License Plate Recognition Data Management Principles: June 2018
Stanford University (“Stanford”) and Stanford Transportation appreciate your interest in the privacy and confidentiality of your information. We take protecting your privacy seriously. Please read the following to learn more about the data management principles we use to manage and safeguard information collected when you participate in Stanford Transportation programs that use License Plate Recognition (LPR) data.
As of June 2018, Stanford Transportation will be upgrading its database to a new parking permit management application, which incorporates license-plate recognition (LPR) technology as its parking enforcement system. With this system, license plates replace physical parking permits for many Stanford affiliates who pay to park at the university and in lots and garages managed by Stanford Transportation. Cameras, which are hand-held or affixed to enforcement vehicles, record the license plates of vehicles parked on campus for parking enforcement and parking utilization assessment purposes.
While it is legal to record the time and location of a vehicle, we understand that some people may have data privacy concerns about LPR systems. To address these concerns, along with the increased attention to data security and privacy, Stanford Transportation is providing its data management principles.
This document presents the set of data management principles Stanford Transportation uses for data produced by its LPR program. The principles are based on Stanford University data management policies and has been informed by LPR data management practices from the American Civil Liberties Union (ACLU) and International Association of Chiefs of Police (IACP). In addition, our program is consistent with Santa Clara County’s Automated License Plate Recognition Policy.
Data Management Principles
Stanford Transportation will retain license plate and personal data in a secure and private manner, including utilizing Cloud Infrastructure (Microsoft Azure), which is approved by Stanford for high-risk data.
As with all personally identifiable data at Stanford, data collected through an LPR system will be managed with the appropriate security measures in place. The data will be managed in ways that are consistent with Stanford University’s “High Risk” data classification, including storing data in a system approved by Stanford for this classification.
The LPR data will not be used for any of the unauthorized Stanford Services. This classification specifies that access be limited to those with a need to know. Only Stanford Transportation management and staff in the Data Analysis and Customer Systems group who have been trained in data security will have access to the data.
The existing process of associating a license plate with a permit holder, will continue to be done by enforcement officers or contractors. In addition, to ensure the highest level of privacy for vehicle owners/permit holders whose license plates are recorded and stored (both those cited and those parked legally), there will be strict separation between the license plate data storage and the customer information databases Stanford Transportation operates.
Focused Collection and Use
The enforcement process scans license plates for vehicles parked in Stanford-enforced parking areas. License plates are publicly available, and scanning occurs one vehicle and one area at a time, similar to the current process of inspecting permits in windshields. Once collected, vehicle information is retained for a limited time, no longer than one year, unless longer retention is required due to investigations or legal requirements.
Stanford Transportation will only collect, store, and use data for parking and transportation program-related uses or to comply with University policy or the law. These include, but are not limited to, parking lot utilization patterns, permit usage statistics, enforcement and enforcement efficiency studies, general permit compliance reviews, and daily vehicle relocation patterns.
All access to the cloud-based license plate data will require individual logins, which provide added security, tracking and accountability of those who access the data. These practices will limit access to the data by staff, while also logging and tracking all access made to LPR data.
Stanford Transportation does not sell or license your identifiable data to any third parties for any other purpose. Aggregated LPR data (e.g., number of vehicles parked over time rather than which vehicles are parked) may be shared for research and program management purposes.
No other Stanford department will have access to personally identifiable data nor will they receive information about specific individuals for punitive or other purposes. This includes any requests by managers, Human Resources, or other departments to see the parking records of employees.
LPR data are collected on University managed or owned streets, parking lots and structures, as well as any location associated with a current university lease.
Stanford Transportation will utilize mobile vehicle-mounted systems and/or handheld devices, which are mounted, driven or operated by trained personnel in parking locations throughout the university and associated Stanford parking enforcement areas covered by this policy.
Stanford Transportation is publishing its LPR data management practices and making its approach to LPR available to the public.
Stanford Transportation will maintain a description of its LPR data management practices on its website. The statement will include the data collection and use principles and specifics about who does and does not have access to the data. Stanford Transportation will report its usage of the data publicly annually. The statement will be updated when any practices are changed.