Limit Data Retention Periods
Less is more.
There are many reasons why data retention limits are important. Usually, more is better. But in the case of surveillance data, keeping too much for too long can be problematic:
- It creates a security risk as more data creates a bigger target that is vulnerable to misuse or being compromised by hackers.
- It increases the risk that private companies will acquire and publish surveillance data to commercial databases.
- It can potentially be combined with data from other sources, searched, and “mined” to produce detailed profiles of innocent people.
- It can become difficult and time-consuming to process, search through, and use – especially a problem in responding to public disclosure requests.
- Too much data is expensive to store and back up.
These are just a few of the concerns that arise when a strict surveillance data retention policy is not enforced. Limiting data retention can protect privacy, reduce costs, and improve the data’s usefulness for valid law enforcement purposes.
The best solution is to immediately delete any data that is not needed for an investigation before it is stored. Surveillance systems that can compare data against watchlists and reject all unneeded data should be configured to do so. This will help protect innocent individuals from a number of harms that arise from the use of surveillance technologies.
When that is not technologically possible, policies should limit the retention of data to the shortest time needed for processing. Data not needed for an investigation should be securely deleted after the retention period is over. Furthermore, the retention period should be reviewed and shortened as technological advances make it possible to identify and discard unneeded data as it is collected.
Examples of Use
- Location::Seattle, WASeattle Police Dither on ALPR Policy
The Seattle Police Department has put together a “pilot program” fleet of at least 12 mobile ALPR units, funded in large part by over $132,000 in grants from the Department of Justice. The SPD claims they follow an informal policy of deleting captured plate data on innocent people after 90 days. However, a public records request by the ACLU-WA in 2012 recovered over three years of plate reads retained during a pilot program. (SPD cameras scanned one car 81 times, painting an intricate picture of one driver’s daily life.) A more recent public records request turned up over 1.7 million individual data points, more than triple the number of registered cars in the city. The SPD still has no formal policy on how long data on ordinary people may be stored, nor any rules on how this data may be shared. As long as the data remains unregulated, the sensitive location information of Seattle drivers remains at serious risk. All new surveillance technologies – especially those in the experimental stage – should be accompanied by carefully crafted, formal policies to govern their use and protect private information.