REPORT
Airport: Automated License Plate Readers ( ALPR) – Ground Transportation Management System (GTMS) Airport and Park Assist – Parking Guidance System Surveillance Technology Policy Amendments
Council on Information Technology (COIT)PUBLIC MEETING REVIEW DATES
BOS Approval Date: 2/25/2026
The City and County of San Francisco values privacy and protection of San Francisco residents’ civil rights and civil liberties. As required by San Francisco Administrative Code, Section 19B and California Civil Code Section 1798.90.51, this Surveillance Technology Policy aims to ensure the responsible use of the Automated License Plate Readers (“ALPR”) – Ground Transportation Management System (“GTMS”) and the Park Assist – Parking Guidance System (“Park Assist”) as well as any associated data, and the protection of City and County of San Francisco residents’ civil rights and liberties.
PURPOSE AND SCOPE
The Department's (“SFO” or “Airport”) mission is to provide an exceptional airport in service to our communities.
The Surveillance Technology Policy (“Policy”) defines the manner in which the ALPR – GTMS and Park Assist will be used to support this mission, by describing the intended purpose, authorized and restricted uses, and requirements.
This Policy applies to all department personnel that use, plan to use, or plan to secure ALPR – GTMS and Park Assist, including employees, contractors, and volunteers. Employees, consultants, volunteers, and vendors while working on behalf of the City with the Department are required to comply with this Policy.
POLICY STATEMENT
The authorized use of ALPR – GTMS and Park Assist technology for the Department is limited to the following use cases and is subject to the requirements listed in this Policy.
Authorized Use(s):
ALPR – GTMS and Park Assist:
- To track the activity of permitted commercial ground transportation at the Airport. Also, to use as a method for collecting trip fees or assessing citations.
- To support the Airport and local, state, federal, and regional public safety departments in the identification of vehicles associated with targets of investigations, including locating stolen, wanted, and or other vehicles that are the subject of investigation; and/or locating victims, witnesses, suspects, and others associated with a law enforcement investigation.
- To help guide customers to available parking spaces.
- To help customers locate their vehicles if they forget where they parked.
Prohibited use cases include any uses not stated in the Authorized Use Case section.
Further, processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying an individual person, data concerning health or data concerning an individual person’s sex life or sexual orientation shall be prohibited.
BUSINESS JUSTIFICATION
ALPR – GTMS and Park Assist supports the Department’s mission and provides important operational value in the following ways:
The Airport has historically used electronic toll readers and other technologies to monitor commercial ground transportation activity at the Airport. The PIPS Technology™ (“PIPS”) ALPR – GTMS solution serves as a secondary source of ensuring commercial ground transportation database information is correct. This is an essential component of a comprehensive and efficient transportation system. Ground transportation activity at the Airport continues to grow in line with air passenger activity. In FY2019, there were over 6,500 (non TNC) vehicles permitted to operate at the Airport, with almost 3,000,000 pickups and drop-offs completed.
The Airport is committed to efficiently delivering world class customer service while maximizing revenue opportunities. Use of a parking guidance system, Park Assist, significantly reduces time spent searching for parking which leads to more revenue generating opportunities in the terminals. Additionally, by streamlining the process and reducing drive time and emissions, parking efficiency minimizes traffic on SFO’s roadways for a premium parking experience.
The primary use for Landside ALPR – GTMS is to capture the activity of permitted commercial ground transportation at the Airport. The ALPR – GTMS acts as a failsafe if the Automated Vehicle Identification (AVI) readers malfunction and fail to read the transponder the Airport affixes to certain types of permitted vehicles. It assists in dispute resolution in the event that the operator challenges the transponder data (i.e., number of trips the operator has made to the Airport) collected from the AVI. For other types of permitted vehicles, the ALPR and Park Assist GTMS may be used as the primary method for assessing citations.
Additional uses include tracking permitted operators that are not issued transponders, such as TNC vehicles and longdistance bus carriers; tracking unpermitted operators who solicit passengers for rides; and assisting public safety agencies in investigations.
The Park Assist Parking Guidance System is a camera-based smart sensor automated parking guidance system (APGS) that can read license plates and identify when spaces are open or being used. The system utilizes LED lights to signify when parking spaces are available or taken, enhancing convenience, reducing congestion, and optimizing space utilization. Additionally, if a customer forgets where they parked, they can enter their license plate into a kiosk and the system will tell them where that license plate is located within the facility.
Resident Benefits
The surveillance technology promises to benefit residents in the following ways:
| Yes or No | Benefit | Description |
|---|---|---|
N | Education | N/A |
N | Community Development | N/A |
N | Health | N/A |
Y | Environment | Traffic congestion studies: ALPR – GTMS can be used to conduct studies on traffic volumes and patterns, with the potential to mitigate environmental impacts of traffic congestion on residents. By reducing the driving time to locate parking spaces, Park Assist can help reduce car emissions. |
Y | Criminal Justice | ALPR – GTMS and Park Assist can be used to support identification of vehicles as a part of law enforcement investigations. |
N | Jobs | N/A |
N | Housing | N/A |
Y | Public Safety | ALPR – GTMS and Park Assist can be used to locate stolen, wanted, and or other vehicles that are the subject of investigation, and can improve overall roadway safety for residents using Airport roadways. Trip fees by permitted operators: ALPR – GTMS can be used to track vehicles and collect trip fees to offset impacts of commercial vehicles on Airport roadways and to improve roadway conditions for residents accessing the Airport. |
N | Other | N/A |
Department Benefits
The surveillance technology will benefit the department in the following ways:
| Yes or No | Benefit | Description |
|---|---|---|
Y | Financial Savings | Park Assist provides for low maintenance and operating costs, in addition to, minimal training of personnel on the use of the technology. Less personnel are needed to monitor and assist customers finding open spaces and/or their vehicles. |
Y | Time Savings | Without the ALPR – GTMS technology, the Airport would need to deploy a manually staffed ground transportation operation. This alternative has not been thoroughly explored for feasibility. At minimum however, team members would be required to be assigned to all entry lanes, exit lanes, curbside zones, and staging lots during 24/7 operations. Team members would conduct manual verification of registration through visual observance of permits and decals, and conduct traffic counts. The ALPR – GTMS removes the necessity of staffing for this purpose. |
Y | Staff Safety | With Park Assist less staff are needed in facilities to constantly monitor and assist in finding spaces and vehicles; thus, reducing exposure to fast moving vehicles. |
Y | Data Quality | The ALPR – GTMS technology is verified against the AVI technology to verify that all permitted vehicles’ trips have been documented for tracking and fee assessment purposes, in case the AVI malfunctions and fails to read the airport affixed transponder. The ALPR – GTMS is also used in concert with AVI to confirm whether a commercial vehicle on Airport roadways is a permitted operator. |
Y | Other | The ALPR – GTMS technology enables the Airport to assess trip fees on permitted Commercial ground transportation operators. In 2019, for example, the Airport collected a total of $64,815,649 in trip fees from ground transportation operators. ($64,815,649 for one year) |
POLICY REQUIREMENTS
This Policy defines the responsible data management processes and legally enforceable safeguards required by the Department to ensure transparency, oversight, and accountability measures. Department use of surveillance technology and information collected, retained, processed or shared by surveillance technology must be consistent with this Policy; must comply with all City, State, and Federal laws and regulations; and must protect all state and federal Constitutional guarantees.
Specifications: The software and/or firmware used to operate the surveillance technology must be kept up to date and maintained.
Safety: Surveillance technology must be operated in a safe manner. Surveillance technology should not be operated in a way that infringes on resident civil rights, including privacy, or causes personal injury or property damage.
Accuracy of ALPR Data: In the event Landside, Ground Transportation Unit (GTU), or Parking Management become aware of an ALPR data error, the Airport’s Information Technology and Telecommunications (ITT) team will correct all associated files.
Data Collection
Departments shall minimize the use, collection, and retention of Personally Identifiable Information (PII) to what is strictly necessary to accomplish the intended purpose of the surveillance technology.
Department shall only collect data required to execute the authorized use case. All data collected by the surveillance technology, including PII, shall be classified according to the City’s Data Classification Standard.
Should information be incidentally collected that is not necessary to accomplish the intended purpose of the surveillance technology, including information that may be used to identify persons or private information, Department shall remove all incidental PII from raw data.
The surveillance technology collects the following data types:
| Data Type(s) | Format(s) | Classification |
|---|---|---|
Company’s registered DBA, Permit Type, Location of record, Date and Time of record | .xml, .pdf, .html, .jpg, .xml | Level 2 |
Images of License Plates | .jpg, .xml | Level 3 |
Date & Time image taken | .jpg, .xml | Level 3 |
Notification
The commercial ground transportation operators acknowledge notice of GTMS policies and procedures, which include the Airport’s use of ALPR and Electronic Toll Readers, by signing the Airport permit. In addition, in compliance with California Civil Code § 1798.90.5, the Airport shall notify the public of the ALPR – GTMS and Park Assist surveillance technology operation by posting the ALPR – GTMS privacy and usage policy on FlySFO.com.
The public notice shall include the following items
| Yes or No | Category Included |
|---|---|
N | Information on the surveillance technology |
N | Description of the authorized use |
N | Type of data collected |
N | Data retention |
N | Department identification |
N | Contact information |
N | Persons individually identified |
Access
All parties requesting access must adhere to the following rules and processes:
Use of the Ground Transportation Management System (GTMS) software and Park Assistis are required for data access. Agreement and adherence to the City and County of San Francisco’s and Airport’s computer and data information systems policies, supervisor approval for use, and GTMS Administrator approval for use. Request for system access is to be submitted through SFO’s ITT Help Desk ServiceNow online Request Form. Access can be limited and varied dependent on software system user role. GTMS Administrator and ITT are to determine and provide permissions on user role. Training to be provided once software is installed on a computer or laptop.
Data can only be accessed through the permissions-controlled GTMS software. The data is to be used for trip and revenue analysis for internal purposes. Information deemed low risk such as Permit Type (i.e., Limousine, Taxi) and trip counts may be aggregated and shared with the public, other airports, and transportation industries. The public may request trip and revenue information through a public records request.
A. Department employees
Once collected, the following roles and job titles are authorized to access and use data collected, retained, processed or shared by the surveillance technology:
- 1828 Principal Administrative Analyst II
- 1823 Senior Administrative Analyst
- 1822 Senior Administrative Analyst
- 1446 Secretary 2
- 1825 Principal Administrative Analyst II
- 1823 Senior Administrative Analyst
- 1822 Administrative Analyst
- 7315 Automotive Machinist Assistant Supervisor
- 5290 Transportation Planner IV
- 5241 Engineer
- 5203 Assistant Engineer
- 5201 Junior Engineer
- 5380 StdntDsgnTrain1, Arch/Eng/Plng
- 5381 StdntDsgnTrain2, Arch/Eng/Plng
- 5382 StdntDsgnTrain3, Arch/Eng/Plng
- 7381 Automotive Mechanic
- 9255, Parking Operations Manager
- 0931 Manager III, Airport – Landside Operations
- 0923 Manager II, Ground Transportation Investigations Manager
- 0932 Manager IV, Airport Parking Manager
- 0933 Manager V
- 9236, Ground Transportation Technician
- 9144, Ground Transportation Compliance Investigator
The following providers are required to support and maintain the surveillance technology and its associated data to ensure it remains functional:
- Arcadis
- SP Plus SF Joint Venture (SPSF)
- Park Assist
B. Members of the public
Airport will comply with the California Public Records Act, the San Francisco Sunshine Ordinance, the requirements of the federal and State Constitutions, and federal and State civil procedure laws and rules.
Collected data that is classified as Level 1-Public data may be made available for public access or release via DataSF’s Open Data portal. Anyone, including criminal defendants, may access such data. Open Data has a Public Domain Dedication and License and makes no warranties on the information provided. Once public on Open Data, data can be freely shared, modified, and used for any purpose without any restrictions. Any damages resulting from use of public data are disclaimed, including by criminal defendants.
Members of the public, including criminal defendants, may also request access by submission of a request pursuant to San Francisco’s Sunshine Ordinance. No record shall be withheld from disclosure in its entirety unless all information contained in it is exempt from disclosure under express provisions of the California Public Records Act or some other statute.
Data Security
Department shall secure PII against unauthorized or unlawful processing or disclosure; unwarranted access, manipulation or misuse; and accidental loss, destruction, or damage. Surveillance technology data collected and retained by the Department shall be protected by the safeguards appropriate for its classification level(s).
To protect surveillance technology information from unauthorized access and control, including misuse, Departments shall, at minimum, apply the following safeguards:
Data can only be accessed through the permissions-controlled GTMS software. Users must provide unique computer login credentials such as username and password to access the data. Passwords must comply with the City and County of San Francisco cyber security requirements.
The following protocols shall be followed to ensure data security:
- All network equipment and servers containing sensitive data are maintained in a secured location accessible only to Airport badged, authorized personnel.
- Servers and network equipment are continuously monitored.
- ITT maintains a log of successful and unsuccessful logon attempts, changes in user accounts, whether user logs have been modified, network threats, and resource access.
- All SFO workstations and servers are patched regularly.
- All sensitive data stored on the servers are backed up regularly and a copy saved offsite.
- SFO’s network is protected behind a firewall and data transmitted outside SFO’s network to SFO cloud-based partners are encrypted via SSL/TLS. Data at rest offsite are also encrypted.
Data Sharing
Airport will comply with the California Public Records Act, the San Francisco Sunshine Ordinance, the requirements of the federal and State Constitutions, and federal and State civil procedure laws and rules.
Airport will endeavor to ensure that other agencies or departments that may receive data collected by ALPR – GTMS and Park Assist Technology will act in conformity with this Surveillance Technology Policy.
For internal and externally shared data, shared data shall not be accessed, used, or processed by the recipient in a manner incompatible with the authorized use cases stated in this Policy.
Airport shall ensure proper administrative, technical, and physical safeguards are in place before sharing data with other CCSF departments, outside government entities, and third-party providers or vendors. (See Data Security)
Airport shall ensure all PII and restricted data is de-identified or adequately protected to ensure the identities of individual subjects are effectively safeguarded.
Each department that believes another agency or department receives or may receive data collected from its use of STs should consult with its assigned deputy city attorney regarding their response.
The Department currently participates in the following sharing practices:
A. Internal and External Data Sharing:
- GTMS Users for review of matching license plates and electronic toll reads;
- Park Assist Users, including SPSF, to look-up license plates to locate vehicle locations in the Airport’s parking facilities;
- District Attorney's Office in accordance with the law;
- Public Defender's Office or criminal defense attorney in accordance with California discovery laws; law enforcement agencies as part of a criminal or administrative investigation; Parties to civil litigation, or other third parties when required under law; and
- Federal Bureau of Investigations (FBI), Department of Motor Vehicle (DMV) and California Public Utilities Commission (CPUC) to determine whether any vehicles have been stolen, operating without authorization, or are otherwise associated with criminal activity.
Data sharing occurs at the following frequency:
- On request in accordance with the law, or during SFO presentations on topics related to ground transportation activity.
Before sharing data with any recipients, the Department will use the following procedure to ensure appropriate data protections are in place:
- Confirm the purpose of the data sharing aligns with the department’s mission.
- Consider alternative methods other than sharing data that can accomplish the same purpose.
- Redact names, scrub faces, and ensure all PII is removed in accordance with the department’s data policies.
- Review of all existing safeguards to ensure shared data does not increase the risk of potential civil rights and liberties impacts on residents.
- Evaluation of what data can be permissibly shared with members of the public should a request be made in accordance with the San Francisco’s Sunshine Ordinance.
- Ensure shared data will be done in a cost-efficient manner and exported in a clean, machine-readable format.
B. Department shares the following data with the recipients:
- Aggregated trip counts and revenue by permit types. Data constituting PII or other sensitive information will be shared with law enforcement agencies in accordance with the law, and with parties involved in criminal, civil or administrative proceedings as required under law.
To ensure that entities receiving data collected by the surveillance technology comply with the Surveillance Technology Policy, Department shall:
- Data collected is primarily to be accessed by internal stakeholders within the Airport department. All Airport users are to comply with the Airport’s computer and cybersecurity polices, as agreed upon through daily computer sign-in. Data shared with external entities or other City and County departments is to fall within the Level 2 category of nonsensitive data for the business purposes of improved commercial ground transportation and analyses. Information within the Level 3 lowmoderate risk category must be requested through the public records request process, and the data is reviewed prior to disclosure to ensure that it is subject to disclosure under the Public Records Act and the Sunshine Ordinance.
- The Department will comply with the California Public Records Act, the San Francisco Sunshine Ordinance, the requirements of the federal and State Constitutions, and federal and State civil procedure laws and rules.
Data Retention
The Department’s data retention period and justification are as follows:
- Data is active for 18 months in the production server, then 4.5 years in cloud storage.
- Airport server storage size limits retention on production server
- Airport Data Retention Policy requires 4.5 years
- Data would only be retained longer than above if/when the City Attorney issued a litigation hold letter to the Airport.
NOTE: Park Assist does not retain license plate data.
PII data shall not be kept in a form which permits identification of data subjects for any longer than is necessary for the purposes for which the personal data are processed. PII data collected by the surveillance technology may be retained beyond the standard retention period only in the following circumstance(s):
Departments must establish appropriate safeguards for PII data stored for longer periods.
Data will be stored in the following location:
- Local storage
- Could Storage Provider
Data Disposal
Upon completion of the data retention period, Department shall dispose of data in the following manner:
Practices: Data is consolidated on the local storage and moved to cloud provider for long term storage. Local drives are overwritten with new data. Cloud storage data is deleted.
Processes and Applications: Not applicable for this technology solution
Training
To reduce the possibility that surveillance technology or its associated data will be misused or used contrary to its authorized use, all individuals requiring access must receive training on data security policies and procedures.
At the very least, department shall require all elected officials, employees, consultants, volunteers, and vendors working with the technology on its behalf to read and formally acknowledge all authorized and prohibited uses. Department shall also require that all individuals requesting data or regularly requiring data access receive appropriate training before being granted access to systems containing PII.
In-person or virtual training session that includes system overview and use of reporting modules.
COMPLIANCE
Department shall oversee and enforce compliance with this Policy using the following methods:
The Airport’s ITT and Government Affairs & Policy teams will both govern and oversee compliance of the policy. Any resulting policy is to be shared with the Airport community with follow-up items, if any, documented.
Department shall assign the following personnel to oversee Policy compliance by the Department and third-parties.
- IT Governance Director, ITT Cybersecurity & Compliance
- Senior Landside Transportation Planner
- Parking Operations Manager
- Airport Parking Manager
Sanctions for violations of this Policy include the following:
- Airport Commission employees will be disciplined for violation of the Ordinance subject to meeting and conferring with the unions representing Airport Commission employees.
If a Department is alleged to have violated the Ordinance under San Francisco Administrative Code Chapter 19B, Department shall post a notice on the Department’s website that generally describes any corrective measure taken to address such allegation.
Department is subject to enforcement procedures, as outlined in San Francisco Administrative Code Section 19B.8.
EXCEPTIONS
Only in exigent circumstances or in circumstances where law enforcement requires surveillance technology data for investigatory or prosecutorial functions may data collected, retained or processed by the surveillance technology be shared with law enforcement.
DEFINITIONS
- Personally Identifiable Information: Information that can be used to distinguish or trace an individual's identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual.
- Sensitive Data: Data intended for release on a need-to-know basis. Data regulated by privacy laws or regulations or restricted by a regulatory agency or contract, grant or other agreement terms and conditions.
AUTHORIZATION
Section 19B.4 of the City’s Administrative Code states, “It is the policy of the Board of Supervisors that it will approve a Surveillance Technology Policy ordinance only if it determines that the benefits the Surveillance Technology ordinance authorizes outweigh its costs, that the Surveillance Technology Policy ordinance will safeguard civil liberties and civil rights, and that the uses and deployments of the Surveillance Technology under the ordinance will not be based upon discriminatory or viewpoint-based factors or have a disparate impact on any community or Protected Class.”
QUESTIONS & CONCERNS
Public:
Complaints or concerns can be submitted to the Department by completing a Contact SFO Form found on FlySFO.com. The submissions are reviewed by the Airport Guest Services team and forwarded to the Airport stakeholder team responsible for follow-up, as necessary, on the topic of concern or comment. Additionally, the Airport Commission holds bi-monthly public meetings where the public may register complaints or concerns during the Public Comment section of the calendared agenda.
Department shall acknowledge and respond to complaints and concerns in a timely and organized response. To do so, Department shall:
- Include in the daily tasks and job duties of Landside and Parking staff and its contractors to respond to complaints and concerns submitted by the commercial transportation.
- Consistent with these duties, Landside staff responds to all inquiries from commercial passenger transportation providers.
- In addition, the Airport’s Guest Services team dedicates a staff to address complaints and concerns from the public.
- Any matters brought to the Airport are tracked from initial receipt of communication through closure of followup actions, if any.
City and County of San Francisco Employees:
All questions regarding this policy should be directed to the employee's supervisor or to the director. Similarly, questions about other applicable laws governing the use of the surveillance technology or the issues related to privacy should be directed to the employee's supervisor or the director.