Senate Counsel, Research
and Fiscal Analysis
Minnesota Senate Bldg.
95 University Avenue W. Suite 3300
St. Paul, MN 55155
(651) 296-4791
Tom Bottern
Director
   Senate   
State of Minnesota
 
 
 
 
 
S.F. No. 86 - Automated License Plate Readers - Conference Committee Report
 
Author: Senator Ron Latz
 
Prepared By:
 
Date: May 18, 2015



 

This bill provides for the classification and destruction of data collected by automated license plate readers and establishes protocols and procedures for their use and access to the data.

Section 1 Arrest data. Expands data that are public to include data on whether an automated license plate reader was used as part of the arrest, unless that information would jeopardize an ongoing investigation. This disclosure is currently required when a wiretap or other eavesdropping technology is used.

Section 2 Use of surveillance technology. Provides that the existence of all technology maintained by a law enforcement agency that may be used to electronically capture the activities of the general public, or of an individual or group of individuals, is public data.

Section 3 Automated license plate readers. Regulates and classifies data related to automated license plate readers.

Subd. 1. Definition. Defines “automated license plate reader.”

Subd. 2. Data collection; classification; use restrictions. Paragraph (a) restricts the types of data that may be collected from an automated license plate reader to:

(1) license plate numbers;

(2) date, time, and location data on vehicles; and

(3) pictures of license plates, vehicles, and areas surrounding the vehicles.

Paragraph (b) classifies automated license plate reader data as private or nonpublic data, unless the data are arrest, request for service, or response or incident data (which are public under current law), or active criminal investigative data (which are confidential or protected nonpublic).

Paragraph (c) prohibits use of databases beyond the Minnesota license plate data file for matching, unless the additional sources of data relate to an active criminal investigation.

Paragraph (d) prohibits the use of a reader to monitor or track an individual who is the subject of an active investigation unless authorized by warrant issued upon probable cause or exigent circumstances justify the use without a warrant.

Subd. 3. Destruction of data required. Paragraph (a) requires destruction of data within 60 days from the date of collection unless the data are active criminal investigative data.

Paragraph (b) includes an exception to the data destruction requirement if the agency receives a written preservation request stating that the data may be used as exculpatory evidence in a criminal proceeding.

Paragraph (c) includes special provisions for data on a participant in the Safe at Home address confidentiality program. The data must be destroyed at the time of collection or upon receipt of a request, whichever is later. The existence of a request by a Safe at Home participant is private.

Paragraph (d) provides that inactive investigative data are subject to destruction according to the standard data retention schedule adopted by the agency.

Subd. 4. Sharing among law enforcement agencies. Paragraph (a) requires a requesting law enforcement agency to meet the standards for seeking access to data in subdivision 7.

Paragraph (b) provides that a receiving agency must comply with all requirements of the law related to data classification, destruction, and security.

Paragraph (c) provides that data not related to an active investigation may not be shared with, disseminated to, sold, or traded with any other entity unless explicitly authorized by law.

Subd. 5. Log of use required. Paragraph (a) requires law enforcement agencies to maintain a public log of the use of an automated license plate reader. The log must include specific times of day that the reader actively collected data and a list of databases with which the data were compared, unless the existence of the database is not public; aggregate number of vehicles or license plates on which data were collected for each period of active use; number of vehicles or plates in specified “hit” categories for each period of active use; and for a reader at a stationary location, the location at which it collected data.

Paragraph (b) requires a law enforcement agency to maintain a list of current and previous locations of automated license plate readers and other surveillance devices with automated license plate reader capability. The list is public, unless the agency determines the data are security information. A determination that data are security information is subject to in camera judicial review.

Subd. 6. Biennial audit. Paragraph (a) requires a law enforcement agency to maintain records showing the date and time data were collected and the applicable classification. The agency must arrange for an independent, biennial audit of the records to determine whether data are classified and destroyed as required and to verify compliance with subdivision 7. If the commissioner of administration believes that an agency is not complying with the law, the commissioner may order the agency to arrange for additional audits.

Paragraph (b) provides that the results of the audit are public. The commissioner of administration must review the audit. If the commissioner determines that there is a pattern of substantial noncompliance with the law, based on the results of the audit, the agency must suspend operation of automated license plate readers until the commissioner has authorized reinstatement of their use. An order of suspension would be made by the commissioner upon review of the audit results, the current law, and providing the agency an opportunity to respond.

Paragraph (c) requires a report summarizing each audit to be provided to the commissioner of administration, the legislature, and the legislative commission on data practices and personal data privacy.

Subd. 7. Authorization to access data. Paragraph (a) requires a law enforcement agency to comply with sections 13.05, subdivision 5 (data protection and security policy requirements) and 13.055 (data breach notification requirements) in the operation of an automated license plate reader and access to data.

Paragraph (b) requires the responsible authority to establish written procedures to ensure that personnel have access to the data only if authorized in writing by the head of the law enforcement agency to obtain access for a legitimate, specified, and documented law enforcement purpose. Access must be based on a reasonable suspicion that the data are pertinent to a criminal investigation and must include a record of the factual basis for the access.

Paragraph (c) provides that the ability to enter, update, or access data must be limited through the use of role-based access. Training and audit trail requirements are included.

Subd. 8. Notification to Bureau of Criminal Apprehension. Paragraph (a) requires law enforcement agencies to notify the Bureau of Criminal Apprehension (BCA) within ten days of installation or use of an automated license plate reader or integration of automated license plate reader technology into another surveillance device. The notification must include the fixed location of any stationary readers.

Paragraph (b) requires the BCA to maintain a public list of agencies using license plate readers or other devices with automated license plate reader technology, and locations of their use, on its website, unless the law enforcement agency determines that the data are security data. A determination that the data are security data is subject to in camera judicial review.

EFFECTIVE DATE. This section is effective August 1, 2015. Data collected before the effective date must be destroyed within 15 days of the effective date, if destruction would otherwise be required by the new law.

Section 4 Automated license plate reader policy. Requires law enforcement agencies to establish and enforce a written policy governing automated license plate readers. At a minimum, the agency’s policies and procedures must include the requirements in law, including those provided in section 3, and the employee discipline standards for unauthorized access to data, provided under current law.

EFFECTIVE DATE. This section is effective August 1, 2015. Chief law enforcement officers must adopt the agency policy by January 15, 2016.

 
Check on the status of this bill
 
Back to Senate Counsel and Research Bill Summaries page
 

 
This page is maintained by the Office of Senate Counsel, Research, and Fiscal Analysis for the Minnesota Senate.
 
Last review or update: 05/18/2015
 
If you see any errors on this page, please e-mail us at webmaster@senate.mn