California Governor Jerry Brown (D) last week signed into law a bill that will require police agencies to be up front with the public about the use of cameras that record the identity and movements of drivers. The measure introduced by Senator Jerry Hill (D-San Mateo County), along with a companion bill regarding the Stingray cell phone intercept device, requires public agencies and private companies alike to protect the sensitive data they record.

"These new laws ensure that information collected by license plate readers and cell phone intercept devices is used and stored in a way that respects individuals' privacy and civil liberties," Hill said in a statement.

Hill does not oppose the use of automated license plate readers (ALPR, also known as ANPR in Europe), so his new law does nothing to limit or deter the use of tracking technology. Instead, he imposes minimum requirements on both public agencies and private companies that use traffic cameras. The law's definition of ALPR as a system that converts photographic images of license plates into "a searchable computerized database" means the provisions would also apply to speed camera and red light camera vendors.

Beginning January 1, 2016, users of ALPR devices will have to maintain "reasonable" securtiy standards, including training and oversight procedures. Camera systems must create a log every time an employee accesses a driver's location information so that unauthorized use can be documented. Agencies and companies must post a detailed ALPR privacy policy on their website.

Any driver who learns that his personal information has been misused may file a civil lawsuit against the officer or camera company employee who unlawfully accessed location data. A judge may award damages of no less than $2500 for each instance of reckless or willful disregard of the law.

A city that wants to use cameras may no longer install them without first holding a public meeting and inviting public comment. If hackers obtain the database containing the history of where everyone drives in the city, the police agency would be required to disclose the security breach.

A copy of the new law is available in a 500k PDF file at the source link below.