“Annual Surveillance Report” means a written report that includes all of the following:
(1) A general description of how the Surveillance Technology was used;
(2) A general description of whether and how often data acquired through the use of the Surveillance Technology item was shared with outside entities, the name of any recipient outside entity, the type(s) of data disclosed, under what legal standard(s) the data was disclosed, and the justification for the disclosure(s);
(3) A summary of complaints or concerns from the public about the Surveillance Technology item;
(4) The aggregate results of any internal audits required by the Surveillance Technology Policy, any general, aggregate information about violations of the Surveillance Technology Policy, and a general description of any actions taken in response;
(5) Information, including crime statistics, which help the Board of Supervisors assess whether the Surveillance Technology has been effective at achieving its identified purposes;
(6) Aggregate statistics and information about any Surveillance Technology related to Public Records Act requests;
(7) Total annual costs for the Surveillance Technology, including personnel and other ongoing costs, and what source of funding will fund the Surveillance Technology in the coming year;
(8) Any requested modifications to the Surveillance Technology Policy and a detailed basis for the request;
(9) Where applicable, a general breakdown of what physical objects the Surveillance Technology hardware was installed upon, using general descriptive terms; for Surveillance Technology software, a general breakdown of what data sources the Surveillance Technology was applied to;
(10) A description of products and services acquired or used in the preceding year that are not already included in the Surveillance Technology Policy, including manufacturer and model numbers, and the identity of any entity or individual that provides to the Department services or equipment essential to the functioning or effectiveness of the Surveillance Technology; and
(11) A summary of all requests for Board of Supervisors’ approval for a Surveillance Technology Policy ordinance.
An Annual Surveillance Report shall not contain the specific records that a Surveillance Technology item collects, stores, exchanges, or analyzes and/or information protected, restricted, and/or sealed pursuant to State and/or federal laws, including information exempt from disclosure under the California Public Records Act.
“City” means the City and County of San Francisco.
“City Department” or “Department” means any City official, department, board, commission, or other entity in the City except that it shall not mean the District Attorney or Sheriff when performing their investigative or prosecutorial functions, provided that:
(1) The District Attorney or Sheriff certifies in writing to the Controller that acquisition or use of a specific Surveillance Technology is necessary to perform an investigative or prosecutorial function. The certification shall identify the Surveillance Technology acquired or to be acquired and shall be a public record; and
(2) The District Attorney or Sheriff provides in writing to the Controller either an explanation of how compliance with this Chapter 19B will obstruct their investigative or prosecutorial function or a declaration that the explanation itself will obstruct either function.
For purposes of subsection 19B.2(d) only, “City Department” and “Department” shall not include federally-regulated facilities at the Airport or Port.
“COIT” means the Committee on Information Technology.
“Exigent circumstances” means an emergency involving imminent danger of death or serious physical injury to any person that requires the immediate use of Surveillance Technology or the information it provides.
“Face recognition technology” means an automated or semi-automated process that assists in identifying or verifying an individual based on an individual’s face.
“Surveillance Impact Report” means a written report that includes at a minimum the following:
(1) Information describing the Surveillance Technology and how it works, including product descriptions from manufacturers;
(2) Information on the proposed purpose(s) for the Surveillance Technology;
(3) If applicable, the general location(s) it may be deployed and crime statistics for any location(s);
(4) An assessment identifying any potential impact on civil liberties and civil rights and discussing any plans to safeguard the rights of the public;
(5) The fiscal costs for the Surveillance Technology, including initial purchase, personnel and other ongoing costs, and any current or potential sources of funding;
(6) Whether use or maintenance of the technology will require data gathered by the technology to be handled or stored by a third-party vendor on an ongoing basis; and
(7) A summary of the experience, if any, other governmental entities have had with the proposed technology, including information about its effectiveness and any known adverse information about the technology such as unanticipated costs, failures, or civil rights and civil liberties abuses.
“Personal communication device” means a cellular telephone that has not been modified beyond stock manufacturer capabilities, a personal digital assistant, a wireless capable tablet or similar wireless two-way communications and/or portable Internet accessing devices, whether procured or subsidized by a City entity or personally owned, that is used in the regular course of conducting City business.
“Protected Class” means a class of persons with shared characteristics based on sex, race, color, religion, ancestry, national origin, disability, medical condition, genetic information, marital status, gender identity, gender expression, or sexual orientation, or any other class protected under the California Unruh Civil Rights Act.
“Surveillance Technology” means any software, electronic device, system utilizing an electronic device, or similar device used, designed, or primarily intended to collect, retain, process, or share audio, electronic, visual, location, thermal, biometric, olfactory or similar information specifically associated with, or capable of being associated with, any individual or group. Surveillance Technology”1
includes but is not limited to the following: international mobile subscriber identity (IMSI) catchers and other cell site simulators; automatic license plate readers; electric toll readers; closed-circuit television cameras; gunshot detection hardware and services; video and audio monitoring and/or recording technology, such as surveillance cameras, wide-angle cameras, and wearable body cameras; mobile DNA capture technology; biometric software or technology, including facial, voice, iris, and gait-recognition software and databases; software designed to monitor social media services; x-ray vans; software designed to forecast criminal activity or criminality; radio-frequency I.D. (RFID) scanners; and tools, including software and hardware, used to gain unauthorized access to a computer, computer service, or computer network. Surveillance Technology does not include the following devices, hardware, or software:
(1) Office hardware, such as televisions, computers, credit card machines, copy machines, telephones, and printers, that are in common use by City Departments and used for routine City business and transactions;
(2) City databases and enterprise systems that contain information kept in the ordinary course of City business, including, but not limited to, human resource, permit, license, and business records;
(3) City databases and enterprise systems that do not contain any data or other information collected, captured, recorded, retained, processed, intercepted, or analyzed by Surveillance Technology, including payroll, accounting, or other fiscal databases;
(4) Information technology security systems, including firewalls and other cybersecurity systems intended to secure City data;
(5) Physical access control systems, employee identification management systems, and other physical control systems;
(6) Infrastructure and mechanical control systems, including those that control or manage street lights, traffic lights, electrical, natural gas, or water or sewer functions;
(7) Manually-operated technological devices used primarily for internal City communications, which are not designed to surreptitiously collect surveillance data, such as radios, personal communication devices, and email systems;
(8) Manually-operated and non-wearable handheld cameras, audio recorders, and video recorders, that are not designed to be used surreptitiously and whose functionality is limited to manually capturing and manually downloading video and/or audio recordings;
(9) Surveillance devices that cannot record or transmit audio or video or be remotely accessed, such as image stabilizing binoculars or night vision equipment;
(10) Medical equipment and systems used to record, diagnose, treat, or prevent disease or injury, and used and/or kept in the ordinary course of providing City services;
(11) Parking Ticket Devices;
(12) Police Department interview rooms, holding cells, and internal security audio/video recording systems;
(13) Police department computer aided dispatch (CAD), records/case management, Live Scan, booking, Department of Motor Vehicles, California Law Enforcement Telecommunications Systems (CLETS), 9-1-1 and related dispatch and operation or emergency services systems;
(14) Police department early warning systems; and
(15) Computers, software, hardware, or devices intended to be used solely to monitor the safety and security of City facilities and City vehicles, not generally accessible to the public.
“Surveillance Technology Policy” means a written policy that includes:
(1) A description of the product and services addressed by the Surveillance Technology, including the identity of any provider(s) whose services are essential to the functioning or effectiveness of the Surveillance Technology equipment or services for the intended purpose;
(2) A description of the purpose(s) for which the Surveillance Technology equipment or services are proposed for acquisition, including the type of data that may be collected by the Surveillance Technology equipment or services;
(3) The uses that are authorized, the rules and processes required prior to such use, and uses of the Surveillance Technology that will be expressly prohibited.1
(4) A description of the formats in which information collected by the Surveillance Technology is stored, copied, and/or accessed;
(5) The specific categories and titles of individuals who are authorized by the Department to access or use the collected information, including restrictions on how and under what circumstances data collected with Surveillance Technology can be analyzed and reviewed, and the rules and processes required prior to access or use of the information;
(6) The general safeguards that protect information from unauthorized access, including encryption and access control mechanisms;
(7) The limited time period, if any, that information collected by the Surveillance Technology will be routinely retained, the reason such retention period is appropriate to further the purpose(s) enumerated in the Surveillance Technology Policy, the process by which the information is regularly deleted after that period lapses, and the specific conditions that must be met to retain information beyond that period;
(8) How collected information can be accessed or used by members of the public, including criminal defendants;
(9) Which governmental agencies, departments, bureaus, divisions, or units that may receive data collected by the Surveillance Technology operated by the Department, including any required justification or legal standard necessary to share that data and how it will ensure that any entity receiving such data complies with the Surveillance Technology Policy;
(10) The training required for any individual authorized to use the Surveillance Technology or to access information collected by the Surveillance Technology;
(11) The mechanisms to ensure that the Surveillance Technology Policy is followed, including internal personnel assigned to ensure compliance with the policy, internal recordkeeping of the use of the technology or access to information collected by the technology, technical measures to monitor for misuse, any independent person or entity with oversight authority, and the sanctions for violations of the policy; and
(12) What procedures will be put in place by which members of the public can register complaints or concerns, or submit questions about the deployment or use of a specific Surveillance Technology, and how the Department will ensure each question and complaint is responded to in a timely manner.
CODIFICATION NOTE