This bill provides for the classification and destruction of data collected by automated license plate readers and establishes protocols and requirements for their use.
Section 1 amends the law enforcement data statute to add a subdivision governing automated license plate reader data.
Paragraph (a) defines “automated license plate reader.”
Paragraph (b) provides that specified data collected by an automated license plate reader are private or nonpublic data. It includes license plate numbers; date, time, and location data on vehicles; and pictures of license plates, vehicles, and areas surrounding vehicles. This would codify a temporary classification of the data that will expire on August 1, 2015. This classification would not apply to the extent the data were arrest data, request for service data, or response or incident data (which are public under current law), or active criminal investigative data (which are confidential or protected nonpublic).
Paragraph (c) contains data destruction requirements. The general rule is that the data must be destroyed 90 days from the time of collection, provided that if law enforcement has received a written request that the data be preserved from an individual who is the subject of a pending criminal charge or complaint where the data may be used as exculpatory evidence, the data must not be destroyed until the charge or complaint is resolved or dismissed. In addition, upon request of a participant in the Safe At Home Program, the data must be destroyed at the time of collection or upon receipt of the request, whichever occurs later, unless the data are active criminal investigative data. Data on a request of a program participant are classified as private. If data are shared with another law enforcement agency, the agency that receives the data must comply with the data destruction requirements.
Paragraph (d) requires law enforcement agencies to maintain a log of the use of an automated license plate reader. The log must include specific times of day that the reader actively collected data and a list of databases with which the data were compared, unless the existence of the database is not public; aggregate number of vehicles or license plates on which data were collected for each period of active use; number of vehicles or plates in specified “hit” categories for each period of active use; and for a reader at a stationary location, the location at which it collected data. Data in the log are public.
Paragraph (e) requires a law enforcement agency to maintain records showing the date data were collected and the applicable classification. The agency must arrange for an independent, triennial audit of the records to determine whether data are classified and destroyed as required and to verify compliance with paragraph (f).
Paragraph (f) requires a law enforcement agency to comply with sections 13.05, subdivision 5 (data protection and security policy requirements) and 13.055 (data breach notification requirements) in the operation of an automated license plate reader and access to data. The responsible authority must establish written procedures to ensure that personnel have access to the data only if authorized in writing by the head of the law enforcement agency to obtain access for a legitimate, specified, and documented law enforcement purpose. Access must be based on a reasonable suspicion that the data are pertinent to a criminal investigation and a request must include a record of the factual basis for the request. Notwithstanding the general law that authorizes the exchange of information among law enforcement agencies, the automated license plate reader data may be shared only if the requesting agency complies with these requirements.
Paragraph (g) requires a law enforcement agency to notify the Bureau of Criminal Apprehension within 10 days of installation or current use of an automated license plate reader. The bureau must maintain a list of agencies using the readers, including locations of stationary readers. The list would be public and must be available on the bureau’s website, except to the extent the bureau determines that the location of a specific reader is security information.
An immediate effective date is included for this section. Data collected before the effective date must be destroyed, if required by this section, no later than 15 days after the effective date.
Section 2 requires the Peace Officer Standards and Training Board to adopt and disseminate a model policy governing the use and operation of automated license plate readers. Law enforcement agencies must establish and enforce a written policy that is identical or substantially similar to the model policy. A law enforcement agency that does not comply with this requirement must not use an automated license plate reader.
Section 3 contains application and effective date provisions for the model policies. The POST board must adopt the model policy by October 1, 2015, and chief law enforcement officers must adopt the agency policy by January 15, 2016.
|