Commitment to ALPR Data Privacy
ALPR technology can strengthen public safety without compromising civil liberties.
Leonardo U.S. Cyber & Security Solutions is reaffirming our commitment to data privacy and security in our ELSAG automatic license plate recognition (ALPR) technology. As a trusted partner to law enforcement and communities for over 20 years, we emphasize that customers maintain complete control over their ALPR data, backed by robust audit capabilities and strict data retention policies. This approach directly addresses civil liberty concerns raised by organizations like the ACLU and EFF, ensuring that public safety technology is deployed responsibly and in full compliance with CJIS, GDPR, and state/local privacy laws.
Customer Ownership and Control of Data
Your data, your rules. Our policy is clear: the ALPR data collected by our systems belongs solely to the customer agency. Unlike other platforms that aggregate or monetize surveillance data, we never accesses, shares, or sells customer data without explicit authorization. By design, any license plate scans, images, or related information are stored on servers at each customer or are in a siloed cloud storage environment that is dedicated to the customer. Each agency’s data is segregated into its own secure repository – never pooled into a nationwide database – so no outside entity or other jurisdiction can access it by default. Any sharing of data is entirely opt-in: if an agency chooses to collaborate with neighboring jurisdictions, it can do so on its own terms, with full control over what is shared and with whom. This data sovereignty approach ensures that communities decide how their data is used, preventing the kind of unwarranted mass-surveillance networks that privacy advocates warn against. In short, we put ownership and control squarely in the customer’s hands, reinforcing our core belief that “it’s simple – you own your data.”
Enhanced Access Controls and Authentication
Leonardo’s ALPR back-office environment includes enhanced access controls designed to protect against unauthorized use and reinforce system security. The Enterprise Operations Center (EOC) supports multi-factor authentication (MFA), providing an additional layer of protection beyond usernames and passwords. MFA aligns with FBI CJIS Security Policy requirements, including support for phishing-resistant authentication methods, and with NIST Authenticator Assurance Level 2 (AAL2) best practices.
In addition, Leonardo software employs a role-based permissions model consistent with CJIS best practices and the principle of least privilege. Agencies can define user roles and assign access rights based on operational responsibilities, ensuring sensitive data and system functions are only available to authorized personnel. These controls help agencies enforce internal policies, reduce risk, and maintain compliance.
Transparency, Auditability and Accountability
We understand that maintaining public trust requires more than just promises – it requires verifiable accountability. Our ALPR systems include comprehensive auditing and logging features that track every access, query, and action on the data. Authorized users must log in with credentials, and administrators can review detailed audit logs to see who accessed data and for what purpose. These audit trails create transparency for agency leadership, oversight boards, or auditors to ensure the technology is used only for legitimate, lawful purposes. We configure our software to support agency policies requiring officers to document search reasons or case numbers, and we make those logs readily available for review.
While some surveillance platforms have been criticized for a “hands-off” approach to misuse, we take a different stance: we partner with our customers to uphold proper use. We work with each agency’s designated compliance officers to set appropriate user permissions and usage policies from day one. Through this collaborative approach, law enforcement leaders, privacy advocates, and community oversight bodies can have confidence that our ALPR technology comes with built-in transparency and oversight mechanisms. Every scan or search is accountable – leaving no room for secretive or unauthorized surveillance activity.
Responsible Data Retention Policies
Data retention is a critical aspect of privacy. We empower each customer to determine how long ALPR data is stored, in alignment with local laws and community standards. By default, we do not retain data longer than necessary. Agencies can configure automatic deletion intervals (e.g. 30 days, 6 months, 1 year, etc.) to ensure that license plate data isn’t kept indefinitely on our systems. This means the technology cannot quietly “hoard” years’ worth of location traces on innocent motorists – a practice the ACLU has flagged as a major privacy risk in the industry. Instead, data retention is purpose-driven and limited: if data is not actively being used for an investigation or permitted purpose, it can and should be purged per policy.
Our cloud storage solution was built with these principles in mind. If an agency uses our CJIS-compliant cloud, they set the retention schedule, and the system will automatically enforce it. Furthermore, if a customer decides to discontinue using our service, we facilitate a seamless transition: data can be exported and then deleted, with no “lock-in.” We even provide a 90-day grace period (subject to the agency’s retention policy) for the agency to retrieve or transfer their data before it is securely wiped from the hosted service. By giving customers granular control over retention, we ensure that ALPR data never outlives its legitimate use, addressing concerns about unwarranted long-term surveillance.
Rigorous Security and Legal Compliance
We are committed to the highest standards of data security and legal compliance, making us a safe choice for agencies and a responsible custodian of sensitive information. Our entire ALPR platform and cloud infrastructure are designed to be FBI CJIS Security Policy-compliant, meeting or exceeding the stringent requirements for criminal justice information systems. All data in the ELSAG Cloud is encrypted both in transit and at rest, leveraging proven AWS Government Cloud security measures and independent third-party validations. We also require background checks for any personnel who might come into contact with criminal justice data as part of technical support, ensuring trust at every level.
In addition, we adhere to global privacy principles. We follow best practices inspired by regulations like the EU’s GDPR to protect personal data rights, such as data minimization, purpose limitation, and prompt breach notification, where applicable. For international clients or those operating under GDPR, we are able to host data on premises or in regional data centers and can implement additional safeguards to meet local data protection requirements.
Critically, state and local laws governing ALPR use are built into our deployment process. We conduct thorough site surveys and works hand-in-hand with agencies to ensure each installation complies with all local ordinances and state statutes on privacy and data handling. Whether it’s a state-imposed limit on retention, a prohibition on certain types of data sharing, or requirements for public notice and policy, our team helps agencies configure the system accordingly.
Our philosophy is simple: lawful technology use is the only acceptable use. We even have procedures for responding to legal requests for data – if a court order or subpoena demands data, we will notify the customer (unless legally barred) and never simply hand over information without valid legal due process. By proactively embracing security and compliance – from CJIS to GDPR and local privacy mandates – we stand out as a vendor that won’t cut corners when it comes to protecting civil liberties and upholding the law.
A Trusted Partner Balancing Safety and Privacy
Our approach to automated license plate recognition demonstrates that it is possible to combat crime and enhance public safety without compromising fundamental privacy rights. We have carefully engineered our ALPR solutions to avoid the pitfalls that have put other surveillance companies in the spotlight. For example, recent reports by civil liberties organizations have exposed how some ALPR services built “dangerous nationwide mass-surveillance” systems that expanded far beyond their original purpose – even enabling uses like immigration tracking and dragnet monitoring that alarm communities. We reject that model. We do not operate a vast centralized camera network that any officer nationwide can tap into at will. Instead, we champion localized control, transparency, and restraint.
Our systems are tools in the hands of responsible law enforcement agencies – and those agencies, in turn, answer to their communities. By ensuring the data remains local, protected, and subject to oversight, we effectively counterbalance the concerns raised by privacy advocates. When agencies choose Leonardo, they choose a provider that is fully committed to ethical technology use and to partnering with customers to enforce safeguards.
In an era when public trust is essential for successful policing, we are proud to be the privacy-conscious technology partner for agencies nationwide. We believe that respecting privacy isn’t just the right thing to do – it also builds community confidence and legitimacy for law enforcement initiatives. Our license plate recognition solutions are built on the principle of trust: trust that the data will be handled with care, trust that the system won’t be misused, and trust that we will stand behind these commitments.
With complete customer control over data, enhanced access controls, authentication, and rigorous audit and retention policies, and unwavering compliance with all legal standards, our ELSAG ALPR technology offers a responsible path forward. Together with law enforcement leaders, privacy advocates, and community stakeholders, we are demonstrating that advanced crime-fighting tools can coexist with the highest respect for privacy and civil liberties – making our communities safer and freer at the same time.