The City Council of Chula Vista, California (in the San Diego metropolitan area), announced a new policy governing how city law enforcement can use technology to protect residents from data collected by surveillance equipment. The policy was developed by a city task force after the police department began using Automated License Plate Readers in 2020 and will now be effective. However, this new policy directly affects Chula Vista’s signature drone program. The goal of the policy is to require any kind of technology that city officials and law enforcement intend to use to be reviewed by the task force, which will then determine the impact the technology will have on the public and city systems and resident privacy.

The task force consists of technology experts, financial auditors, public safety professionals, and government transparency activists. To streamline the review, all technology will fall under one of the following categories: general technology, which includes emails and cellphones; sensitive technology, such as drones and traffic signal cameras; and surveillance technology, such as the license plate readers. The highest level of oversight will apply to surveillance technology.

If the technology and its use are approved by the task force, the city manager would be required to report at least once every two years about how the technology has been used, any adverse impacts, and the status of the data collected. The goal is to keep government officials accountable. So, where does that leave drones? Well, they will be subject to this policy (as noted above), but the policy does allow the City Manager or the City Council to waive certain elements of the policy “in the event of exigent circumstances or other circumstances that make compliance impossible or infeasible.” It is likely that other policies and tasks forces like this in Chula Vista will continue to pop up as city residents question the scope and oversight of surveillance using new technologies, including drones, by government entities.

Photo of Kathryn Rattigan Kathryn Rattigan

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security…

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security compliance. Kathryn helps clients review, revise and implement necessary policies and procedures under the Health Insurance Portability and Accountability Act (HIPAA). She also provides clients with the information needed to effectively and efficiently handle potential and confirmed data breaches while providing insight into federal regulations and requirements for notification and an assessment under state breach notification laws. Prior to joining the firm, Kathryn was an associate at Nixon Peabody. She earned her J.D., cum laude, from Roger Williams University School of Law and her B.A., magna cum laude, from Stonehill College. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.