Audit criticizes privacy of some California police data

The "Follow This Story" feature will notify you when any articles related to this story are posted.

When you follow a story, the next time a related article is published — it could be days, weeks or months — you'll receive an email informing you of the update.

If you no longer want to follow a story, click the "Unfollow" link on that story. There's also an "Unfollow" link in every email notification we send you.

This tool is available only to subscribers; please make sure you're logged in if you want to follow a story.

Please note: This feature is available only to subscribers; make sure you're logged in if you want to follow a story.


SACRAMENTO — Four police departments in California have compiled massive amounts of data while tracking drivers' movements through their jurisdictions, but a new audit says those agencies aren't following the law when it comes to protecting people's privacy.

California Auditor Elaine Howle on Thursday released a review of the policies and procedures with automated license plate readers at the police departments in Los Angeles and Fresno and sheriff's offices in Marin and Sacramento counties. She found the agencies have not fully implemented a 2016 state law designed to protect privacy.

The readers photograph drivers' license plates at various points throughout a police department's jurisdiction. The department then stores that information and uses it to find stolen cars, people wanted for crimes or to seek out witnesses and missing persons.

The Los Angeles Police Department, one of the largest law enforcement agencies in the country, has accumulated more than 320 million images of vehicle license plates that include dates, locations, times plus names, addresses, birthdays and criminal charges.

Only 400,000 of those images have matched the departments' list of stolen vehicles or vehicles associated with criminal investigations. But the department keeps all of those images for at least five years. Plus, it does not have a policy governing use of its automated license plate readers, despite state law requiring they have one.

Of the four agencies reviewed, Auditor Elaine Howle said the LAPD was the “most lax in its approach” to granting access to the system. She said the department installs the software on all staff computers, regardless of whether the person has had training, noting the American Civil Liberties Union has said that could make it easier for people to abuse the system by possibly tracking ex-spouses, neighbors or other associates.

“The audit findings are deeply disturbing and confirm our worst fears about the misuse of this data,” said state Sen. Scott Wiener, a Democrat from San Francisco and one of the lawmakers who had requested the audit.

In a letter responding to the audit, LAPD Chief Michael R. Moore said the department continuously reviews who has access to the system and deactivates accounts for people who have left the department. He said they allow all employees to access the system if they have had training.

Moore said the department's “day-to-day operations and procedures” account for privacy concerns, but said the agency is developing a policy to govern use of its automated license plate readers. He said the policy will be finished by April and posted on the department's website.

Moore also said the department will assess the systems' security features and will perform periodic audits to make sure the policy is followed.

“The Los Angeles Police Department (LAPD) has the utmost respect for individuals' privacy,” Moore wrote.

The other three agencies covered in the report did have policies governing their automated license plate readers, but Howle said the policies did not fully implement all of the requirements mandated by state law.

The audit found Fresno and Marin share data from their automated license plate readers with hundreds of entities while Sacramento shares its data with more than a thousand entities across the country. Auditors found no evidence the agencies always know who was accessing the data.

“We are concerned that unless an agency conducts verifying research, it will not know who is actually using the ALPR images and for what purpose,” the auditors wrote.

Marin County Deputy Counsel Kerry Gerchow said the sheriff's department uses a third-party vendor to manage its software, and that vendor shares the information with law enforcement agencies that have been approved by the FBI.

In a letter to Howle, Fresno Police Chief Andrew J. Hall said the department is already revising its policy. He said the agency has suspended most of its data sharing and now only shares images with bordering states. He also said the department would change its policy to retain images for six months instead of a year.

“Building trust in our community is paramount to our agency," Hall wrote.

Sacramento County Sheriff Scott Jones wrote that while he cooperated with the audit, he felt “concern that there was a bias toward a particular outcome, intended or otherwise.”

Howle said Jones' “concern about bias is unfounded,” saying the office follows “quality control procedures on every audit that ensure that we have sufficient and appropriate evidence to support our findings and conclusions.”

Please read our commenting policy
  • No profanity, abuse, racism or hate speech
  • No personal attacks on other commenters
  • No spam or off-topic posts
  • Comments including URLs and media may be held for moderation
Send a letter to the editor
*** The system is currently unable to accept new posts (we're working on it) ***

Our Network

Sonoma Index-Tribune
Petaluma Argus Courier
North Bay Business Journal
Sonoma Magazine
Bite Club Eats
La Prensa Sonoma
Emerald Report
Spirited Magazine