Full Report
Police in El Cajon, California, searched their Flock Safety database of license plate activity on behalf of multiple out-of-state entities — in violation of California law — according to Attorney General Rob Bonta.
Analysis Summary
# Regulation/Compliance: California Law Regarding Out-of-State ALPR Database Searches
## Overview
This summary pertains to regulatory enforcement action taken by the California Attorney General (AG) against a local city (El Cajon) for allegedly violating state law by allowing law enforcement officers to conduct Automated License Plate Reader (ALPR) database searches on behalf of police agencies outside of California. The core issue is the legality of exporting or making available California resident data stored in ALPR databases to out-of-state entities.
## Key Details
- **Issuing Authority:** California Attorney General (Rob Bonta) acting on behalf of the State of California.
- **Effective Date:** The specific date of the underlying law being enforced is not provided, but the lawsuit was filed on **October 3rd, 2025**.
- **Jurisdiction:** State of California, specifically concerning the operations of municipal police departments within California.
- **Status:** Legal action (suit/lawsuit) is **In Effect**, seeking a court order to cease the practice and clarify statutory interpretation.
## Requirements
### Mandatory Requirements
1. **Prohibition on Out-of-State Searches:** California law mandates that officers must **not** check or search ALPR databases (such as the Flock Safety database) on behalf of federal law enforcement or police agencies outside of the state.
2. **Adherence to State Data Usage Rules:** Data pertaining to Californians, once collected, must remain subject to California's oversight regarding its use and sharing; allowing out-of-state access violates this principle.
3. **Cease and Desist Compliance:** Organizations must immediately cease any practice where ALPR data is searched or provided to external agencies located outside of California upon being formally notified of a potential violation by the Attorney General.
### Recommended Practices
1. **Internal Audits:** Conduct audits of ALPR database queries to ensure searches are strictly limited to investigations authorized under California state law and do not involve requests originating from or intended for use by out-of-state agencies.
2. **Policy Clarification:** Proactively seek clarification from the Attorney General's office regarding the precise interpretation of the state law concerning the sharing or searching of ALPR data with external parties.
## Affected Organizations
- **Industries:** Law Enforcement Agencies, Municipal and County Governments (specifically police departments utilizing ALPR technology like Flock Safety).
- **Organization Size:** Not explicitly defined by size, but any California entity utilizing ALPR databases for law enforcement functions is affected.
- **Geographic Scope:** State of California.
## Compliance Timeline
- **Prior to Oct 3, 2025:** AG's office requested officials cease the searches.
- **October 3rd, 2025:** Lawsuit filed, initiating the formal legal timeline for compliance.
- **To Be Determined:** Court ruling to clarify the statutory interpretation and mandate compliance cessation.
## Implementation Guidance
### Assessment Phase
- Immediately conduct a forensic review of ALPR database logs (e.g., Flock Safety) to identify the volume and recipient jurisdiction of searches performed by officers on behalf of non-California agencies.
### Implementation Phase
- Update Standard Operating Procedures (SOPs) for all personnel accessing ALPR databases to explicitly prohibit searches requested by or intended for use by out-of-state or federal entities.
- Implement technical controls, if possible, to restrict the source or intended recipient endpoint of database queries to within the authorized jurisdiction.
### Validation Phase
- External legal review of updated ALPR access policies to ensure alignment with the AG's interpretation of state law.
- Periodic internal technical validation of query logs to confirm adherence to the new SOPs.
## Technical Requirements
- **Data Segregation/Control:** Controls must be in place to manage where the data collected by ALPRs (images, timestamps, locations) is accessible.
- **Query Origin/Destination:** Technical mechanisms should log and restrict database queries to authorized personnel and for purposes strictly compliant with California mandates (i.e., blocking external access requests).
## Penalties & Enforcement
- **Fines:** Not specified in the article, but the action is a civil suit seeking injunctive relief. Penalties in such enforcement actions typically involve mandatory compliance, potential statutory damages, and payment of the State’s legal costs.
- **Other Consequences:** Court-ordered cessation of the alleged illegal activity and a formal judicial ruling establishing the correct interpretation of the controlling state statute. This sets a binding precedent for all other California law enforcement agencies.
- **Enforcement:** Direct legal enforcement by the California Attorney General’s office via civil litigation in court.
## Related Standards
- **California State Statutes Governing ALPR Data:** The enforcement is based on specific (though unnamed in the summary) California laws restricting data sharing, often related to general privacy or surveillance technology usage statutes.
- **Public Trust/Privacy Principles:** The AG’s action references the need to maintain "public trust," aligning with broader data governance and privacy expectations for government agencies.
## Resources
- **Official Documentation:** The specific legal complaint filed by the AG: [link provided in article: oag.ca.gov/system/files/attachments/press-docs/El%20Cajon%20Complaint%20-%20Filed%2010.3.25.pdf] (Note: Link is defanged as per instructions).
- **Guidance Documents:** Subsequent guidance or clarification issued by the AG's office following the lawsuit filing.
- **Tools:** Monitoring tools used by agencies like Flock Safety to track cross-jurisdictional data access.
## Practical Recommendations
1. **Review Data Sharing Agreements:** Immediately review all agreements related to ALPR data sharing, especially those involving third-party vendors or out-of-state law enforcement agencies.
2. **Consult Legal Counsel:** Seek immediate counsel regarding the specific California statute cited in the AG's complaint to understand the precise legal parameters of data accessibility.
3. **Prioritize Trust:** Acknowledge that data handling practices that appear benign but violate jurisdictional boundaries erode public trust, making strict adherence to local law paramount.