Automated license plate recognition systems.

Senator Cervantes proposes new restrictions and accountability measures for automated license plate recognition (ALPR) systems through legislation limiting data retention and strengthening privacy protections. The bill establishes a 60-day maximum retention period for ALPR data that does not match authorized hot lists and requires deletion of such data within 14 days after that period starting January 2026.

Law enforcement agencies may only use ALPR information to locate vehicles or persons reasonably suspected of criminal activity. The legislation mandates comprehensive security protocols, including supervisory approval for data access, authentication requirements, and mandatory privacy training for employees handling ALPR information. Public agencies must implement detailed usage policies identifying authorized purposes and maintain records of all system access, including case file numbers justifying queries.

The Department of Justice will conduct annual random audits of public agencies operating ALPR systems to verify compliance with usage and privacy requirements. The bill creates a civil cause of action for individuals harmed by unauthorized access or security breaches, allowing recovery of actual damages, punitive damages, and attorney fees. While transportation agencies are exempted from certain provisions, the legislation applies to all other public agencies statewide, including charter cities, with state reimbursement available for mandated local costs.