(a) Agency personnel should be permitted to access a policing database only for legitimate policing objectives, which should be specified in a written policy governing the use of the database that meets the requirements of § 6.01(c).
(b) The policy should make clear:
- (1) the predicate level of cause that must be present to justify access and how that predicate should be documented;
- (2) whether advance permission from a supervisor or court is required;
- (3) which personnel are authorized to access the database and to review data that has been accessed; and
- (4) what training is required before personnel are authorized to utilize it.
a. The need for regulation. Access by police personnel to their agencies’ databases raises many of the same concerns about privacy invasion, arbitrariness, and abuse that are raised by police efforts to access third-party databases that are discussed in § 2.05 and the more traditional searches that are discussed in Chapter 3. Policing databases, especially programmatic databases, can contain an extensive amount of personal information. For instance, fusion centers collect a wide array of information having to do with individuals’ travel, financial transactions, and publicly recorded activities. Surveillance tapes or body-camera footage may catalog a person’s public actions over long periods of time. Casefiles and watchlists can contain information that, if used inappropriately, can result in stigmatization, unnecessary confrontations with the police, and other negative consequences. The fact that policing agencies already have this information in their possession—as opposed to having to request it from another party—does little to mitigate these concerns.
For those reasons, agencies should develop clear policies to regulate law-enforcement access to police databases, whether by their own personnel, 911 dispatchers, or personnel from law-enforcement agencies with which they share the information. In doing so, they should consider the same sorts of regulatory tools that are used to limit the intrusiveness and arbitrariness of more traditional suspicion-based searches and seizures. See § 3.02.
b. Content of regulation. At a minimum, agency policy should make clear that a policing database may be accessed only for a legitimate policing objective—which must be delineated clearly in the policy itself, as required in § 6.01(c). For instance, as federal law provides, police personnel should not be able to access DNA databases to discover medical information about an individual or sift through surveillance data for nonprofessional purposes. Occasionally, the police wish to access data gathered for one purpose to use for another purpose (e.g., using a DNA database initially created to facilitate identification of arrestees to find matches with crime-scene DNA). In such cases, this Section stipulates that the secondary use is allowed only if a policy or statute authorizes it. Accord Principles of the Law, Data Privacy § 7 (providing that “[p]ersonal data shall not be used in data activities unrelated to those stated in the notice . . . without the consent of the individuals” unless “the use is required by law” or “obtaining consent would be impractical, impermissible under law, or too costly or difficult[.]”).
Agencies also should consider whether additional controls are necessary. For certain kinds of databases, some type of predicate beyond a legitimate purpose may be warranted before access can occur. For instance, an additional predicate may be required to access databases that contain more sensitive information, such as medical information or tax records, or large amounts of information about a person, as might be associated with long-term location tracking. An additional predicate may also be required to access databases that were obtained through suspicionless search and seizure programs (see Chapter 5) and thus are likely to contain information about large numbers of individuals who are innocent of any wrongdoing. In some cases, a traditional Fourth Amendment predicate—like reasonable suspicion or probable cause—may be appropriate; if particularly sensitive information is involved, perhaps an even more substantial showing would be required. In other contexts, an agency may decide to use a lower threshold like “relevance” but limit the use of the database to investigations of more serious crimes or require approval from a supervisor before a database may be used. Access also may be limited to certain types of officers. For instance, only specially trained individuals should be able to access DNA or fingerprint databases. Likewise, before an officer can access gang-member lists, specialized training may be required, given the uneven reliability of these lists and the ease with which they can be misused.
1. Law governing secondary use. A number of federal statutes place restrictions on secondary use of data. See Privacy Act, 5 U.S.C. § 552a(b)(3) (2012) (records may be disclosed only for a “routine use,” defined as “the use of [the] record for a purpose which is compatible with the purpose for which it was collected”); Fair Credit Reporting Act, 15 U.S.C. § 1681b(a) (2012) (listing purposes for which consumer reports can be divulged); Driver’s Privacy Protection Act, 18 U.S.C. § 2722(a) (2012) (prohibiting disclosure of personal information in a motor-vehicle record for an unlisted purpose); Cable Communications Policy Act, 47 U.S.C. § 551(c) (2012) (limiting disclosure of “personally identifiable information” to the purposes of the act); Gramm–Leach–Bliley Act, 15 U.S.C. § 6802(c) (2012) (limiting disclosure of financial information); HIPAA regulations, 45 C.F.R. § 164.506(a) (2017), 45 C.F.R § 164.508(a)(1) (2017) (placing limits on disclosure of medical information). The Supreme Court’s decisions in Vernonia School Dist. v. Acton, 515 U.S. 646, 658 (2008), upholding a drug-testing program, and in Maryland v. King, 567 U.S. 435, 465 (2013), upholding DNA sampling, relied on assurances that the information collected would be held securely and not used for unauthorized purposes. Cf. Birchfield v. North Dakota, 139 S. Ct. 2160, 2178 (2016) (requiring a warrant for blood tests, in part because more than blood-alcohol content might be discovered).
2. Law enforcement access to data. The U.S. Supreme Court’s decision in Carpenter v. United States, 138 S. Ct. 2206 (2018), which required a warrant to obtain a defendant’s cell-site location data from the individual’s common carrier, signaled that police access to some types of records may be limited by the U.S. Constitution. Although Carpenter involved records maintained by a third party, the Court also expressed a general concern about government access to information that is not “voluntarily” surrendered. Id. at 2220 (“in no meaningful sense does the user voluntarily ‘assume the risk’ of turning over a comprehensive dossier of his physical movements.”). That concern is present whether the data resides with a third party or the government. Data from government-established license-plate readers, intelligent transportation systems, and closed-circuit television can be as revealing as cell-site location data, and is surrendered no more voluntarily. Thus, while Chapter 5’s Principles might justify widespread suspicionless collection of data under these types of circumstances, they do not automatically authorize subsequent access to that data to discover facts about a particular individual. Otherwise the government could avoid the dictates of Carpenter simply by collecting the data itself or by purchasing the data from third parties.
Reflecting these types of concerns, federal law has long provided that even when housed within the National Security Agency (NSA), metadata about particular individuals only can be accessed pursuant to a court order. 50 U.S.C. § 1861 (2006) (requiring a production order to obtain “tangible things” in a counterterrorism investigation, at a time when metadata was maintained by the NSA). Similarly, when law enforcement seeks targeted information from other government agencies, statutes sometimes require more than a mere request by a field officer. See, e.g., I.R.C. § 6103(h) (2015) (in non-tax investigations, requiring a demonstration of “reasonable cause” and an inability to obtain the information from another source); Privacy Act, 5 U.C.S. § 552(b)(7) (permitting disclosure of government records in criminal cases if “the activity is authorized by law, and if the head [of the department] has made a written request to the agency.”). Federal law, and state-specific Memoranda of Understanding, also place significant limitations on state law enforcement agency access to federal databases. See, e.g., DNA Identification Act, § 14132(b)(3).