer Affairs (DCA) Information Security Office policies.
BAR’s ALPR Privacy and Usage Policy incorporates the requirements of Civil Code sections 1798.29, 1798.82, and 1798.90.5, et seq., which requires all public agencies that operate an ALPR system to maintain reasonable security procedures and practices, including operational, administrative, technical, and physical safeguards to protect ALPR information from unauthorized access, destruction, use, modification or disclosure. At a minimum, public agencies must:
- Disclose any breach of security of the data to any affected resident of California, consistent with the requirements of Civil Code section 1798.29.
- Provide an opportunity for public comment at a regularly scheduled public meeting before implementing the program.
- ALPR information will be collected only for the purposes of evaluating Smog Check Program effectiveness, research, regulation development and implementation, and emissions inventory.
- BAR will designate a custodian responsible for ALPR data and the effective implementation of this policy.
- Only trained and authorized staff will generate, store, access, or analyze ALPR information.
- ALPR information will be stored only on limited access and encrypted drives that meet state standards for storing data.
- BAR will provide training to each staff person that ensures the security of the information and compliance with applicable privacy laws.
- ALPR information will not be sold, shared, or transferred to other persons outside of BAR, except for the following purposes:
- Law enforcement agencies for authorized law enforcement purposes.
- Public agencies that have signed a confidentiality agreement and agreed to keep the information confidential.
- ALPR information that has been cross referenced to DMV registration information will be treated as DMV registered data.
- ALPR information will be retained and destroyed consistent with BAR’s file retention policy.
- Aggregate data, vehicle make, model, model year, and technology emissions information are not considered confidential information.
- The assigned ALPR data custodian is BAR’s Chief of Engineering, or designee. The ALPR custodian will monitor the ALPR system and ensure the security of the ALPR information by:
- Maintaining a log detailing each analysis or project for which the ALPR data was used, and which authorized users utilized the data.
- Verifying only authorized users have access to ALPR information by conducting periodic audits of access and usage.
- Ensuring each ALPR operator and user has taken all required training before accessing ALPR information.
- All authorized ALPR system operators, users, and custodians must receive training, which will include, at a minimum:
- A security briefing presentation.
- A signed confidentiality acknowledgement form, which confirms that they have received and understand all ALPR policies and procedures.
- The custodian will keep a list of trained users and operators that includes name, title, and contact information, and which will be updated annually.
- Authorized ALPR system operators will periodically spot-check and compare license plate readings recorded by the system to manually reviewed license plate images to identify potential record anomalies. Identified errors will be reported to management and corrected, and changes to the system necessary to improve accuracy will be reviewed and implemented.
- In the event of a data security breach involving ALPR data, the ALPR custodian will notify DCA’s Information Security Officer (ISO), who will take the following steps:
- Notify the subject of the security breach in accordance with the requirements of section 1798.82 of the Civil Code.
- Follow the procedural requirements of the Statewide Information Management Manual (SIMM).
BAR reserves the right to revise this policy at any point in the future and such changes will be retroactively applicable to data collected prior to any revision of this policy. The current version of the policy shall be reflected by the date shown above.