Score: -4 (0/10/4)

Sacramento County Grand Jury • 2023-2024

Keep Your Eyes Off My Privacy!

Published: October 27, 2023 9 pages

View Original PDF

⚠️ Translation Notice: This content has been automatically translated. The original English text is the official version. Translation may contain errors.

⚠️ Este contenido ha sido traducido automáticamente. El texto original en inglés es la versión oficial. La traducción puede contener errores.

Findings and Recommendations 5 findings

SSO’s practice of sharing ALPR information with out-of-state entities violated SB 34 and unreasonably risked the aiding of potential prosecution by the home-state of women who traveled to California to seek or receive healthcare services. (R1)

No recommendations for this finding

The practice of the SPD to share ALPR information with out-of-state entities violates SB 34 and unreasonably risks the aiding of potential prosecution by the home state of women who have traveled to California to seek or receive healthcare services. (R2)

Related Recommendations (2)

The SSO should update and post its policies and procedures conspicuously on its website to reflect its change in policy to no longer share ALPR data with out- of-state LEAs or the federal government no later than October 1, 2024. (F2)

The SPD should comply with the Attorney General’s Information Bulletin dated October 27, 2023 regarding the compliance with SB 34 requirements prohibiting California LEAs from sharing ALPR information with private entities or out-of- state or federal agencies, including out-of-state and federal law enforcement agencies, as the other LEAs in Sacramento County have done, no later than January 1, 2025. (F2)

SSO’s failure to require case number entries with sufficient specificity to track the validity of the request puts ALPR information at risk for unauthorized access, misuse, or disclosure. (R3)

Related Recommendations (1)

The SSO and other Sacramento County ALPR system administrators should require sufficient and verifiable information which will enable complete and accurate audits on all ALPR data requests no later than January 1, 2025. (F3)

SSO conducts periodic cursory internal audits of their data, equipment, and processes that do not adequately protect an individual’s privacy. The audits are not scheduled or consistent, thereby raising the risk of misuse and abuse of the data. (R4)

Related Recommendations (1)

The SSO should administer quarterly internal audits of ALPR data requests to include user searches and utilize a third-party, external entity to conduct annual audits beginning January 1, 2025. Audit results should be posted conspicuously on the agencies website no later than thirty days after each internal and external audit. (F4)

SB 34 requires local LEAs to make their ALPR policies available to the public and post it conspicuously on the agency’s website. The failure of most local LEAs to clearly post ALPR policies that can be easily found by the public is noncompliant with California state law. (R5)

Related Recommendations (1)

All Sacramento LEAs should ensure that their ALPR policies are made available to the public and posted conspicuously on the agencies’ websites no later than January 1, 2025. (F5)

Agency Responses 4

Government agencies' official responses to this report's findings and recommendations. Click on a response to see the structured breakdown.

Sacramento City Police Department

August 08, 2024 • 1 pages View Details ▾

PDF

Sacramento City Police Department

August 08, 2024 • 1 pages View Details ▾

PDF

Sacramento County Sheriff's Office

August 12, 2024 • 3 pages • 8 responses • Score: -2 (+0, 5, -2) View Details ▾

PDF

8 responses to findings and recommendations

Response: Disagree Score: -1

The SSO disagrees with the findings. We do not allow out-of-state or Federal agencies access to our ALPR information. The SSO is committed to using ALPR technology for legitimate law enforcement purposes and in compliance with the 2020 audit report. REFER ALL CORRESPONDENCE TO SHERIFF'S OFFICE • 4500 ORANGE GROVE AVENUE • SACRAMENTO, CA 95841-4205 Finding 3: SSO's failure to require case number entries with sufficient specificity to track the validity of the request puts ALPR information at risk for unauthorized access, misuse, or disclosure.

Response: Unknown

Score: 0

The recommendation has not been implemented. SSO does not allow out-of-state or Federal agencies access to our ALPR data. Per this reccommendation we have added a policy amendment to reflect "in compliance with the law." Recommendation 3: The SSO and other Sacramento County ALPR system administrators should require sufficient and verifiable information which will enable complete and accurate audits on all ALPR data requests no later than January 1, 2025.

SSO’s failure to require case number entries with sufficient specificity to track the validity of the request puts ALPR information at risk for unauthorized access, misuse, or disclosure. (R3)

Response: Disagree Partially Score: 0

The SSO disagrees partially with the finding. All users must enter a case number or reason for their inquiry. There is no mechanism in the system to bypass user error. Training and audits are the only available means to ensure justification and, if applicable, case information. Finding 4: SSO conducts periodic cursory internal audits of their data, equipment, and processes that do not adequately protect an individual's privacy. The audits are not scheduled or consistent, thereby raising the risk of misuse and abuse of the data.

Response: Implemented

Score: 0

The recommendation has been implemented. All users must enter a case number or reason for the inquiry. Regular audits are conducted to ensure this process is being completed properly. Users are admonished and assigned training to safeguard the proper use of the system. Training and audits are the only means available to ensure justification and, if applicable, case information. Recommendation 4: The SSO should administer quarterly internal audits of ALPR data requests to include user searches and utilize a third-party, external entity to conduct annual audits beginning January 1, 2025. Audit ...

Response: Disagree Partially Score: 0

The SSO partially disagrees with the findings. SSO currently conducts annual audits, which are scheduled at regular intervals. Finding 5: SB 34 requires local LEAs to make their ALPR policies available to the public and post it conspicuously on the agency's website. The failure of most local LEAs to clearly post ALPR policies that can be easily found by the public is noncompliant with California state law.

Response: Requires Analysis

Score: 0

: The SSO should administer quarterly internal audits of ALPR data requests to include user searches and utilize a third-party, external entity to conduct annual audits beginning January 1, 2025. Audit results should be posted conspicuously on the agencies website no later than thirty days after each internal and external audit. Response to Recommendation 3: The recommendation requires further analysis to determine the feasibility of an external third-party audit. Concerns with a third-party audit would be potential costs and possible policy violation of "need-to-know, right-to-know" for acces...

Response: Disagree Score: -1

The SSO disagrees with the findings. SSO ALPR policy is posted online under our transparency page. A "Sacramento Sheriff ALPR" web search will direct you to our current policy.

All Sacramento LEAs should ensure that their ALPR policies are made available to the public and posted conspicuously on the agencies’ websites no later than January 1, 2025. (F5)

Response: Implemented

Score: 0

The recommendation has been implemented. SSO has an ALPR policy online. A "Sacramento Sheriff ALPR" web search will map directly to our current policy. The SSO is required by law to post all of its policies on-line in a conspicuous place. We currently have over 400 policies on-line. These policies consist of many high priority topics such as Use of Force, transparency, bias policing, and Corrections policies that fall under the Mays Consent Decree. They are all searchable and available to the public. It is unreasonable to place one policy over the importance of another in a stand-alone format....

Sacramento County Sheriff's Office

August 12, 2024 • 3 pages • 8 responses • Score: -2 (+0, 5, -2) View Details ▾

PDF

8 responses to findings and recommendations

Response: Disagree Score: -1

Response: Unknown

Score: 0

SSO’s failure to require case number entries with sufficient specificity to track the validity of the request puts ALPR information at risk for unauthorized access, misuse, or disclosure. (R3)

Response: Disagree Partially Score: 0

Response: Implemented

Score: 0

Response: Disagree Partially Score: 0

Response: Requires Analysis

Score: 0

Response: Disagree Score: -1

The SSO disagrees with the findings. SSO ALPR policy is posted online under our transparency page. A "Sacramento Sheriff ALPR" web search will direct you to our current policy.

All Sacramento LEAs should ensure that their ALPR policies are made available to the public and posted conspicuously on the agencies’ websites no later than January 1, 2025. (F5)

Response: Implemented

Score: 0