An ALPR end-user shall do all of the following:
(a) Maintain reasonable security procedures and practices, including operational, administrative, technical, and physical safeguards, to protect ALPR information from unauthorized access, destruction, use, modification, or disclosure.
(b) (1) Implement a usage and privacy policy in order to ensure that the access, use, sharing, and dissemination of ALPR information is consistent with respect for individuals’ privacy and civil liberties. The usage and privacy policy shall be available to the public in writing, and, if the ALPR end-user has an Internet Web site, the usage and privacy policy shall be posted conspicuously on that Internet Web site.
(2) The usage and privacy policy shall, at a minimum, include all of the following:
(A) The authorized purposes for accessing and using ALPR information.
(B) A description of the job title or other designation of the employees and independent contractors who are authorized to access and use ALPR information. The policy shall identify the training requirements necessary for those authorized employees and independent contractors.
(C) A description of how the ALPR system will be monitored to ensure the security of the information accessed or used, and compliance with all applicable privacy laws and a process for periodic system audits.
(D) The purposes of, process for, and restrictions on, the sale, sharing, or transfer of ALPR information to other persons.
(E) The title of the official custodian, or owner, of the ALPR information responsible for implementing this section.
(F) A description of the reasonable measures that will be used to ensure the accuracy of ALPR information and correct data errors.
(G) The length of time ALPR information will be retained, and the process the ALPR end-user will utilize to determine if and when to destroy retained ALPR information.
(Added by Stats. 2015, Ch. 532, Sec. 3. (SB 34) Effective January 1, 2016.)