California Civil Code
An ALPR end-user shall do all of the following:
(a) Maintain reasonable security procedures and practices, including operational, administrative, technical, and physical safeguards, to protect ALPR information from unauthorized access, destruction, use, modification, or disclosure.
(A) The authorized purposes for accessing and using ALPR information.
(B) A description of the job title or other designation of the employees and independent contractors who are authorized to access and use ALPR information. The policy shall identify the training requirements necessary for those authorized employees and independent contractors.
(C) A description of how the ALPR system will be monitored to ensure the security of the information accessed or used, and
compliance with all applicable privacy laws and a process for periodic system audits.
(D) The purposes of, process for, and restrictions on, the sale, sharing, or transfer of ALPR information to other persons.
(E) The title of the official custodian, or owner, of the ALPR information responsible for implementing this section.
(F) A description of the reasonable measures that will be used to ensure the accuracy of ALPR information and correct data errors.
(G) The length of time ALPR information will be retained, and the process the ALPR end-user will utilize to determine if and when to destroy retained ALPR information.