The URL can be used to link to this page

2025-27 Flock Group - ALPR Camera SystemMEMORANDUM Cv day CALIFORNIA DATE: August 6, 2025 TO: Jon McMillen,City Manager FROM: Lisa Chastain, Public Safety Management Analyst RE: Flock Group, Inc., for Automatic License Plate Reader System Agrmt Please list the Contracting Party / Vendor Name, any change orders or amendments, and the type of services to be provided. Make sure to list any related Project No. and Project Name. a Authority to execute this agreement is based upon: Approved by City Council on August 5, 2025 Business Item No. 3 City Manager's signing authority provided under the City's Purchasing & Contracting Policy [Resolution No. 2023-008] for budget expenditures of $50,000 or less. City Manager's signing authority provided under the City's Personnel Policy Section 3.2 for temporary employment positions. Department Director's or Manager's signing authority provided under the City's Purchasing Policy [Resolution No. 2023-008] for budget expenditures of $15,000 and $5,000, respectively, or less. ❑ Bid ❑ a Sole Source Procurement Method (one must apply): RFP n RFQ nSelect Source 3 written informal bids Cooperative Procurement Requesting department shall check and attach the items below as appropriate: Agreement payment will be charged to Account No.: 101-2001-60692 Agreement term: Start Date July 1, 2025 Amount of Agreement, Amendment, Change Order, etc.: End Date $ 414, 000 June 30, 2027 REMINDER: Signing authorities listed above are applicable on the aggregate Agreement amount, not individual Amendments or Change Orders! ❑✓ Insurance certificates as required by the Agreement for Risk Manager approval Approved by: myCOl exp 8/23/25 - MR Date: 8/7/2025 Bonds (oriqinals) as required by the Agreement (Performance, Payment, etc.) Conflict of Interest Form 700 Statement of Economic Interests from Consultant(s) NOTE: Review the "Form 700 Disclosure for Consultants" guidance to determine if a Form 700 is required pursuant FPPC regulation 18701(2) Business License No. 770978 Expires: 4/30/2026 Requisition for a Purchase Order has been prepared (Agreements over $5,000) 78495 Calle Tampico I La Quinta, California 92253 1760.777,7000 I www.laquintaca.gov AGREEMENT FOR CONTRACT SERVICES THIS AGREEMENT FOR CONTRACT SERVICES (the "Agreement") is made and entered into by and between the CITY OF LA QUINTA, ("City"), a California municipal corporation, and Flock Group, Inc. with a place of business at 1170 Howell Mill Rd NW Suite 210, Atlanta, GA 30318 ("Contracting Party"). The parties hereto agree as follows: 1. SERVICES OF CONTRACTING PARTY. 1.1 Scope of Services. In compliance with all terms and conditions of this Agreement, Contracting Party shall provide those services related to Flock's Automated License Reader services, including software and hardware, as specified in the "Scope of Services" attached hereto as "Exhibit A" and incorporated herein by this reference (the "Services"). Notwithstanding any provisions in Exhibit A to the contrary, the terms and conditions in this Agreement excluding Exhibit A shall supersede, govern, and control in the event that there are any inconsistencies or direct or indirect conflicting provisions in Exhibit A, it being expressly understood and agreed by the Parties that Contracting Party has requested that it's form agreement be attached to this Agreement as Exhibit A. Contracting Party represents and warrants that Contracting Party is a provider of first- class work and/or services and Contracting Party is experienced in performing the Services contemplated herein and, in light of such status and experience, Contracting Party covenants that it shall follow industry standards in performing the Services required hereunder, and that all materials, if any, will be of good quality, fit for the purpose intended. For purposes of this Agreement, the phrase "industry standards" shall mean those standards of practice recognized by one or more first-class firms performing similar services under similar circumstances. 1.2 Compliance with Law. All Services rendered hereunder shall be provided in accordance with all ordinances, resolutions, statutes, rules, regulations, and laws of the City and any Federal, State, or local governmental agency of competent jurisdiction. 1.3 Wage and Hour Compliance, Contracting Party shall comply with applicable Federal, State, and local wage and hour laws. 1.4 Licenses, Permits, Fees and Assessments. Except as otherwise specified herein, Contracting Party shall obtain at its sole cost and expense such licenses, permits, and approvals as may be required by law for the performance of the Services required by this Agreement, including a City of La Quinta business license. Contracting Party and its employees, agents, and subcontractors shall, at their sole cost and expense, keep in effect at all times during the term of this Agreement any licenses, permits, and approvals that are legally required for the performance of the Services required by this Agreement. Contracting Party shall have the sole obligation to pay for any fees, assessments, and taxes, plus applicable penalties and interest, which may be imposed by law and arise from or are necessary for the performance of the Services required by this Agreement, and shall indemnify, defend (with counsel selected by City), and hold City, its elected officials, officers, employees, and agents, free and harmless against any such fees, assessments, taxes, penalties, or interest levied, assessed, or imposed against City hereunder. Contracting Party shall be responsible for all subcontractors' compliance with this Section. 1.5 Familiarity with Work. By executing this Agreement, Contracting Party warrants that (a) it has thoroughly investigated and considered the Services to be performed, (b) it has investigated the site where the Services are to be performed, if any, and fully acquainted itself with the conditions there existing, (c) it has carefully considered how the Services should be performed, and (d) it fully understands the facilities, difficulties, and restrictions attending performance of the Services under this Agreement. Should Contracting Party discover any latent or unknown conditions materially differing from those inherent in the Services or as represented by City, Contracting Party shall immediately inform City of such fact and shall not proceed except at Contracting Party's risk until written instructions are received from the Contract Officer, or assigned designee (as defined in Section 4.2 hereof). 1.6 Standard of Care. Contracting Party acknowledges and understands that the Services contracted for under this Agreement require specialized skills and abilities and that, consistent with this understanding, Contracting Party's work will be held to an industry standard of quality and workmanship. Consistent with Section 1.5 hereinabove, Contracting Party represents to City that it holds the necessary skills and abilities to satisfy the industry standard of quality as set forth in this Agreement. Contracting Party shall adopt reasonable methods during the life of this Agreement to furnish continuous protection to the Services performed by Contracting Party, and the equipment, materials, papers, and other components thereof to prevent losses or damages, and shall be responsible for all such damages, to persons or property, until acceptance of the Services by City, except such losses or damages as may be caused by City's own negligence. The performance of Services by Contracting Party shall not relieve Contracting Party from any obligation to correct any incomplete, inaccurate, or defective work at no further cost to City, when such inaccuracies are due to the negligence of Contracting Party. 1.7 Additional Services. In accordance with the terms and conditions of this Agreement, Contracting Party shall perform services in addition to those specified in the Scope of Services ("Additional Services") only when directed to do so by the Contract Officer, or assigned designee, provided that Contracting Party shall not be required to perform any Additional Services without compensation. Contracting Party shall not perform any Additional Services until receiving prior written authorization (in the form of a written change order if Contracting Party is a contractor performing the Services) from the Contract Officer, or assigned designee, incorporating therein any adjustment in (i) the Contract Sum, and/or (ii) the time to perform this Agreement, which said adjustments are subject to the written approval of Contracting Party. It is expressly understood by Contracting Party that the provisions of this Section shall not apply to the Services specifically set forth in the Scope of Services or reasonably contemplated therein. It is specifically understood and agreed that oral requests and/or approvals of Additional Services shall be barred and are unenforceable. Failure of Contracting Party to secure the Contract Officer's, or assigned designee's written authorization for Additional Services shall constitute a waiver of any and all right to adjustment of the Contract Sum or time to perform this Agreement, whether by way of compensation, -2- restitution, quantum meruit, or the like, for Additional Services provided without the appropriate authorization from the Contract Officer, or assigned designee. Compensation for properly authorized Additional Services shall be made in accordance with Section 2.3 of this Agreement. 1.8 Special Requirements. Additional terms and conditions of this Agreement, if any, which are made a part hereof are set forth in "Exhibit D" (the "Special Requirements"), which is incorporated herein by this reference and expressly made a part hereof. In the event of a conflict between the provisions of the Special Requirements and any other provisions of this Agreement, the provisions of the Special Requirements shall govern. 2. COMPENSATION. 2.1 Contract Sum. For the Services rendered pursuant to this Agreement, Contracting Party shall be compensated in accordance with "Exhibit B" (the "Schedule of Compensation") in a total amount not to exceed Four Hundred and Fourteen Thousand Dollars ($414,000), during the term of the agreement (the "Contract Sum"), except as provided in Section 1.7. The method of compensation set forth in the Schedule of Compensation may include a lump sum payment upon completion, payment in accordance with the percentage of completion of the Services, payment for time and materials based upon Contracting Party's rate schedule, but not exceeding the Contract Sum, or such other reasonable methods as may be specified in the Schedule of Compensation. The Contract Sum shall include the attendance of Contracting Party at all project meetings reasonably deemed necessary by City; Contracting Party shall not be entitled to any additional compensation for attending said meetings. Compensation may include reimbursement for actual and necessary expenditures for reproduction costs, transportation expense, telephone expense, and similar costs and expenses when and if specified in the Schedule of Compensation. Regardless of the method of compensation set forth in the Schedule of Compensation, Contracting Party's overall compensation shall not exceed the Contract Sum, except as provided in Section 1.7 of this Agreement. 2.2 Method of Billing & Payment. Any month in which Contracting Party wishes to receive payment, Contracting Party shall submit to City no later than the tenth (10th) working day of such month, in the form approved by City's Finance Director, an invoice for Services rendered prior to the date of the invoice. Such invoice shall (1) describe in detail the Services provided, including time and materials, and (2) specify each staff member who has provided Services and the number of hours assigned to each such staff member. Such invoice shall contain a certification by a principal member of Contracting Party specifying that the payment requested is for Services performed in accordance with the terms of this Agreement. Upon approval in writing by the Contract Officer, or assigned designee, and subject to retention pursuant to Section 8.3, City will pay Contracting Party for all items stated thereon which are approved by City pursuant to this Agreement no later than thirty (30) days after invoices are received by the City's Finance Department. -3- 2.3 Compensation for Additional Services. Additional Services approved in advance by the Contract Officer, or assigned designee, pursuant to Section 1.7 of this Agreement shall be paid for in an amount agreed to in writing by both City and Contracting Party in advance of the Additional Services being rendered by Contracting Party. Any compensation for Additional Services amounting to five percent (5%) or less of the Contract Sum may be approved by the Contract Officer, or assigned designee. Any greater amount of compensation for Additional Services must be approved by the La Quinta City Council, the City Manager, or Department Director, depending upon City laws, regulations, rules and procedures concerning public contracting. Under no circumstances shall Contracting Party receive compensation for any Additional Services unless prior written approval for the Additional Services is obtained from the Contract Officer, or assigned designee, pursuant to Section 1.7 of this Agreement. 3. PERFORMANCE SCHEDULE. 3.1 Time of Essence. Time is of the essence in the performance of this Agreement. If the Services not completed in accordance with the Schedule of Performance, as set forth in Section 3.2 and "Exhibit C", it is understood that the City will suffer damage. 3.2 Schedule of Performance. All Services rendered pursuant to this Agreement shall be performed diligently and within the time period established in "Exhibit C" (the "Schedule of Performance"). Extensions to the time period specified in the Schedule of Performance may be approved in writing by the Contract Officer, or assigned designee. 3.3 Force Majeure. The time period specified in the Schedule of Performance for performance of the Services rendered pursuant to this Agreement shall be extended because of any delays due to unforeseeable causes beyond the control and without the fault or negligence of Contracting Party, including, but not restricted to, acts of God or of the public enemy, fires, earthquakes, floods, epidemic, quarantine restrictions, riots, strikes, freight embargoes, acts of any governmental agency other than City, and unusually severe weather, if Contracting Party shall within ten (10) days of the commencement of such delay notify the Contract Officer, or assigned designee, in writing of the causes of the delay. The Contract Officer, or assigned designee, shall ascertain the facts and the extent of delay, and extend the time for performing the Services for the period of the forced delay when and if in the Contract Officer's judgment such delay is justified, and the Contract Officer's determination, or assigned designee, shall be final and conclusive upon the parties to this Agreement. Extensions to time period in the Schedule of Performance which are determined by the Contract Officer, or assigned designee, to be justified pursuant to this Section shall not entitle the Contracting Party to additional compensation in excess of the Contract Sum. 3.4 Term. Unless earlier terminated in accordance with the provisions in Article 8.0 of this Agreement, the term of this agreement shall commence on April 15, 2025 and terminate on June 30, 2027 ("Initial Term"). This Agreement may be extended for one (1) additional year(s) upon mutual agreement by both parties ("Extended Term"), -4- and executed in writing. The Initial Term and, if applicable the Extended Term, are defined to be the "Term" of the Agreement. 4. COORDINATION OF WORK. 4.1 Representative of Contracting Party. The following principals of Contracting Party ("Principals") are hereby designated as being the principals and representatives of Contracting Party authorized to act in its behalf with respect to the Services specified herein and make all decisions in connection therewith: (a) Flock Group Inc. 1170 Howell Mill Road NW, Ste 210 Alanta, GA 30318 ATTN: Legal (b) City of La Quinta 78495 Calle Tampico La Quinta, Ca 92253 ATTN: Public Safety Deputy Director It is expressly understood that the experience, knowledge, capability, and reputation of the foregoing Principals were a substantial inducement for City to enter into this Agreement. Therefore, the foregoing Principals shall be responsible during the term of this Agreement for directing all activities of Contracting Party and devoting sufficient time to personally supervise the Services hereunder. For purposes of this Agreement, the foregoing Principals may not be changed by Contracting Party and no other personnel may be assigned to perform the Services required hereunder without the express written approval of City. 4.2 Contract Officer. The "Contract Officer", otherwise known as Martha Mendez, Public Safety Deputy Director or assigned designee may be designated in writing by the City Manager of the City. It shall be Contracting Party's responsibility to assure that the Contract Officer, or assigned designee, is kept informed of the progress of the performance of the Services, and Contracting Party shall refer any decisions, that must be made by City to the Contract Officer, or assigned designee. Unless otherwise specified herein, any approval of City required hereunder shall mean the approval of the Contract Officer, or assigned designee. The Contract Officer, or assigned designee, shall have authority to sign all documents on behalf of City required hereunder to carry out the terms of this Agreement. 4.3 Prohibition Against Subcontracting or Assignment. The experience, knowledge, capability, and reputation of Contracting Party, its principals, and its employees were a substantial inducement for City to enter into this Agreement. Except as set forth in this Agreement, Contracting Party shall not contract or subcontract with any other entity to perform in whole or in part the Services required hereunder without the express written approval of City. In addition, neither this Agreement nor any interest herein may be transferred, assigned, conveyed, hypothecated, or encumbered, -5- voluntarily or by operation of law, without the prior written approval of City. Transfers restricted hereunder shall include the transfer to any person or group of persons acting in concert of more than twenty five percent (25%) of the present ownership and/or control of Contracting Party, taking all transfers into account on a cumulative basis. Any attempted or purported assignment or contracting or subcontracting by Contracting Party without City's express written approval shall be null, void, and of no effect. No approved transfer shall release Contracting Party of any liability hereunder without the express consent of City. 4.4 Independent Contractor. Neither City nor any of its employees shall have any control over the manner, mode, or means by which Contracting Party, its agents, or its employees, perform the Services required herein, except as otherwise set forth herein. City shall have no voice in the selection, discharge, supervision, or control of Contracting Party's employees, servants, representatives, or agents, or in fixing their number or hours of service. Contracting Party shall perform all Services required herein as an independent contractor of City and shall remain at all times as to City a wholly independent contractor with only such obligations as are consistent with that role. Contracting Party shall not at any time or in any manner represent that it or any of its agents or employees are agents or employees of City. City shall not in any way or for any purpose become or be deemed to be a partner of Contracting Party in its business or otherwise or a joint venture or a member of any joint enterprise with Contracting Party. Contracting Party shall have no power to incur any debt, obligation, or liability on behalf of City. Contracting Party shall not at any time or in any manner represent that it or any of its agents or employees are agents or employees of City. Except for the Contract Sum paid to Contracting Party as provided in this Agreement, City shall not pay salaries, wages, or other compensation to Contracting Party for performing the Services hereunder for City. City shall not be liable for compensation or indemnification to Contracting Party for injury or sickness arising out of performing the Services hereunder. Notwithstanding any other City, state, or federal policy, rule, regulation, law, or ordinance to the contrary, Contracting Party and any of its employees, agents, and subcontractors providing services under this Agreement shall not qualify for or become entitled to any compensation, benefit, or any incident of employment by City, including but not limited to eligibility to enroll in the California Public Employees Retirement System ("PERS") as an employee of City and entitlement to any contribution to be paid by City for employer contributions and/or employee contributions for PERS benefits. Contracting Party agrees to pay all required taxes on amounts paid to Contracting Party under this Agreement, and to indemnify and hold City harmless from any and all taxes, assessments, penalties, and interest asserted against City by reason of the independent contractor relationship created by this Agreement. Contracting Party shall fully comply with the workers' compensation laws regarding Contracting Party and Contracting Party's employees. Contracting Party further agrees to indemnify and hold City harmless from any failure of Contracting Party to comply with applicable workers' compensation laws. City shall have the right to offset against the amount of any payment due to Contracting Party under this Agreement any amount due to City from Contracting Party as a result of Contracting Party's failure to promptly pay to City any reimbursement or indemnification arising under this Section. -6- 4.5 Identity of Persons Performing Work. Contracting Party represents that it employs or will employ at its own expense all personnel required for the satisfactory performance of any and all of the Services set forth herein. Contracting Party represents that the Services required herein will be performed by Contracting Party or under its direct supervision, and that all personnel engaged in such work shall be fully qualified and shall be authorized and permitted under applicable State and local law to perform such tasks and services. 4.6 City Cooperation. City shall provide Contracting Party with any plans, publications, reports, statistics, records, or other data or information pertinent to the Services to be performed hereunder which are reasonably available to Contracting Party only from or through action by City. 5. INSURANCE. 5.1 Insurance. Prior to the beginning of any Services under this Agreement and throughout the duration of the term of this Agreement, Contracting Party shall procure and maintain, at its sole cost and expense, and submit concurrently with its execution of this Agreement, policies of insurance as set forth in "Exhibit E" (the "Insurance Requirements") which is incorporated herein by this reference and expressly made a part hereof. 5.2 Proof of Insurance. Contracting Party shall provide Certificate of Insurance to City along with all required endorsements. Certificate of Insurance and endorsements must be approved by City's Risk Manager prior to commencement of performance. 6. INDEMNIFICATION. 6.1 Indemnification. To the fullest extent permitted by law, Contracting Party shall indemnify, protect, defend (with counsel selected by City), and hold harmless City and any and all of its officers, employees, agents, and volunteers as set forth in "Exhibit F" ("Indemnification") which is incorporated herein by this reference and expressly made a part hereof. 7. RECORDS AND REPORTS. 7.1 Reports. Contracting Party shall periodically prepare and submit to the Contract Officer, or assigned designee, such reports concerning Contracting Party's performance of the Services required by this Agreement as the Contract Officer, or assigned designee, shall require. Contracting Party hereby acknowledges that City is greatly concerned about the cost of the Services to be performed pursuant to this Agreement. For this reason, Contracting Party agrees that if Contracting Party becomes aware of any facts, circumstances, techniques, or events that may or will materially increase or decrease the cost of the Services contemplated herein or, if Contracting Party is providing design services, the cost of the project being designed, Contracting Party shall promptly notify the Contract Officer, or assigned designee, of said fact, circumstance, technique, or event and the estimated increased or decreased cost related -7- thereto and, if Contracting Party is providing design services, the estimated increased or decreased cost estimate for the project being designed. 7.2 Records. Contracting Party shall keep, and require any subcontractors to keep, such ledgers, books of accounts, invoices, vouchers, canceled checks, reports (including but not limited to payroll reports), studies, or other documents relating to the disbursements charged to City and the Services performed hereunder (the "Books and Records"), as shall be necessary to perform the Services required by this Agreement and enable the Contract Officer, or assigned designee, to evaluate the performance of such Services. Any and all such Books and Records shall be maintained in accordance with generally accepted accounting principles and shall be complete and detailed. The Contract Officer, or assigned designee, shall have full and free access to such Books and Records at all times during normal business hours of City, including the right to inspect, copy, audit, and make records and transcripts from such Books and Records. Such Books and Records shall be maintained for a period of three (3) years following completion of the Services hereunder, and City shall have access to such Books and Records in the event any audit is required. In the event of dissolution of Contracting Party's business, custody of the Books and Records may be given to City, and access shall be provided by Contracting Party's successor in interest. Under California Government Code Section 8546.7, if the amount of public funds expended under this Agreement exceeds Ten Thousand Dollars ($10,000.00), this Agreement shall be subject to the examination and audit of the State Auditor, at the request of City or as part of any audit of City, for a period of three (3) years after final payment under this Agreement. 7.3 Ownership of Documents. All drawings, specifications, maps, designs, photographs, studies, surveys, data, notes, computer files, reports, records, documents, and other materials plans, drawings, estimates, test data, survey results, models, renderings, and other documents or works of authorship fixed in any tangible medium of expression, including but not limited to, physical drawings, digital renderings, or data stored digitally, magnetically, or in any other medium prepared or caused to be prepared by Contracting Party, its employees, subcontractors, and agents in the performance of this Agreement (the "Documents and Materials") shall be the property of City and shall be delivered to City upon request of the Contract Officer, or assigned designee, or upon the expiration or termination of this Agreement, and Contracting Party shall have no claim for further employment or additional compensation as a result of the exercise by City of its full rights of ownership use, reuse, or assignment of the Documents and Materials hereunder. Any use, reuse or assignment of such completed Documents and Materials for other projects and/or use of uncompleted documents without specific written authorization by Contracting Party will be at City's sole risk and without liability to Contracting Party, and Contracting Party's guarantee and warranties shall not extend to such use, revise, or assignment. Contracting Party may retain copies of such Documents and Materials for its own use. Contracting Party shall have an unrestricted right to use the concepts embodied therein. All subcontractors shall provide for assignment to City of any Documents and Materials prepared by them, and in the event Contracting Party fails to secure such assignment, Contracting Party shall indemnify City for all damages resulting therefrom. -8- 7.4 In the event City or any person, firm, or corporation authorized by City reuses said Documents and Materials without written verification or adaptation by Contracting Party for the specific purpose intended and causes to be made or makes any changes or alterations in said Documents and Materials, City hereby releases, discharges, and exonerates Contracting Party from liability resulting from said change. The provisions of this clause shall survive the termination or expiration of this Agreement and shall thereafter remain in full force and effect. 7.5 Licensing of Intellectual Property. This Agreement creates a non-exclusive and perpetual license for City to copy, use, modify, reuse, or sublicense any and all copyrights, designs, rights of reproduction, and other intellectual property embodied in the Documents and Materials. Contracting Party shall require all subcontractors, if any, to agree in writing that City is granted a non-exclusive and perpetual license for the Documents and Materials the subcontractor prepares under this Agreement. Contracting Party represents and warrants that Contracting Party has the legal right to license any and all of the Documents and Materials. Contracting Party makes no such representation and warranty in regard to the Documents and Materials which were prepared by design professionals other than Contracting Party or provided to Contracting Party by City. City shall not be limited in any way in its use of the Documents and Materials at any time, provided that any such use not within the purposes intended by this Agreement shall be at City's sole risk. 7.6 Release of Documents. The Documents and Materials shall not be released publicly without the prior written approval of the Contract Officer, or assigned designee, or as required by law. Contracting Party shall not disclose to any other entity or person any information regarding the activities of City, except as required by law or as authorized by City. 7.7 Confidential or Personal Identifying Information. Contracting Party covenants that all City data, data lists, trade secrets, documents with personal identifying information, documents that are not public records, draft documents, discussion notes, or other information, if any, developed or received by Contracting Party or provided for performance of this Agreement are deemed confidential and shall not be disclosed by Contracting Party to any person or entity without prior written authorization by City or unless required by law. City shall grant authorization for disclosure if required by any lawful administrative or legal proceeding, court order, or similar directive with the force of law. All City data, data lists, trade secrets, documents with personal identifying information, documents that are not public records, draft documents, discussions, or other information shall be returned to City upon the termination or expiration of this Agreement. Contracting Party's covenant under this section shall survive the termination or expiration of this Agreement. 8. ENFORCEMENT OF AGREEMENT. 8.1 California Law. This Agreement shall be interpreted, construed, and governed both as to validity and to performance of the parties in accordance with the laws of the State of California. Legal actions concerning any dispute, claim, or matter arising -9- out of or in relation to this Agreement shall be instituted in the Superior Court of the County of Riverside, State of California, or any other appropriate court in such county, and Contracting Party covenants and agrees to submit to the personal jurisdiction of such court in the event of such action. 8.2 Disputes. In the event of any dispute arising under this Agreement, the injured party shall notify the injuring party in writing of its contentions by submitting a claim therefore. The injured party shall continue performing its obligations hereunder so long as the injuring party commences to cure such default within ten (10) days of service of such notice and completes the cure of such default within forty-five (45) days after service of the notice, or such longer period as may be permitted by the Contract Officer, or assigned designee; provided that if the default is an immediate danger to the health, safety, or general welfare, City may take such immediate action as City deems warranted. Compliance with the provisions of this Section shall be a condition precedent to termination of this Agreement for cause and to any legal action, and such compliance shall not be a waiver of any party's right to take legal action in the event that the dispute is not cured, provided that nothing herein shall limit City's right to terminate this Agreement without cause pursuant to this Article 8.0. During the period of time that Contracting Party is in default, City shall hold all invoices and shall, when the default is cured, proceed with payment on the invoices. In the alternative, City may, in its sole discretion, elect to pay some or all of the outstanding invoices during any period of default. 8.3 Retention of Funds. City may withhold from any monies payable to Contracting Party sufficient funds to compensate City for any losses, costs, liabilities, or damages it reasonably believes were suffered by City due to the default of Contracting Party in the performance of the Services required by this Agreement. 8.4 Waiver. No delay or omission in the exercise of any right or remedy of a non -defaulting party on any default shall impair such right or remedy or be construed as a waiver. City's consent or approval of any act by Contracting Party requiring City's consent or approval shall not be deemed to waive or render unnecessary City's consent to or approval of any subsequent act of Contracting Party. Any waiver by either party of any default must be in writing and shall not be a waiver of any other default concerning the same or any other provision of this Agreement. 8.5 Rights and Remedies are Cumulative. Except with respect to rights and remedies expressly declared to be exclusive in this Agreement, the rights and remedies of the parties are cumulative and the exercise by either party of one or more of such rights or remedies shall not preclude the exercise by it, at the same or different times, of any other rights or remedies for the same default or any other default by the other party. 8.6 Legal Action. In addition to any other rights or remedies, either party may take legal action, at law or at equity, to cure, correct, or remedy any default, to recover damages for any default, to compel specific performance of this Agreement, to obtain declaratory or injunctive relief, or to obtain any other remedy consistent with the purposes of this Agreement. -10- 8.7 Omitted. 8.8 Termination for Default of Contracting Party. If termination is due to the failure of Contracting Party to fulfill its obligations under this Agreement, Contracting Party shall vacate any City -owned property which Contracting Party is permitted to occupy hereunder and City may, after compliance with the provisions of Section 8.2, take over the Services and prosecute the same to completion by contract or otherwise, and Contracting Party shall be liable to the extent that the total cost for completion of the Services required hereunder exceeds the compensation herein stipulated (provided that City shall use reasonable efforts to mitigate such damages), and City may withhold any payments to Contracting Party for the purpose of setoff or partial payment of the amounts owed City. 8.9 Attorneys' Fees. If either party to this Agreement is required to initiate or defend or made a party to any action or proceeding in any way connected with this Agreement, the prevailing party in such action or proceeding, in addition to any other relief which may be granted, whether legal or equitable, shall be entitled to reasonable attorneys' fees; provided, however, that the attorneys' fees awarded pursuant to this Section shall not exceed the hourly rate paid by City for legal services multiplied by the reasonable number of hours spent by the prevailing party in the conduct of the litigation. Attorneys' fees shall include attorneys' fees on any appeal, and in addition a party entitled to attorneys' fees shall be entitled to all other reasonable costs for investigating such action, taking depositions and discovery, and all other necessary costs the court allows which are incurred in such litigation. All such fees shall be deemed to have accrued on commencement of such action and shall be enforceable whether or not such action is prosecuted to judgment. The court may set such fees in the same action or in a separate action brought for that purpose. 9. CITY OFFICERS AND EMPLOYEES; NONDISCRIMINATION. 9.1 Non -liability of City Officers and Employees. No officer, official, employee, agent, representative, or volunteer of City shall be personally liable to Contracting Party, or any successor in interest, in the event or any default or breach by City or for any amount which may become due to Contracting Party or to its successor, or for breach of any obligation of the terms of this Agreement. 9.2 Conflict of Interest. Contracting Party covenants that neither it, nor any officer or principal of it, has or shall acquire any interest, directly or indirectly, which would conflict in any manner with the interests of City or which would in any way hinder Contracting Party's performance of the Services under this Agreement. Contracting Party further covenants that in the performance of this Agreement, no person having any such interest shall be employed by it as an officer, employee, agent, or subcontractor without the express written consent of the Contract Officer, or assigned designee. Contracting Party agrees to at all times avoid conflicts of interest or the appearance of any conflicts of interest with the interests of City in the performance of this Agreement. -11- No officer or employee of City shall have any financial interest, direct or indirect, in this Agreement nor shall any such officer or employee participate in any decision relating to this Agreement which effects his financial interest or the financial interest of any corporation, partnership or association in which he is, directly or indirectly, interested, in violation of any State statute or regulation. Contracting Party warrants that it has not paid or given and will not pay or give any third party any money or other consideration for obtaining this Agreement. 9.3 Covenant against Discrimination. Contracting Party covenants that, by and for itself, its heirs, executors, assigns, and all persons claiming under or through them, that there shall be no discrimination against or segregation of, any person or group of persons on account of any impermissible classification including, but not limited to, race, color, creed, religion, sex, marital status, sexual orientation, national origin, or ancestry in the performance of this Agreement. Contracting Party shall take affirmative action to ensure that applicants are employed and that employees are treated during employment without regard to their race, color, creed, religion, sex, marital status, sexual orientation, national origin, or ancestry. 10. MISCELLANEOUS PROVISIONS. 10.1 Notice. Any notice, demand, request, consent, approval, or communication either party desires or is required to give the other party or any other person shall be in writing and either served personally or sent by prepaid, first-class mail to the address set forth below. Either party may change its address by notifying the other party of the change of address in writing. Notice shall be deemed communicated forty-eight (48) hours from the time of mailing if mailed as provided in this Section. To City: CITY OF LA QUINTA Attention: 78495 Calle Tampico La Quinta, California 92253 To Contracting Party: FLOCK GROUP INC. ATTN: Legal 1170 Howell Mill Road NW, Ste 210 Atlanta, GA 30318 10.2 Interpretation. The terms of this Agreement shall be construed in accordance with the meaning of the language used and shall not be construed for or against either party by reason of the authorship of this Agreement or any other rule of construction which might otherwise apply. 10.3 Section Headings and Subheadings. The section headings and subheadings contained in this Agreement are included for convenience only and shall not limit or otherwise affect the terms of this Agreement. -12- 10.4 Counterparts. This Agreement may be executed in counterparts, each of which shall be deemed to be an original, and such counterparts shall constitute one and the same instrument. 10.5 Integrated Agreement. This Agreement including the exhibits hereto is the entire, complete, and exclusive expression of the understanding of the parties. It is understood that there are no oral agreements between the parties hereto affecting this Agreement and this Agreement supersedes and cancels any and all previous negotiations, arrangements, agreements, and understandings, if any, between the parties, and none shall be used to interpret this Agreement. 10.6 Amendment. No amendment to or modification of this Agreement shall be valid unless made in writing and approved by Contracting Party and by the City Council of City. The parties agree that this requirement for written modifications cannot be waived and that any attempted waiver shall be void. 10.7 Severability. In the event that any one or more of the articles, phrases, sentences, clauses, paragraphs, or sections contained in this Agreement shall be declared invalid or unenforceable, such invalidity or unenforceability shall not affect any of the remaining articles, phrases, sentences, clauses, paragraphs, or sections of this Agreement which are hereby declared as severable and shall be interpreted to carry out the intent of the parties hereunder unless the invalid provision is so material that its invalidity deprives either party of the basic benefit of their bargain or renders this Agreement meaningless. 10.8 Unfair Business Practices Claims. In entering into this Agreement, Contracting Party offers and agrees to assign to City all rights, title, and interest in and to all causes of action it may have under Section 4 of the Clayton Act (15 U.S.C. § 15) or under the Cartwright Act (Chapter 2, (commencing with Section 16700) of Part 2 of Division 7 of the Business and Professions Code), arising from purchases of goods, services, or materials related to this Agreement. This assignment shall be made and become effective at the time City renders final payment to Contracting Party without further acknowledgment of the parties. 10.9 No Third -Party Beneficiaries. With the exception of the specific provisions set forth in this Agreement, there are no intended third -party beneficiaries under this Agreement and no such other third parties shall have any rights or obligations hereunder. 10.10 Authority. The persons executing this Agreement on behalf of each of the parties hereto represent and warrant that (i) such party is duly organized and existing, (ii) they are duly authorized to execute and deliver this Agreement on behalf of said party, (iii) by so executing this Agreement, such party is formally bound to the provisions of this Agreement, and (iv) that entering into this Agreement does not violate any provision of any other Agreement to which said party is bound. This Agreement shall be binding upon the heirs, executors, administrators, successors, and assigns of the parties. [SIGNATURES ON FOLLOWING PAGE] -13- IN WITNESS WHEREOF, the parties have executed this Agreement as of the dates stated below. CITY OF LA QUINTA, a California Municipal Corporation JON Mc _EN, City Manager __- ity-o La Quinta California Dated: ATTEST: OZ MONIKA RAtEVI4 City Clerk City of La Quinta, alifornia APPROVED AS TO FORM: WILLIAM H. IHRKE, City Attorney City of La Quinta, California -14- CONTRACTING PARTY: SIGNED IN COUNTERPART By: Name: Title: By: Name: Title: Docusign Envelope ID: DB01465F-FA3E-4DBF-BF15-BE247A5FOEBC IN WITNESS WHEREOF, the parties have executed this Agreement as of the dates stated below. CITY OF LA QUINTA, a California Municipal Corporation SIGNED IN COUNTERPART JON McMILLEN, City Manager City of La Quinta, California Dated: CONLTTING PARTY: By: earl 1aIey°"r.. Name. Title: Chief Legal Officer ATTEST: By: Name: Title: SIGNED IN COUNTERPART MONIKA RADEVA, City Clerk City of La Quinta, California APPROVED AS TO FORM: SIGNED IN COUNTERPART WILLIAM H. IHRKE, City Attorney City of La Quinta, California -14- Exhibit A Scope of Services Master Services Agreement ("MSA") This Master Services Agreement (this "MSA") is entered into by and between Flock Group Inc. with a place of business at 1170 Howell Mill Road NW Suite 210, Atlanta, GA 30318 ("Flock") and the City of La Quinta and identified herein as the "Customer" (each a "Party," and together, the "Parties"). This MSA is effective (the "Effective Date") on the date of commencement of the Initial Term as set forth in Section 3.4 of the AGREEMENT FOR CONTRACT SERVICES ("Contract Services Agreement"), to which this MSA is attached as Exhibit A. Parties will sign an Order Form ("Order Form") which will describe the Flock Services to be performed and the period for performance, attached hereto as part of this Exhibit A. RECITALS WHEREAS, Flock offers a software and hardware situational awareness solution for automatic license plates, video and audio detection through Flock's technology platform (the "Flock Services"), and upon detection, the Flock Services are capable of capturing audio, video, image, and recording data and can provide notifications to Customer upon the instructions of Authorized End User(s) (as defined below) ("Notifications"); WHEREAS, Customer desires access to the Flock Services (defined below) on existing devices, provided by Customer, or Flock provided Flock Hardware (as defined below) in order to create, view, search and archive Footage and receive Notifications (where there is an investigative or bona fide lawful purpose), via the Flock Services; and WHEREAS, as described in the definition of Retention Period and this MSA, Flock deletes all Footage on a rolling thirty (30) day basis, and Customer is responsible for extracting, downloading and archiving Footage from the Flock System on its own storage devices for auditing for prosecutorial/administrative purposes; and Exhibit A Page 1 of 21 Last revised summer 2017 NOW THEREFORE, in consideration of the mutual promises and covenants set forth herein, the Parties agree as follows: 1. DEFINITIONS Certain capitalized terms, not otherwise defined herein, have the meanings set forth or cross- referenced in this Section 1. 1.1 "Agreement" means the Contract Services Agreement, and "MSA" means (a) this Master Services Agreement (attached as Exhibit A to the Contract Services Agreement), (b) the order form to be provided (and also attached as part of this Exhibit A) ("Order Form"), and (c) any document incorporated by reference in section 11.4 that is not inconsistent with the Contract Services Agreement. 1.2 "Anonymized Data" means Customer Data permanently stripped of identifying details and any potential personally identifiable information, by commercially available standards which irreversibly alters data in such a way that a data subject (i.e., individual person or entity) can no longer be identified directly or indirectly. 1.3 "Authorized End User(s)" means any individual employees, agents, or contractors of Customer accessing or using the Services, under the rights granted to Customer pursuant to this MSA. 1.4 "Customer Data" means the data, media, and content provided by Customer through the Services. For the avoidance of doubt, the Customer Data will include the Footage. 1.5. "Customer Hardware" means the third -party camera owned or provided by Customer and any other physical elements that interact with the Embedded Software and the Web Interface to provide the Services. 1.6 "Effective Date" has the meaning in the Preamble to this MSA (above). 1.7 "Embedded Software" means the Flock proprietary software and/or firmware integrated with or installed on the Flock Hardware or Customer Hardware. 1.8 "Flock Hardware" means the Flock device(s), which may include the pole, clamps, solar panel, installation components, and any other physical elements that interact with the Embedded Exhibit A Page 2 of 21 Software and the Web Interface, to provide the Flock Services as specifically set forth in the applicable Order Form. 1.9 "Flock IP" means the Services, the Embedded Software, and any intellectual property or proprietary information therein or otherwise provided to Customer and/or its Authorized End Users. Flock IP does not include Footage (as defined below). 1.10 "Flock Services" or "Services" means the provision of Flock's software and hardware situational awareness solution, via the Web Interface, for automatic license plate detection, alerts, audio detection, searching image records, video and sharing Footage. 1.11 "Footage" means still images, video, audio, and other data captured by the Flock Hardware or Customer Hardware in the course of and provided via the Flock Services. 1.12 "Integration Data" means any distribution of data from a Customer requested third party integration. 1.13"Installation Services" means the services provided by Flock for installation of Flock Services. 1.13.5 "MSA" has the meaning in Section 1.1 above. 1.14 "Permitted Purpose" means for legitimate public safety and/or business purpose, including but not limited to the awareness, prevention, and prosecution of crime; investigations; and prevention of commercial harm, to the extent permitted by law. 1.15 "Retention Period" means the time period that the Customer Data is stored within the cloud storage, as specified in the applicable Order Form. Flock deletes all Footage on a rolling thirty (30) day basis, except as otherwise stated on the Order Form. Customer shall be responsible for extracting, downloading and archiving Footage from the Flock Services on its own storage devices. 1.16 "Term" means the date, unless otherwise stated in the Order Form, upon which the cameras are validated by both Parties as operational. 1.17 "Web Interface" means the website(s) or application(s) through which Customer and its Authorized End Users can access the Services. 2. SERVICES AND SUPPORT 2.1 Provision of Access. Flock hereby grants to Customer a non-exclusive, non -transferable right to access the features and functions of the Flock Services via the Web Interface during the Term, solely for the Authorized End Users. The Footage will be available for Authorized End Users to Exhibit A Page 3 of 21 access and download via the Web Interface for the Retention Period. Authorized End Users will be required to sign up for an account and select a password and username (" User ID"). Subject to the provisions in the next paragraph of this Section 2.1, Customer shall be responsible for all acts and omissions of Authorized End Users. Customer shall undertake reasonable efforts to make all Authorized End Users aware of all applicable provisions of this MSA and shall cause Authorized End Users to comply with such provisions. Flock may use the services of one or more third parties to deliver any part of the Flock Services, (such as using a third party to host the Web Interface for cloud storage or a cell phone provider for wireless cellular coverage) which makes the Services available to Customer and Authorized End Users. In clarification of the preceding paragraph, Customer contracts for specified law enforcement, public safety, and peace officer services with the Riverside County Sheriff's Office ("Sheriff's Office"), which is under the jurisdiction of the County of Riverside ("Riverside County"), a political subdivision of the State of California. Pursuant to Section 2.1 of that certain Agreement for Law Enforcement Services, effective July 1, 2025 through June 30, 2027 ("Law Enforcement Agreement"), the Sheriff's Office is the exclusive provider of specified law enforcement, public safety, and peace officer services within the Customer's territorial boundary, and pursuant to Section 6.1 of the Law Enforcement Agreement, all persons employed by the Sheriff's Office are Riverside County employees. As such, and notwithstanding any provisions in the preceding paragraph to the contrary, any act or omission by an Authorized End User who is employed in the Sheriff's Office, which would constitute a breach of this MSA, shall be deemed a breach of this MSA by the Sheriff's Office and Riverside County pursuant to the Riverside County indemnification obligation to Customer under Section 8.2 of the Law Enforcement Agreement. Customer acknowledges and agrees that any enforcement of Riverside County's indemnification obligation under the Law Enforcement Agreement shall be the sole obligation of Customer. 2.2 Embedded Software License. Flock grants Customer a limited, non-exclusive, non- transferable, non-sublicensable (except to the Authorized End Users), revocable right to use the Embedded Software as it pertains to Flock Services, solely as necessary for Customer to use the Flock Services. 2.3 Support Services. Flock shall monitor the Flock Services, and any applicable device health, in order to improve performance and functionality. Flock will use commercially reasonable efforts Exhibit A Page 4 of 21 to respond to requests for support within seventy-two (72) hours. Flock will provide Customer with reasonable technical and on -site support and maintenance services in -person, via phone or by email at support@flocksafety.com (such services collectively referred to as "Support Services"). 2.4 Updates to Platform. Flock may make any updates to system or platform that it deems necessary or useful to (i) maintain or enhance the quality or delivery of Flock's products or services to its agencies, the competitive strength of, or market for, Flock's products or services, such platform or system's cost efficiency or performance, or (ii) to comply with applicable law. Parties understand that such updates are necessary from time to time and will not diminish the quality of the services or materially change any terms or conditions within this MSA. 2.5 Service Interruption. Services may be interrupted in the event that: (a) Flock's provision of the Services to Customer or any Authorized End User is prohibited by applicable law; (b) any third -party services required for Services are interrupted; (c) if Services are being used for malicious, unlawful, or otherwise unauthorized use; (d) there is a threat or attack on any of the Flock IP by a third party; or (e) scheduled or emergency maintenance ("Service Interruption"). Flock will make commercially reasonable efforts to provide written notice of any Service Interruption to Customer, to provide updates, and to resume providing access to Flock Services as soon as reasonably possible after the event giving rise to the Service Interruption is cured. Flock will have no liability for any damage, liabilities, losses (including any loss of data or profits), or any other consequences that Customer or any Authorized End User may incur as a result of a Service Interruption. To the extent that the Service Interruption is not caused by Customer's direct actions or by the actions of parties associated with the Customer, the time will be tolled by the duration of the Service Interruption (for any continuous suspension lasting at least one full day). For example, in the event of a Service Interruption lasting five (5) continuous days, Customer will receive a credit for five (5) free days at the end of the Term. 2.6 Service Suspension. Flock may temporarily suspend Customer's and any Authorized End User's access to any portion or all of the Flock IP or Flock Service if (a) there is a threat or attack on any of the Flock IP by Customer; (b) Customer's or any Authorized End User's use of the Flock IP disrupts or poses a security risk to the Flock IP or any other customer or vendor of Flock; (c) Customer or any Authorized End User is/are using the Flock IP for fraudulent or illegal activities; (d) Customer has violated any term of this provision, including, but not limited to, utilizing Flock Services for anything other than the Permitted Purpose; or (e) any unauthorized access to Flock Exhibit A Page 5 of 21 Services through Customer's account ("Service Suspension"). Customer shall not be entitled to any remedy for the Service Suspension period, including any reimbursement, tolling, or credit. If the Service Suspension was not caused by Customer, the Term will be tolled by the duration of the Service Suspension. 2.7 Hazardous Conditions. Flock Services do not contemplate hazardous materials, or other hazardous conditions, including, without limit, asbestos, lead, or toxic or flammable substances. In the event any such hazardous materials are discovered in the designated locations in which Flock is to perform services under this MSA, Flock shall have the right to cease work immediately in the area affected until such materials are removed or rendered harmless. 3. CUSTOMER OBLIGATIONS 3.1 Customer Obligations. Flock will assist Customer Authorized End Users in the creation of a User ID. Authorized End Users agree to provide Flock with accurate, complete, and updated registration information. Authorized End Users may not select as their User ID, a name that they do not have the right to use, or any other name with the intent of impersonation. Customer and Authorized End Users may not transfer their account to anyone else without prior written permission of Flock. Authorized End Users shall not share their account username or password information and must protect the security of the username and password. Unless otherwise stated and defined in this MSA, Customer shall not designate Authorized End Users for persons who are not officers, employees, or agents of Customer. Authorized End Users shall only use Customer - issued email addresses for the creation of their User ID. Customer is responsible for any Authorized End User activity associated with its account. Customer shall ensure that Customer provides Flock with up-to-date contact information at all times during the Term of this MSA. Customer shall be responsible for obtaining and maintaining any equipment and ancillary services needed to connect to, access or otherwise use the Flock Services (e.g., laptops, internet connection, mobile devices, etc.). Customer shall (at its own expense) provide Flock with reasonable access and use of Customer facilities and Customer personnel in order to enable Flock to perform Services (such obligations of Customer are collectively defined as "Customer Obligations"). In clarification of the preceding paragraph, Customer contracts for law enforcement, public safety, and peace officer services with the Sheriff's Office, which is under the jurisdiction of Riverside County, a political subdivision of the State of California. Pursuant to Section 2.1 of the Exhibit A Page 6 of 21 Law Enforcement Agreement (effective July 1, 2025 through June 30, 2027), the Sheriff's Office is the exclusive provider of law enforcement, public safety, and peace officer services within the Customer's territorial boundary, and pursuant to Section 6.1 of the Law Enforcement Agreement, all persons employed by the Sheriff's Office are Riverside County employees. As such, and notwithstanding any provisions in the preceding paragraph to the contrary, Customer may identify Authorized End Users and User IDs for persons who are employed by Riverside County in the Sheriff's Office who are under contract with Customer to provide law enforcement, public safety, and peace officer services for the City of La Quinta, and Customer may transfer or share its account or password for use by any such law enforcement employees. 3.2 Customer Representations and Warranties. Customer represents, covenants, and warrants that Customer shall use Flock Services only in compliance with this MSA and all applicable laws and regulations, including but not limited to any laws relating to the recording or sharing of data, video, photo, or audio content. 4. DATA USE AND LICENSING 4.1 Customer Data. As between Flock and Customer, all right, title and interest in the Customer Data, belong to and are retained solely by Customer. Customer hereby grants to Flock a limited, non-exclusive, royalty -free, irrevocable, worldwide license to use the Customer Data and perform all acts as may be necessary for Flock to provide the Flock Services to Customer. Flock does not own and shall not sell Customer Data. 4.2 Customer Generated Data. Flock may provide Customer with the opportunity to post, upload, display, publish, distribute, transmit, broadcast, or otherwise make available, messages, text, illustrations, files, images, graphics, photos, comments, sounds, music, videos, information, content, ratings, reviews, data, questions, suggestions, or other information or materials produced by Customer ("Customer Generated Data"). Customer shall retain whatever legally cognizable right, title, and interest in Customer Generated Data. Customer understands and acknowledges that Flock has no obligation to monitor or enforce Customer's intellectual property rights of Customer Generated Data. Customer grants Flock a non-exclusive, irrevocable, worldwide, royalty -free, license to use the Customer Generated Data for the purpose of providing Flock Services. Flock does not own and shall not sell Customer Generated Data. Exhibit A Page 7 of 21 4.3 Anonymized Data. Flock shall have the right to collect, analyze, and anonymize Customer Data and Customer Generated Data to the extent such anonymization renders the data non - identifiable to create Anonymized Data to use and perform the Services and related systems and technologies, including the training of machine learning algorithms. Customer hereby grants Flock a non-exclusive, worldwide, perpetual, royalty -free right to use and distribute such Anonymized Data to improve and enhance the Services and for other development, diagnostic and corrective purposes, and other Flock offerings. Parties understand that the aforementioned license is required for continuity of Services. Flock does not own and shall not sell Anonymized Data. 4.4 Data Distribution. Customer may, upon request, choose to integrate Flock Services with a third party to either distribute Integration Data or Customer Data (such third party, "Recipient"). Upon such request, Customer hereby grants to Flock a non-exclusive, non -transferable, royalty - free, perpetual license to access, share, view, record, duplicate, store, save, reproduce, modify, display, and distribute Customer Data and/or Integration Data, as required by the requested distribution. Customer acknowledges that such data may be viewed, recorded, duplicated, stored, saved, reproduced, modified, displayed, distributed, and retained by Recipient for a period longer than Flock's standard retention period and hereby provides consent to such retention period. Unless expressly listed in the Order Form, the provision, access, or use of any Application Programming Interfaces ("APIs") is not included under this MSA. Any rights, licenses, or obligations related to APIs shall be governed solely by the terms set forth in the Order Form or a separate agreement between the parties. 5. CONFIDENTIALITY; DISCLOSURES 5.1 Confidentiality. To the extent required by any applicable public records requests (including requests under the California Public Records Act, Government Code section 7920.000 et seq. ("PRA")), each Party (the "Receiving Party") understands that the other Party (the "Disclosing Party") has disclosed or may disclose business, technical or financial information relating to the Disclosing Party's business (hereinafter referred to as "Proprietary Information" of the Disclosing Party). Proprietary Information of Flock includes non-public information provided by the Disclosing Party to the Receiving Party regarding features, functionality and performance of this MSA. Proprietary Information of Customer includes non-public data provided by Customer to Flock or collected by Flock via Flock Services, which includes but is not limited to geolocation information and environmental data collected by sensors. The Receiving Party agrees: (i) to take Exhibit A Page 8 of 21 the same security precautions to protect against disclosure or unauthorized use of such Proprietary Information that the Party takes with its own proprietary information, but in no event less than commercially reasonable precautions, and (ii) not to use (except in performance of the Services or as otherwise permitted herein) or divulge to any third person any such Proprietary Information. The Disclosing Party agrees that the foregoing shall not apply with respect to any information that the Receiving Party can document (a) is or becomes generally available to the public; or (b) was in its possession or known by it prior to receipt from the Disclosing Party; or (c) was rightfully disclosed to it without restriction by a third party; or (d) was independently developed without use of any Proprietary Information of the Disclosing Party. Nothing in this MSA will prevent Customer for complying with disclosures of documents or information required pursuant to the PRA, nor prevent the Receiving Party from disclosing the Proprietary Information pursuant to any judicial or governmental order, provided that the Receiving Party gives the Disclosing Party reasonable prior notice of such disclosure to contest such order, but failure by the Receiving Party to give such prior notice or the Disclosing Party to receive such prior notice shall not be a default or breach under the Contract Services Agreement or this MSA. At the termination of this MSA, all Proprietary Information will be returned to the Disclosing Party, destroyed or erased (if recorded on an erasable storage medium), together with any copies thereof, when no longer needed for the purposes above, or upon request from the Disclosing Party, and in any case upon termination of the MSA. Notwithstanding any termination, all confidentiality obligations of Proprietary Information that is trade secret shall continue in perpetuity or until such information is no longer trade secret. 5.2 Usage Restrictions on Flock IP. Flock and its licensors retain all right, title and interest in and to the Flock IP and its components, and Customer acknowledges that it neither owns nor acquires any additional rights in and to the foregoing not expressly granted by this MSA. Customer further acknowledges that Flock retains the right to use the foregoing for any purpose in Flock's sole discretion. Customer and Authorized End Users shall not: (i) directly or indirectly, reverse engineer, decompile, disassemble, or otherwise attempt to discover, or recreate the source code, object code or underlying structure, ideas or algorithm of the Flock Services or any software provided hereunder; modify, translate, or create derivative works based on the Flock Services or any software provided hereunder, (ii) attempt to modify, alter, tamper with or repair any of the Flock IP, or attempt to create any derivative product from any of the foregoing; (iii) interfere or Exhibit A Page 9 of 21 attempt to interfere in any manner with the functionality or proper working of any of the Flock IP; (iv) remove, obscure, or alter any notice of any intellectual property or proprietary right appearing on or contained within the Flock Services or Flock IP; (v) use the Flock Services for anything other than the Permitted Purpose; or (vi) assign, sublicense, sell, resell, lease, rent, or otherwise transfer, convey, pledge as security, or otherwise encumber, Customer's rights. There are no implied rights. 5.3 Disclosure of Footage. Flock or Customer may access, use, preserve and/or disclose the Footage to law enforcement authorities, government officials, and/or third parties, if legally required to do so or if Flock or Customer has a good faith belief that such access, use, preservation or disclosure is reasonably necessary to: (a) comply with a legal process or request; (b) enforce the MSA, including investigation of any potential violation thereof; (c) detect, prevent or otherwise address security, fraud or technical issues; or (d) protect the rights, property or safety of Flock and/or Customer, and their respective users, a third party, or the public as required or permitted by law, including respond to an emergency situation. Flock or Customer may store deleted Footage in order to comply with certain legal obligations, but such retained Footage will not be retrievable without a valid court order. 6. PAYMENT OF FEES 6.1 Billing and Payment of Fees. Customer shall pay the fees set forth in the applicable Order Form based on the billing structure and payment terms as indicated in the Order Form. To the extent the Order Form is silent, Customer shall pay all invoices pursuant to Exhibit B and Sections 2.1 and 2.2 of the Contract Services Agreement. 6.2 Notice of Changes to Fees. In the event of any changes to fees, Flock shall provide Customer with sixty (60) days' notice (email sufficient) prior to the end of the Initial Term or Renewal Term (as applicable). Any such changes to fees shall only impact subsequent Renewal Terms. 6.3 Taxes. To the extent Customer is not a tax exempt entity, Customer is responsible for all taxes, levies, or duties, excluding only taxes based on Flock's net income, imposed by taxing authorities associated with the order. If Flock has the legal obligation to pay or collect taxes, including amount subsequently assessed by a taxing authority, for which Customer is responsible, the appropriate amount shall be invoiced to and paid by Customer unless Customer provides Flock a legally sufficient tax exemption certificate and Flock shall not charge Customer any taxes from which it is exempt. If any deduction or withholding is required by law, Customer shall notify Flock and Exhibit A Page 10 of 21 shall pay Flock any additional amounts necessary to ensure that the net amount that Flock receives, after any deduction and withholding, equals the amount Flock would have received if no deduction or withholding had been required. 7. TERM AND TERMINATION 7.1 Term. The Term shall be as set forth Section 3.4 of the Contract Services Agreement. 7.2 Termination. Termination of the Contract Services Agreement (which includes this MSA) prior to expiration of the Term shall be governed by Section 8.7 of the Contract Services Agreement. Upon termination or expiration of this Agreement, Flock will remove any applicable Flock Hardware at a commercially reasonable time period. In the event of any material breach of this Agreement, then, in addition to the termination provision ins Section 8.8 of the Contract Services Agreement, the non -breaching Party may terminate this Agreement prior to the end of the Term by giving thirty (30) days prior written notice to the breaching Party; provided, however, that this Agreement will not terminate if the breaching Party has cured the breach prior to the expiration of such thirty (30) day period ("Cure Period"). Either Party may terminate this Agreement (i) upon the institution by or against the other Party of insolvency, receivership or bankruptcy proceedings, (ii) upon the other Party's making an assignment for the benefit of creditors, or (iii) upon the other Party's dissolution or ceasing to do business. In the event of a material breach by Flock, and Flock is unable to cure within the Cure Period, Flock will refund Customer a pro-rata portion of the pre -paid fees for Services not received due to such termination. 7.3 Survival. The following Sections in this MSA will survive termination: 1, 3, 5, 6, 7, 8.3, 8.4, 9, 10.1 and 11.6. 8. REMEDY FOR DEFECT; WARRANTY AND DISCLAIMER 8.1 Manufacturer Defect. Upon a malfunction or failure of Flock Hardware or Embedded Software (a "Defect"), Customer must notify Flock's technical support team. In the event of a Defect, Flock shall make a commercially reasonable attempt to repair or replace the defective Flock Hardware at no additional cost to the Customer. Flock reserves the right, in its sole discretion, to repair or replace such Defect, provided that Flock shall conduct inspection or testing within a commercially reasonable time, but no longer than seven (7) business days after Customer gives notice to Flock. Exhibit A Page 11 of 21 8.2 Replacements. In the event that Flock Hardware is lost, stolen, or damaged, Customer may request a replacement of Flock Hardware at a fee according to the reinstall fee schedule (https://www.flocksafety.com/reinstall-fee-schedule). In the event that Customer chooses not to replace lost, damaged, or stolen Flock Hardware, Customer understands and agrees that Flock is not liable for any resulting impact to Flock Service, nor shall Customer receive a refund for the lost, damaged, or stolen Flock Hardware. 8.3 Warranty. Flock shall use reasonable efforts consistent with prevailing industry standards to maintain the Services in a manner which minimizes errors and interruptions in the Services and shall perform the Installation Services in a professional and workmanlike manner. Services may be temporarily unavailable for scheduled maintenance or for unscheduled emergency maintenance, either by Flock or by third -party providers, or because of other causes beyond Flock's reasonable control, but Flock shall use reasonable efforts to provide advance notice in writing or by e-mail of any scheduled service disruption. 8.4 Disclaimer. THE REMEDY DESCRIBED IN SECTION 8.1 ABOVE IS CUSTOMER'S SOLE REMEDY, AND FLOCK'S SOLE LIABILITY, WITH RESPECT TO DEFECTS. FLOCK IS NOT LIABLE FOR ANY DAMAGES OR ISSUES ARISING FROM THIRD -PARTY DISTRIBUTIONS REQUESTED BY CUSTOMER. AFOREMENTIONED DISTRIBUTION IS AT CUSTOMER'S OWN RISK. FLOCK DOES NOT WARRANT THAT THE SERVICES WILL BE UNINTERRUPTED OR ERROR FREE; NOR DOES IT MAKE ANY WARRANTY AS TO THE RESULTS THAT MAY BE OBTAINED FROM USE OF THE SERVICES. EXCEPT AS EXPRESSLY SET FORTH IN THIS SECTION 8, THE SERVICES ARE PROVIDED "AS IS" AND FLOCK DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THIS DISCLAIMER ONLY APPLIES TO THE EXTENT ALLOWED BY THE GOVERNING LAW OF THE STATE MENTIONED IN SECTION 11.6. 8.5 Insurance. Flock will maintain commercial general liability policies with policy limits reasonably commensurate with the magnitude of Flock's business risk. Certificates of Insurance shall be provided. These insurance requirements are in addition to the provisions set forth in Sections 5.1 and 5.2 and Exhibit E of the Contract Services Agreement. Exhibit A Page 12 of 21 8.6 Force Majeure. Parties are not responsible or liable for any delays or failures in performance from any cause beyond their control, including, but not limited to acts of God, changes to law or regulations, embargoes, war, terrorist acts, pandemics (including the spread of variants), issues of national security, acts or omissions of third -party technology providers, riots, fires, earthquakes, floods, power blackouts, strikes, supply chain shortages of equipment or supplies, financial institution crisis, weather conditions or acts of hackers, internet service providers or any other third party acts or omissions. 9. LIMITATION OF LIABILITY; INDEMNITY 9.1 Limitation of Liability. SUBJECT TO FLOCK'S INSURANCE AND INDEMNIFICATION OBLIGATIONS UNDER THE CONTRACT SERVICES AGREEMENT, AND EXCEPT AS EXPRESSLY PROVIDED IN THE CONTRACT SERVICES AGREEMENT (WHICH INCLUDES EXHIBIT F), FLOCK, ITS OFFICERS, AFFILIATES, REPRESENTATIVES, CONTRACTORS AND EMPLOYEES SHALL NOT BE RESPONSIBLE OR LIABLE WITH RESPECT TO ANY ALLEGATIONS AND/OR ACTUAL DAMAGES (UNDER ANY BREACH OF CONTRACT, NEGLIGENCE, STRICT LIABILITY, PRODUCT LIABILITY, OR OTHER THEORY) FOR: (A) ERROR OR INTERRUPTION OF USE OF FLOCK SERVICES THAT IS BEYOND FLOCK'S ACTUAL KNOWLEDGE OR REASONABLE CONTROL; (B) LOSS OR INACCURACY, INCOMPLETENESS OR CORRUPTION OF DATA OR VIDEO/SURVEILLANCE FOOTAGE FROM FLOCK SERVICES THAT IS BEYOND FLOCK'S ACTUAL KNOWLEDGE OR REASONABLE CONTROL; (C) COST OF PROCUREMENT OF SUBSTITUTE GOODS, SERVICES OR TECHNOLOGY SIMILAR TO THE FLOCK SERVICES WHEN FLOCK IS NOT IN DEFAULT OR BREACH OF THE AGREEMENT OR THESE SUPPLEMENTAL TERMS; (D) LOSS OF BUSINESS; (E) ANY INDIRECT, EXEMPLARY, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES UNRELATED TO FLOCK'S CONTRACTUAL OBLIGATIONS TO CUSTOMER; (F) FOR ANY MATTER BEYOND FLOCK'S ACTUAL KNOWLEDGE OR REASONABLE CONTROL INCLUDING REPEAT CRIMINAL ACTIVITY OR INABILITY TO CAPTURE FOOTAGE; (G) ANY PUBLIC DISCLOSURE OF PROPRIETARY INFORMATION MADE IN GOOD FAITH AND NOT IN DEFAULT OR BREACH OF THE AGREEMENT OR THESE SUPPLEMENTAL TERMS; (H) CRIME PREVENTION; OR (I) FOR ANY AMOUNTS THAT, Exhibit A Page 13 of 21 TOGETHER WITH AMOUNTS ASSOCIATED WITH ALL OTHER CLAIMS, FOR WHICH FLOCK IS ADJUDICATED AND DETERMINED TO BE IN BREACH OF ITS CONTRACTUAL OBLIGATIONS, EXCEEDS TWO TIMES (2X) THE FEES PAID AND/OR PAYABLE BY CUSTOMER TO FLOCK FOR THE SERVICES UNDER THE CONTRACT SERVICES AGREEMENT. IN EACH CASE, WHETHER OR NOT FLOCK HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION OF LIABILITY OF SECTION ONLY APPLIES TO THE EXTENT ALLOWED BY THE GOVERNING LAW OF THE STATE REFERENCED IN SECTION 11.6. NOTWITHSTANDING ANYTHING TO THE CONTRARY, THE FOREGOING LIMITATIONS OF LIABILITY SHALL NOT APPLY (I) IN THE EVENT OF GROSS NEGLIGENCE OR WILLFUL MISCONDUCT, OR (II) INDEMNIFICATION OBLIGATIONS. 9.2 Responsibility. Each Party to this MSA shall assume the responsibility and liability for the acts and omissions of its own employees, officers, or agents, in connection with the performance of their official duties under this MSA. Each Party to this MSA shall be liable for the torts of its own officers, agents, or employees. 9.3 Flock Indemnity. Indemnification obligations are set forth in Section 6.1 and Exhibit F of the Contract Services Agreement. 10. INSTALLATION SERVICES AND OBLIGATIONS 10.1 Ownership of Hardware. Flock Hardware is owned and shall remain the exclusive property of Flock. Title to any Flock Hardware shall not pass to Customer upon execution of this MSA, except as otherwise specifically set forth in this MSA. Except as otherwise expressly stated in this MSA, Customer is not permitted to remove, reposition, re -install, tamper with, alter, adjust or otherwise take possession or control of Flock Hardware. Customer agrees and understands that in the event Customer is found to engage in any of the foregoing restricted actions, all warranties herein shall be null and void, and this MSA shall be subject to immediate termination for material breach by Customer. Customer shall not perform any acts which would interfere with the retention of title of the Flock Hardware by Flock. Should Customer default on any payment of the Flock Services, Flock may remove Flock Hardware at Flock's discretion. Such removal, if made by Flock, shall not be deemed a waiver of Flock's rights to any damages Flock may sustain as a result of Customer's default and Flock shall have the right to enforce any other legal remedy or right. Exhibit A Page 14 of 21 10.2 Deployment Plan. Flock shall advise Customer on the location and positioning of the Flock Hardware for optimal product functionality, as conditions and locations allow. Flock will collaborate with Customer to design the strategic geographic mapping of the location(s) and implementation of Flock Hardware to create a deployment plan ("Deployment Plan"). In the event that Flock determines that Flock Hardware will not achieve optimal functionality at a designated location, Flock shall have final discretion to veto a specific location, and will provide alternative options to Customer. 10.3 Changes to Deployment Plan. After installation of Flock Hardware, any subsequent requested changes to the Deployment Plan, including, but not limited to, relocating, re -positioning, adjusting of the mounting, removing foliage, replacement, changes to heights of poles will incur a fee according to the reinstall fee schedule located at (https://www.flocksafety.com/reinstall-fee- schedule). Customer will receive prior notice and has the right to confirm approval of or deny any such fees. 10.4 Customer Installation Obligations. Customer is responsible for any applicable supplementary cost as described in the Customer Implementation Guide, attached to this MSA. Customer represents and warrants that it has, or shall lawfully obtain, all necessary right title and authority and hereby authorizes Flock to install the Flock Hardware at the designated locations and to make any necessary inspections or maintenance in connection with such installation. 10.5 Flock's Obligations. Installation of any Flock Hardware shall be installed in a professional manner within a commercially reasonable time from the Effective Date. Upon removal of Flock Hardware, Flock shall restore the location to its original condition, ordinary wear and tear excepted. Flock will continue to monitor the performance of Flock Hardware for the length of the Term. Flock may use a subcontractor or third party to perform certain obligations under this MSA, provided that Flock's use of such subcontractor or third party shall not release Flock from any duty or liability to fulfill Flock's obligations under this MSA. 11. MISCELLANEOUS 11.1 Compliance with Laws. Parties shall comply with all applicable local, state and federal laws, regulations, policies and ordinances and their associated record retention schedules, including responding to any subpoena request(s). Exhibit A Page 15 of 21 11.2 Severability. If any provision of this MSA is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that this MSA will otherwise remain in full force and effect. 11.3 Assignment. This MSA is not assignable, transferable or sublicensable by either Party, without prior consent. Notwithstanding the foregoing, either Party may assign this MSA, without the other Party's consent, (i) to any parent, subsidiary, or affiliate entity, or (ii) to any purchaser of all or substantially all of such Party's assets or to any successor by way of merger, consolidation or similar transaction. 11.4 Entire MSA. This MSA, together with the Contract Services Agreement and all other attached exhibits, Order Form(s), the reinstall fee schedule (https://www.flocksafety.com/reinstall- fee-schedule), and any other attached exhibits are the complete and exclusive statement of the mutual understanding of the Parties and supersedes and cancels all previous or contemporaneous negotiations, discussions or agreements, whether written and oral, communications and other understandings relating to the subject matter of this MSA. All waivers and modifications must be in a writing signed by both Parties, except as otherwise provided herein. None of Customer's purchase orders, authorizations or similar documents will alter the terms of this MSA, and any such conflicting terms are expressly rejected. Any mutually agreed upon future purchase order is subject to these legal terms and does not alter the rights and obligations under this MSA, except that future purchase orders may outline additional products, services, quantities and billing terms to be mutually accepted by Parties. Customer agrees that Customer's purchase is neither contingent upon the delivery of any future functionality or features nor dependent upon any oral or written comments made by Flock with respect to future functionality or feature. 11.5 Relationship. No agency, partnership, joint venture, or employment is created as a result of this MSA and Parties do not have any authority of any kind to bind each other in any respect whatsoever. Flock shall at all times be and act as an independent contractor to Customer. 11.6 Governing Law; Venue. This MSA shall be governed by the laws of the state in which the Customer is located, which is the State of California. The Parties hereto agree that venue would be proper in courts with applicable jurisdiction in Riverside County, California, which is where the Customer is located. The Parties agree that the United Nations Convention for the International Sale of Goods is excluded in its entirety from this MSA. Exhibit A Page 16 of 21 11.7 Special Terms. Flock may offer certain special terms which are indicated in the Order Form and will become part of this MSA, upon Customer's prior written consent and the mutual execution by authorized representatives ("Special Terms"). To the extent that any terms of this MSA are inconsistent or conflict with the Special Terms, the Special Terms shall control. 11.8 Publicity. Upon prior written consent from Customer, Flock has the right to reference and use Customer's name and disclose the nature of the Services in business and development and marketing efforts. Nothing contained in this MSA shall be construed as conferring on any Party, any right to use the other Party's name as an endorsement of product/service. 11.9 Feedback. If Customer or Authorized End User provides suggestions for enhancement relating to the subject matter hereunder, Customer or Authorized End User hereby assigns to Flock all right, title and interest (including intellectual property rights) with respect to or resulting from any of the foregoing. 11.10 Export. Customer may not remove or export from the United States or allow the export or re-export of the Flock IP or anything related thereto, or any direct product thereof in violation of any restrictions, laws or regulations of the United States Department of Commerce, the United States Department of Treasury Office of Foreign Assets Control, or any other United States or foreign Customer or authority. As defined in Federal Acquisition Regulation ("FAR"), section 2.101, the Services, the Flock Hardware and Documentation are "commercial items" and according to the Department of Defense Federal Acquisition Regulation ("DFAR") section 252.2277014(a)(1) and are deemed to be "commercial computer software" and "commercial computer software documentation." Flock is compliant with FAR Section 889 and does not contract or do business with, use any equipment, system, or service that uses the enumerated banned Chinese telecommunication companies, equipment or services as a substantial or essential component of any system, or as critical technology as part of any Flock system. Consistent with DFAR section 227.7202 and FAR section 12.212, any use, modification, reproduction, release, performance, display, or disclosure of such commercial software or commercial software documentation by the U.S. Government will be governed solely by the terms of this MSA and will be prohibited except to the extent expressly permitted by the terms of this MSA. 11.11 Headings. The headings are merely for organization and should not be construed as adding meaning to the MSA or interpreting the associated sections. Exhibit A Page 17 of 21 11.12 Authority. Each of the signers of the Contract Services Agreement represents that they understand this MSA and have the authority to sign on behalf of and bind the Parties they are representing upon the Effective Date. 11.13 Conflict. In the event there is a conflict between this MSA and any applicable statement of work, or Customer purchase order, this MSA controls unless explicitly stated otherwise. 11.14 Notices. In addition to the noticing provisions in Sections 4.1, 4.2, and 10.1 of the Contract Services Agreement that may be used, notices will be in writing and will be deemed to have been duly given when received, if personally delivered; when receipt is electronically confirmed, if transmitted by email; the day after it is sent, if sent for next day delivery by recognized overnight delivery service; and upon receipt to the address listed on the Order Form (or, if different, below), if sent by certified or registered mail, return receipt requested. All notices will be provided to the email or mailing address listed in the Order Form. 11.15 Non -Appropriation. Notwithstanding any other provision of this MSA and the Contract Services Agreement, all obligations of the Customer which require the expenditure of public funds are conditioned on the availability of said funds appropriated for that purpose. To the extent applicable, Customer shall have the right to terminate the Contract Services Agreement (which includes this MSA) for non -appropriation, without penalty or other cost, after delivering to Flock written notice thereof pursuant Section 8.7 of the Contract Services Agreement. Exhibit A Page 18 of 21 ADDENDUM TO AGREEMENT Re: Scope of Services If the Scope of Services include construction, alteration, demolition, installation, repair, or maintenance affecting real property or structures or improvements of any kind appurtenant to real property, the following apply: 1. Prevailing Wage Compliance. If Contracting Party is a contractor performing public works and maintenance projects, as described in this Section 1.3, Contracting Party shall comply with applicable Federal, State, and local laws. Contracting Party is aware of the requirements of California Labor Code Sections 1720, et seq., and 1770, et seq., as well as California Code of Regulations, Title 8, Sections 16000, et seq., (collectively, the "Prevailing Wage Laws"), and La Quinta Municipal Code Section 3.12.040, which require the payment of prevailing wage rates and the performance of other requirements on "Public works" and "Maintenance" projects. If the Services are being performed as part of an applicable "Public works" or "Maintenance" project, as defined by the Prevailing Wage Laws, and if construction work over twenty- five thousand dollars ($25,000.00) and/or alterations, demolition, repair or maintenance work over fifteen thousand dollars ($15,000.00) is entered into or extended on or after January 1, 2015 by this Agreement, Contracting Party agrees to fully comply with such Prevailing Wage Laws including, but not limited to, requirements related to the maintenance of payroll records and the employment of apprentices. Pursuant to California Labor Code Section 1725.5, no contractor or subcontractor may be awarded a contract for public work on a "Public works" project unless registered with the California Department of Industrial Relations ("DIR") at the time the contract is awarded. If the Services are being performed as part of an applicable "Public works" or "Maintenance" project, as defined by the Prevailing Wage Laws, this project is subject to compliance monitoring and enforcement by the DIR. Contracting Party will maintain and will require all subcontractors to maintain valid and current DIR Public Works contractor registration during the term of this Agreement. Contracting Party shall notify City in writing immediately, and in no case more than twenty-four (24) hours, after receiving any information that Contracting Party's or any of its subcontractor's DIR registration status has been suspended, revoked, expired, or otherwise changed. It is understood that it is the responsibility of Contracting Party to determine the correct salary scale. Contracting Party shall make copies of the prevailing rates of per diem wages for each craft, classification, or type of worker needed to execute the Services available to interested parties upon request, and shall post copies at Contracting Party's principal place of business and at the project site, if any. The statutory penalties for failure to pay prevailing wage or to comply with State wage and hour laws will be enforced. Contracting Party must forfeit to City TWENTY-FIVE DOLLARS ($25.00) per day for each worker who works in excess of the minimum working hours when Contracting Party does not pay overtime. In accordance with the provisions of Labor Code Sections 1810 et seq., eight (8) hours is the legal working day. Contracting Party also shall comply with State law requirements to maintain payroll records and shall provide for certified records and inspection of records as required by California Labor Code Section 1770 et seq., including Section 1776. In addition to the other indemnities provided under this Agreement, Contracting Party shall defend (with counsel selected by City), indemnify, and hold City, Exhibit A Page 19 of 21 its elected officials, officers, employees, and agents free and harmless from any claim or liability arising out of any failure or alleged failure to comply with the Prevailing Wage Laws. It is agreed by the parties that, in connection with performance of the Services, including, without limitation, any and all "Public works" (as defined by the Prevailing Wage Laws), Contracting Party shall bear all risks of payment or non-payment of prevailing wages under California law and/or the implementation of Labor Code Section 1781, as the same may be amended from time to time, and/or any other similar law. Contracting Party acknowledges and agrees that it shall be independently responsible for reviewing the applicable laws and regulations and effectuating compliance with such laws. Contracting Party shall require the same of all subcontractors. 2. Omitted. 3. Utility Relocation. City is responsible for removal, relocation, or protection of existing main or trunk -line utilities to the extent such utilities were not identified in the invitation for bids or specifications. City shall reimburse Contracting Party for any costs incurred in locating, repairing damage not caused by Contracting Party, and removing or relocating such unidentified utility facilities. Contracting Party shall not be assessed liquidated damages for delay arising from the removal or relocation of such unidentified utility facilities. 4. Trenches or Excavations. Pursuant to California Public Contract Code Section 7104, in the event the work included in this Agreement requires excavations more than four (4) feet in depth, the following shall apply: (a) Contracting Party shall promptly, and before the following conditions are disturbed, notify City, in writing, of any: (1) material that Contracting Party believes may be material that is hazardous waste, as defined in Section 25117 of the Health and Safety Code, that is required to be removed to a Class I, Class II, or Class III disposal site in accordance with provisions of existing law; (2) subsurface or latent physical conditions at the site different from those indicated by information about the site made available to bidders prior to the deadline for submitting bids; or (3) unknown physical conditions at the site of any unusual nature, different materially from those ordinarily encountered and generally recognized as inherent in work of the character provided for in the Agreement. (b) City shall promptly investigate the conditions, and if it finds that the conditions do materially so differ, or do involve hazardous waste, and cause a decrease or increase in Contracting Party's cost of, or the time required for, performance of any part of the work shall issue a change order per Section 1.8 of the Agreement. (c) in the event that a dispute arises between City and Contracting Party whether the conditions materially differ, or involve hazardous waste, or cause a decrease or increase in Contracting Party's cost of, or time required for, performance of any part of the work, Contracting Party shall not be excused from any scheduled completion date provided for by this Agreement, but shall proceed with all work to be performed under this Agreement. Contracting Party shall retain any and all rights provided either by contract Exhibit A Page 20 of 21 or by law which pertain to the resolution of disputes and protests between the contracting Parties. 5. Safety. Contracting Party shall execute and maintain its work so as to avoid injury or damage to any person or property. In carrying out the Services, Contracting Party shall at all times be in compliance with all applicable local, state, and federal laws, rules and regulations, and shall exercise all necessary precautions for the safety of employees appropriate to the nature of the work and the conditions under which the work is to be performed. Safety precautions as applicable shall include, but shall not be limited to: (A) adequate life protection and lifesaving equipment and procedures; (B) instructions in accident prevention for all employees and subcontractors, such as safe walkways, scaffolds, fall protection ladders, bridges, gang planks, confined space procedures, trenching and shoring, equipment and other safety devices, equipment and wearing apparel as are necessary or lawfully required to prevent accidents or injuries; and (C) adequate facilities for the proper inspection and maintenance of all safety measures. 6. Omitted. Exhibit A Page 21 of21 Exhibit B Schedule of Compensation With the exception of compensation for Additional Services, provided for in Section 2.3 of this Agreement, the maximum total compensation to be paid to Contracting Party under this Agreement is not to exceed Four Hundred and Fourteen Thousand Dollars ($414,000) ("Contract Sum"). The Contract Sum shall be paid to Contracting Party in installment payments made on an annual basis and in an amount identified in Contracting Party's schedule of compensation attached hereto for the work tasks performed and properly invoiced by Contracting Party in conformance with Section 2.2 of this Agreement. Exhibit B Page 1 of 1 Flock Safety + CA -City of La Quinta Flock Group Inc. 1170 Howell Mill Rd, Suite 210 Atlanta, GA 30318 MAIN CONTACT: Tonia Crump tonia@flocksafety.com 4049329942 Created Date: 04/04/2025 Expiration Date: 05/04/2025 Quote Number: Q-134253 PO Number: frock safety f ock safety Quote This document is for informational purposes only. Pricing is subject to change. Bill To: 78495 Calle Tampico La Quinta, California 92253 Ship To: 78495 Calle Tampico La Quinta, California 92253 Billing Company Name: Billing Contact Name: Billing Email Address: Billing Phone: CA -City of La Quinta Hardware and Software Products Annual recurring amounts over subscription term Flock Safety Platform Flock Safety Flock OS FlockOS TM - s Subscription Term: 24 Months Renewal Term: Payment Terms: Net 30 Billing Frequency: Annual - First Year at Signing. $207,000.00 Included Included Included 1 Flock Safety LPR Products Flock Safety LPR, fka Falcon Professional Services and One Time Purchases One Time Fees Included 69 Quantity Total Subtotal Year 1: Annual Recurring Subtotal: Estimated Tax: Contract Total: $207,000.00 $207,000.00 $0.00 $414,000.00 Taxes shown above are provided as an estimate. Actual taxes are the responsibility of the Customer. This is not an invoice — this document is a non -binding proposal for informational purposes only. Pricing is subject to change. Product and Services Description One -Time F - : , ervice Descri • do • Installation on existing infrastructure One-time Professional Services engagement. Includes site & safety assessment, camera setup & testing, and shipping & handling in accordance with the Flock Safety Advanced Implementation Service Brief. Professional Services - Standard Implementation Fee One-time Professional Services engagement. Includes site and safety assessment, camera setup and testing, and shipping and handling in accordance with the Flock Safety Standard Implementation Service Brief. Professional Services - Advanced Implementation Fee One-time Professional Services engagement. Includes site & safety assessment, camera setup & testing, and shipping & handling in accordance with the Flock Safety Advanced Implementation Service Brief. Exhibit C Schedule of Performance Contracting Party shall complete all services identified in the Scope of Services, Exhibit A of this Agreement, in accordance with the Project Schedule, attached hereto and incorporated herein by this reference. Exhibit C Page 1 of 1 Exhibit D Special Requirements None Exhibit D Page 1 of 1 Exhibit E Insurance Requirements E.1 Insurance. Prior to the beginning of and throughout the duration of this Agreement, the following policies shall be maintained and kept in full force and effect providing insurance with minimum limits as indicated below and issued by insurers with A.M. Best ratings of no less than A -VI: Commercial General Liability (at least as broad as ISO CG 0001) $1,000,000 (per occurrence) $2,000,000 (general aggregate) Must include the following endorsements: General Liability Additional Insured General Liability Primary and Non-contributory Commercial Auto Liability (at least as broad as ISO CA 0001) $1,000,000 (per accident) Auto Liability Additional Insured Personal Auto Declaration Page if applicable Errors and Omissions Liability $1,000,000 (per claim and aggregate) Workers' Compensation (per statutory requirements) Must include the following endorsements: Workers Compensation with Waiver of Subrogation Workers Compensation Declaration of Sole Proprietor if applicable Cyber Liability $1,000,000 (per occurrence) $2,000,000 (general aggregate) Contracting Party shall procure and maintain, at its cost, and submit concurrently with its execution of this Agreement, Commercial General Liability insurance against all claims for injuries against persons or damages to property resulting from Contracting Party's acts or omissions rising out of or related to Contracting Party's performance under this Agreement. The insurance policy shall contain a severability of interest clause providing that the coverage shall be primary for losses arising out of Contracting Party's performance hereunder and neither City nor its insurers shall be required to contribute to any such loss. An endorsement evidencing the foregoing and naming the City and its officers and employees as additional insured (on the Commercial General Liability policy only) must be submitted concurrently with the execution of this Agreement and approved by City prior to commencement of the services hereunder. Exhibit E Page 1 of 6 Contracting Party shall carry automobile liability insurance of $1,000,000 per accident against all claims for injuries against persons or damages to property arising out of the use of any automobile by Contracting Party, its officers, any person directly or indirectly employed by Contracting Party, any subcontractor or agent, or anyone for whose acts any of them may be liable, arising directly or indirectly out of or related to Contracting Party's performance under this Agreement. If Contracting Party or Contracting Party's employees will use personal autos in any way on this project, Contracting Party shall provide evidence of personal auto liability coverage for each such person. The term "automobile" includes, but is not limited to, a land motor vehicle, trailer or semi -trailer designed for travel on public roads. The automobile insurance policy shall contain a severability of interest clause providing that coverage shall be primary for losses arising out of Contracting Party's performance hereunder and neither City nor its insurers shall be required to contribute to such loss. Professional Liability or Errors and Omissions Insurance as appropriate shall be written on a policy form coverage specifically designed to protect against acts, errors or omissions of the Contracting Party and "Covered Professional Services" as designated in the policy must specifically include work performed under this agreement. The policy limit shall be no less than $1,000,000 per claim and in the aggregate. The policy must "pay on behalf of" the insured and must include a provision establishing the insurer's duty to defend. The policy retroactive date shall be on or before the effective date of this agreement. Contracting Party shall carry Workers' Compensation Insurance in accordance with State Worker's Compensation laws with employer's liability limits no less than $1,000,000 per accident or disease. Contracting Party shall procure and maintain Cyber Liability insurance with limits of $1,000,000 per occurrence/loss which shall include the following coverage: a. Liability arising from the theft, dissemination and/or use of confidential or personally identifiable information; including credit monitoring and regulatory fines arising from such theft, dissemination or use of the confidential information. b. Network security liability arising from the unauthorized use of, access to, or tampering with computer systems. c. Liability arising from the failure of technology products (software) required under the contract for Consultant to properly perform the services intended. d. Electronic Media Liability arising from personal injury, plagiarism or misappropriation of ideas, domain name infringement or improper deep - linking or framing, and infringement or violation of intellectual property rights. Exhibit E Page 2 of 6 e. Liability arising from the failure to render professional services. If coverage is maintained on a claims -made basis, Contracting Party shall maintain such coverage for an additional period of three (3) years following termination of the contract. Contracting Party shall provide written notice to City within ten (10) working days if: (1) any of the required insurance policies is terminated; (2) the limits of any of the required polices are reduced; or (3) the deductible or self -insured retention is increased. In the event any of said policies of insurance are cancelled, Contracting Party shall, prior to the cancellation date, submit new evidence of insurance in conformance with this Exhibit to the Contract Officer. The procuring of such insurance or the delivery of policies or certificates evidencing the same shall not be construed as a limitation of Contracting Party's obligation to indemnify City, its officers, employees, contractors, subcontractors, or agents. E.2 Remedies. In addition to any other remedies City may have if Contracting Party fails to provide or maintain any insurance policies or policy endorsements to the extent and within the time herein required, City may, at its sole option: a. Obtain such insurance and deduct and retain the amount of the premiums for such insurance from any sums due under this Agreement. b. Order Contracting Party to stop work under this Agreement and/or withhold any payment(s) which become due to Contracting Party hereunder until Contracting Party demonstrates compliance with the requirements hereof. c. Terminate this Agreement. Exercise any of the above remedies, however, is an alternative to any other remedies City may have. The above remedies are not the exclusive remedies for Contracting Party's failure to maintain or secure appropriate policies or endorsements. Nothing herein contained shall be construed as limiting in any way the extent to which Contracting Party may be held responsible for payments of damages to persons or property resulting from Contracting Party's or its subcontractors' performance of work under this Agreement. E.3 General Conditions Pertaining to Provisions of Insurance Coverage by Contracting Party. Contracting Party and City agree to the following with respect to insurance provided by Contracting Party: 1. Contracting Party agrees to have its insurer endorse the third party general liability coverage required herein to include as additional insureds City, its officials, employees, and agents, using standard ISO endorsement No. CG 2010 with an edition prior to 1992. Contracting Party also agrees to require all contractors, and subcontractors to do likewise. 2. No liability insurance coverage provided to comply with this Agreement shall prohibit Contracting Party, or Contracting Party's employees, or agents, from waiving the Exhibit E Page 3of6 right of subrogation prior to a loss. Contracting Party agrees to waive subrogation rights against City regardless of the applicability of any insurance proceeds, and to require all contractors and subcontractors to do likewise. 3. All insurance coverage and limits provided by Contracting Party and available or applicable to this Agreement are intended to apply to the full extent of the policies. Nothing contained in this Agreement or any other agreement relating to City or its operations limits the application of such insurance coverage. 4. None of the coverages required herein will be in compliance with these requirements if they include any limiting endorsement of any kind that has not been first submitted to City and approved of in writing. 5. No liability policy shall contain any provision or definition that would serve to eliminate so-called "third party action over" claims, including any exclusion for bodily injury to an employee of the insured or of any contractor or subcontractor. 6. All coverage types and limits required are subject to approval, modification and additional requirements by the City, as the need arises. Contracting Party shall not make any reductions in scope of coverage (e.g. elimination of contractual liability or reduction of discovery period) that may affect City's protection without City's prior written consent. 7. Proof of compliance with these insurance requirements, consisting of certificates of insurance evidencing all the coverages required and an additional insured endorsement to Contracting Party's general liability policy, shall be delivered to City at or prior to the execution of this Agreement. In the event such proof of any insurance is not delivered as required, or in the event such insurance is canceled at any time and no replacement coverage is provided, City has the right, but not the duty, to obtain any insurance it deems necessary to protect its interests under this or any other agreement and to pay the premium. Any premium so paid by City shall be charged to and promptly paid by Contracting Party or deducted from sums due Contracting Party, at City option. 8. It is acknowledged by the parties of this agreement that all insurance coverage required to be provided by Contracting Party or any subcontractor, is intended to apply first and on a primary, non-contributing basis in relation to any other insurance or self-insurance available to City. 9. Contracting Party agrees to ensure that subcontractors, and any other party involved with the project that is brought onto or involved in the project by Contracting Party, provide the same minimum insurance coverage required of Contracting Party. Contracting Party agrees to monitor and review all such coverage and assumes all responsibility for ensuring that such coverage is provided in conformity with the requirements of this section. Contracting Party agrees that upon request, all agreements with subcontractors and others engaged in the project will be submitted to City for review. 10. Contracting Party agrees not to self -insure or to use any self -insured retentions or deductibles on any portion of the insurance required herein (with the Exhibit E Page 4 of 6 exception of professional liability coverage, if required) and further agrees that it will not allow any contractor, subcontractor, Architect, Engineer or other entity or person in any way involved in the performance of work on the project contemplated by this agreement to self -insure its obligations to City. If Contracting Party's existing coverage includes a deductible or self -insured retention, the deductible or self -insured retention must be declared to the City. At that time the City shall review options with the Contracting Party, which may include reduction or elimination of the deductible or self -insured retention, substitution of other coverage, or other solutions. 11. The City reserves the right at any time during the term of this Agreement to change the amounts and types of insurance required by giving the Contracting Party ninety (90) days advance written notice of such change. If such change results in substantial additional cost to the Contracting Party, the City will negotiate additional compensation proportional to the increased benefit to City. 12. For purposes of applying insurance coverage only, this Agreement will be deemed to have been executed immediately upon any party hereto taking any steps that can be deemed to be in furtherance of or towards performance of this Agreement. 13. Contracting Party acknowledges and agrees that any actual or alleged failure on the part of City to inform Contracting Party of non-compliance with any insurance requirement in no way imposes any additional obligations on City nor does it waive any rights hereunder in this or any other regard. 14. Contracting Party will renew the required coverage annually as long as City, or its employees or agents face an exposure from operations of any type pursuant to this agreement. This obligation applies whether the agreement is canceled or terminated for any reason. Termination of this obligation is not effective until City executes a written statement to that effect. 15. Contracting Party shall provide proof that policies of insurance required herein expiring during the term of this Agreement have been renewed or replaced with other policies providing at least the same coverage. Proof that such coverage has been ordered shall be submitted prior to expiration. A coverage binder or letter from Contracting Party's insurance agent to this effect is acceptable. A certificate of insurance and an additional insured endorsement is required in these specifications applicable to the renewing or new coverage must be provided to City within five (5) days of the expiration of coverages. 16. The provisions of any workers' compensation or similar act will not limit the obligations of Contracting Party under this agreement. Contracting Party expressly agrees not to use any statutory immunity defenses under such laws with respect to City, its employees, officials, and agents. 17. Requirements of specific coverage features, or limits contained in this section are not intended as limitations on coverage, limits or other requirements nor as a waiver of any coverage normally provided by any given policy. Specific reference to a Exhibit E Page 5of6 given coverage feature is for purposes of clarification only as it pertains to a given issue and is not intended by any party or insured to be limiting or all-inclusive. 18. These insurance requirements are intended to be separate and distinct from any other provision in this Agreement and are intended by the parties here to be interpreted as such. 19. The requirements in this Exhibit supersede all other sections and provisions of this Agreement to the extent that any other section or provision conflicts with or impairs the provisions of this Exhibit. 20. Contracting Party agrees to be responsible for ensuring that no contract used by any party involved in any way with the project reserves the right to charge City or Contracting Party for the cost of additional insurance coverage required by this agreement. Any such provisions are to be deleted with reference to City. It is not the intent of City to reimburse any third party for the cost of complying with these requirements. There shall be no recourse against City for payment of premiums or other amounts with respect thereto. 21. Contracting Party agrees to provide immediate notice to City of any claim or loss against Contracting Party arising out of the work performed under this agreement. City assumes no obligation or liability by such notice, but has the right (but not the duty) to monitor the handling of any such claim or claims if they are likely to involve City. Exhibit E Page 6 of 6 Exhibit F Indemnification F.1 Indemnity for the Benefit of City. a. Indemnification for Professional Liability. When the law establishes a professional standard of care for Contracting Party's Services, to the fullest extent permitted by law, Contracting Party shall indemnify, protect, defend (with counsel selected by City), and hold harmless City and any and all of its officials, employees, and agents ("Indemnified Parties") from and against any and all claims, losses, liabilities of every kind, nature, and description, damages, injury (including, without limitation, injury to or death of an employee of Contracting Party or of any subcontractor), costs and expenses of any kind, whether actual, alleged or threatened, including, without limitation, incidental and consequential damages, court costs, attorneys' fees, litigation expenses, and fees of expert consultants or expert witnesses incurred in connection therewith and costs of investigation, to the extent same are caused in whole or in part by any negligent or wrongful act, error or omission of Contracting Party, its officers, agents, employees or subcontractors (or any entity or individual that Contracting Party shall bear the legal liability thereof) in the performance of professional services under this agreement. With respect to the design of public improvements, the Contracting Party shall not be liable for any injuries or property damage resulting from the reuse of the design at a location other than that specified in Exhibit A without the written consent of the Contracting Party. b. Indemnification for Other Than Professional Liability. Other than in the performance of professional services and to the full extent permitted by law, Contracting Party shall indemnify, defend (with counsel selected by City), and hold harmless the Indemnified Parties from and against any liability (including liability for claims, suits, actions, arbitration proceedings, administrative proceedings, regulatory proceedings, losses, expenses or costs of any kind, whether actual, alleged or threatened, including, without limitation, incidental and consequential damages, court costs, attorneys' fees, litigation expenses, and fees of expert consultants or expert witnesses) incurred in connection therewith and costs of investigation, where the same arise out of, are a consequence of, or are in any way attributable to, in whole or in part, the performance of this Agreement by Contracting Party or by any individual or entity for which Contracting Party is legally liable, including but not limited to officers, agents, employees, or subcontractors of Contracting Party. c. Indemnity Provisions for Contracts Related to Construction (Limitation on Indemnity). Without affecting the rights of City under any provision of this agreement, Contracting Party shall not be required to indemnify and hold harmless City for liability attributable to the active negligence of City, provided such active negligence is determined by agreement between the parties or by the findings of a court of competent jurisdiction. In instances where City is shown to have been actively negligent and where City's active negligence accounts for only a percentage of the liability involved, the obligation of Contracting Party will be for that entire portion or percentage of liability not attributable to the active negligence of City. Exhibit F Page 1 of 2 d. Indemnification Provision for Design Professionals. 1. Applicability of this Section F.1(d). Notwithstanding Section F.1(a) hereinabove, the following indemnification provision shall apply to a Contracting Party who constitutes a "design professional" as the term is defined in paragraph 3 below. 2. Scope of Indemnification. When the law establishes a professional standard of care for Contracting Party's Services, to the fullest extent permitted by law, Contracting Party shall indemnify and hold harmless City and any and all of its officials, employees, and agents ("Indemnified Parties") from and against any and all losses, liabilities of every kind, nature, and description, damages, injury (including, without limitation, injury to or death of an employee of Contracting Party or of any subcontractor), costs and expenses, including, without limitation, incidental and consequential damages, court costs, reimbursement of attorneys' fees, litigation expenses, and fees of expert consultants or expert witnesses incurred in connection therewith and costs of investigation, to the extent same are caused by any negligent or wrongful act, error or omission of Contracting Party, its officers, agents, employees or subcontractors (or any entity or individual that Contracting Party shall bear the legal liability thereof) in the performance of professional services under this agreement. With respect to the design of public improvements, the Contracting Party shall not be liable for any injuries or property damage resulting from the reuse of the design at a location other than that specified in Exhibit A without the written consent of the Contracting Party. 3. Design Professional Defined. As used in this Section F.1(d), the term "design professional" shall be limited to licensed architects, registered professional engineers, licensed professional land surveyors and landscape architects, all as defined under current law, and as may be amended from time to time by Civil Code § 2782.8. F.2 Obligation to Secure Indemnification Provisions. Contracting Party agrees to obtain executed indemnity agreements with provisions identical to those set forth herein this Exhibit F, as applicable to the Contracting Party, from each and every subcontractor or any other person or entity involved by, for, with or on behalf of Contracting Party in the performance of this Agreement. In the event Contracting Party fails to obtain such indemnity obligations from others as required herein, Contracting Party agrees to be fully responsible according to the terms of this Exhibit. Failure of City to monitor compliance with these requirements imposes no additional obligations on City and will in no way act as a waiver of any rights hereunder. This obligation to indemnify and defend City as set forth in this Agreement are binding on the successors, assigns or heirs of Contracting Party and shall survive the termination of this Agreement. Exhibit F Page 2 of 2 BUSINESS SESSION ITEM NO. 3 City of La Quinta CITY COUNCIL MEETING: August 5, 2025 STAFF REPORT AGENDA TITLF : APPROVE AGREEMENT FOR CONTRACT SERVICES WITH FLOCK GROUP, INC FOR AUTOMATIC LICENSE PLATE READER SYSTEM WITHIN LA QUINTA'S BOUNDARIES; AND AUTHORIZE RIVERSIDE COUNTY SHERIFF'S DEPARTMENT AS THE SYSTEM'S ADMINISTRATOR AND AUTHORIZED USER RECOMMENDATION Approve Agreement for Contract Services with Flock Group, Inc., for automatic license plate reader system within La Quinta's boundaries; authorize Riverside County Sheriff's Office as the system's administrator and authorized user; and authorize the City Manager to execute the agreement, substantially in the form attached, and make any revisions necessary to conform with standard City contract provisions. EXECUTIVE SUMMARY • On April 3, 2023, Council approved installation and operation of the Flock Automatic License Reader System (ALPR) during a public hearing. • ALPR technology has improved Riverside County Sheriff's Office (RCSO) efficiency in identifying vehicles of interest. The system serves as a crime -fighting tool utilized by law enforcement agencies nationwide (Attachment 2). • RCSO is the sole administrator and authorized user of the ALPR system in compliance with Civic Code Sections 1798.29 and 1798.82, amended in 2015, establishing requirements to secure data use, prevent misuse, and ensure public transparency. The Flock Safety Falcon ALPR system is provided under a subscription model at a flat annual fee of $3,000 per camera which is a 20% increase from previous years. Included in the cost are the camera hardware, hardware maintenance, ALPR software, software updates, 30 days unlimited data storage, LTE connectivity (wireless transmission), solar panels, poles, mounting equipment and monitoring. The cost for leasing 69 Flock ALPR system cameras, including the equipment and software, is $207,000 per year ($17,250 base monthly rate) for a total amount not to exceed $414,000 for a 24-month lease from May 2025 to May 2027 (Attachment 1). Funds in the amount of the contract are available in the fiscal year 2025/26 Police Budget account 101-2001-60692 for Public Safety Camera Maintenance. 229 BACKGROUND/ANALYSIS In 2020, RCSO implemented the Flock ALPR system across unincorporated county areas, and since then, Flock has become their sole source vendor for the Flock Safety ALPR cameras system. Flock Safety is the only fully integrated ALPR one -stop solution which includes hardware, software, installation, and maintenance of the system. Flock Safety is also the sole provider of the patented "Vehicle Fingerprint" Technology, which allows the system to identify vehicles using license plates and unique features like color and make, without using facial recognition or collecting personal information. Data is securely stored in the AWS Government Cloud and automatically deleted after 30 days. The system only captures photos (no live feed), ensuring privacy and non -surveillance. On March 7, 2023, staff presented a study session to the Council detailing the features, benefits, and privacy safeguards of the Flock ALPR System. Following comprehensive discussions with RCSO and public input, Council approved installation and operation of the ALPR system during a public hearing held on April 3, 2023. Given the increased use of ALPR, in 2015 California passed Senate Bill 34 (SB 34) (Stats. 2015, CH. 532, Hill), amending Civil Code Sections 1798.29 and 1798.82, establishing strict regulations to protect and secure the data collected through ALPR (Attachment 3). These regulations include requiring public approval before a system is installed, establishment of strict security measures, and privacy policies for ALPR systems, and users. RCSO manages all Flock cameras in unincorporated areas and contract cities, including La Quinta, where only RCSO staff have system access. RCSO enforces a strict ALPR policy limiting data use to law enforcement purposes, prohibits data sharing or sale, and mandates four hours of staff training before system access. As an ALPR administrator and per SB 34, RCSO has established an ALPR Policy which is posted on the RCSO's website as "Policy 412" within the RCSO Standards Manual (DSM), (Attachment 4). Per RCSO's policy, ALPR data may only be used for official law enforcement purposes, and cannot be shared, transferred, or sold for any other use. IA I- TERNATIVES Staff does not recommend an alternative. Prepared by: Approved by: Lisa Chastain, Public Safety Management Analyst Martha Mendez, Public Safety Deputy Director Attachments: 1. Agreement for Flock Safety ALPR Services 2. RCSO Flock Safety ALPR Recommendation 3. Senate Bill 34 — ALPR system: Use of Data 4. RCSO Automated License Plate Reader Policy - Policy 412. 230 ATTACHMENT 2 Riverside County Sheriff's Department Chad Bianco, Sheriff -Coroner Thermal Station 86625 Airport Boulevard • Thermal • California • 92274 www.riversidesheriff.org June 19, 2025 La Quinta City Council 78495 Calle Tampico La Quinta, Ca. 92253 Re: Automatic License Plate Readers — Flock Safety Dear Mayor Evans and Council Members, The Flock Safety automatic license plate reader (ALPR) camera system has proven to be a vital asset for sheriff's personnel assigned to provide law enforcement services to the City of La Quinta. The Riverside County Sheriffs Department remains committed to the City Council's priority of maintaining a high quality of life for residents, as well as supporting a safe and thriving business environment. The Flock ALPR system plays a key role in achieving both goals. This technology has enabled deputies to proactively respond to incidents involving organized retail theft crews as they enter the city's commercial areas. Many of these alerts originate from Flock entries made outside La Quinta's jurisdiction, demonstrating the value of interoperability and cross jurisdictional data sharing in combating organized criminal activity. Beyond retail theft, the ALPR system has supported a wide range of investigations, including those involving domestic violence, stalking, assault with a deadly weapon, exhibition of speed/street racing, theft, burglaries, missing persons, and stolen vehicles. Between May 20 and June 17, 2025, the ALPR cameras captured and processed over 3 million license plate reads, matching them against databases statewide. This underscores both the scale and utility of the system in enhancing public safety. In light of recent concerns regarding data sharing by the Riverside County Sheriff's Office with out-of- state or federal immigration authorities, I want to assure the Council that the administration at the Thermal Station conducts monthly audits of personnel access and usage. We remain in full compliance with RSO Department Policy 412, Senate Bill 34 (ALPR use and data privacy), and Senate Bill 54 (California Values Act). Our continued commitment is to transparency, lawful use of technology, and the safety and privacy of La Quinta's residents and businesses. rely, 1("--7N ncisco Velasco Lieutenant ATTACHMENT 3 LEGISLATIVE INFORMATION Home Bill Information California Law Publications Other Resources My Subscriptions My Favorites SB-34 Automated license plate recognition systems: use of data. (2015-2016) SHARE THIS: uri Senate Bill No. 34 CHAPTER 532 An act to amend Sections 1798.29 and 1798.82 of, and to add Title 1.81.23 (commencing with Section 1798.90.5) to Part 4 of Division 3 of, the Civil Code, relating to personal information. Approved by Governor October 06, 2015. Filed with Secretary of State October 06, 2015. 1 LEGISLATIVE COUNSEL'S DIGEST SB 34, Hill. Automated license plate recognition systems: use of data. (1) Existing law authorizes the Department of the California Highway Patrol to retain license plate data captured by license plate recognition (LPR) technology, also referred to as an automated license plate recognition (ALPR) system, for not more than 60 days unless the data is being used as evidence or for the investigation of felonies. Existing law prohibits the department from selling the data or from making the data available to an agency that is not a law enforcement agency or an individual that is not a law enforcement officer. Existing law authorizes the department to use LPR data for the purpose of locating vehicles or persons reasonably suspected of being involved in the commission of a public offense, and requires the department to monitor the internal use of the data to prevent unauthorized use and to submit to the Legislature, as a part of the annual automobile theft report, information on the department's LPR practices and usage. This bill would impose specified requirements on an "ALPR operator" as defined, including, among others, maintaining reasonable security procedures and practices to protect ALPR information and implementing a usage and privacy policy with respect to that information, as specified. The bill would impose similar requirements on an "ALPR end -user," as defined. The bill would require an ALPR operator that accesses or provides access to ALPR information to maintain a specified record of that access and require that ALPR information only be used for authorized purposes. The bill would, in addition to any other sanctions, penalties, or remedies provided by law, authorize an individual who has been harmed by a violation of these provisions to bring a civil action in any court of competent jurisdiction against a person who knowingly caused the harm. The bill would require a public agency, as defined, that operates or intends to operate an ALPR system to provide an opportunity for public comment at a regularly scheduled public meeting of the governing body of the public agency before implementing the program. The bill would also prohibit a public agency from selling, sharing, or transferring ALPR information, except to another public agency, as specified. (2) Existing law requires any agency, and any person or business conducting business in California, that owns or licenses computerized data that includes personal information, as defined, to disclose in specified ways, any breach of the security of the system or data, as defined, following discovery or notification of the security breach, to any California resident whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. Existing law defines "personal information" for these purposes to include an individual's first name and last name, or first initial and last name, in combination with one or more designated data elements relating to, among other things, social security numbers, driver's license numbers, financial accounts, and medical information. This bill would include information or data collected through the use or operation of an automated license plate recognition system, when that information is not encrypted and is used in combination with an individual's name, in the definition of "personal information" discussed above. This bill would incorporate additional changes to Section 1798.29 of the Civil Code proposed by SB 570 and AB 964 that would become operative if this bill and one or both of those bills are enacted and this bill is enacted last. This bill also would incorporate additional changes to Section 1798.82 of the Civil Code proposed by SB 570 and AB 964 that would become operative if this bill and one or both of those bills are enacted and this bill is enacted last. Vote: majority Appropriation: no Fiscal Committee: yes Local Program: no THE PEOPLE OF THE STATE OF CALIFORNIA DO ENACT AS FOLLOWS: SECTION 1. Section 1798.29 of the Civil Code is amended to read: 1798.29. (a) Any agency that owns or licenses computerized data that includes personal information shall disclose any breach of the security of the system following discovery or notification of the breach in the security of the data to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. The disclosure shall be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement, as provided in subdivision (c), or any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system. (b) Any agency that maintains computerized data that includes personal information that the agency does not own shall notify the owner or licensee of the information of any breach of the security of the data immediately following discovery, if the personal information was, or is reasonably believed to have been, acquired by an unauthorized person. (c) The notification required by this section may be delayed if a law enforcement agency determines that the notification will impede a criminal investigation. The notification required by this section shall be made after the law enforcement agency determines that it will not compromise the investigation. (d) Any agency that is required to issue a security breach notification pursuant to this section shall meet all of the following requirements: (1) The security breach notification shall be written in plain language. (2) The security breach notification shall include, at a minimum, the following information: (A) The name and contact information of the reporting agency subject to this section. (B) A list of the types of personal information that were or are reasonably believed to have been the subject of a breach. (C) If the information is possible to determine at the time the notice is provided, then any of the following: (i) the date of the breach, (ii) the estimated date of the breach, or (iii) the date range within which the breach occurred. The notification shall also include the date of the notice. (D) Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided. (E) A general description of the breach incident, if that information is possible to determine at the time the notice is provided. (F) The toll -free telephone numbers and addresses of the major credit reporting agencies, if the breach exposed a social security number or a driver's license or California identification card number. (3) At the discretion of the agency, the security breach notification may also include any of the following: (A) Information about what the agency has done to protect individuals whose information has been breached. (B) Advice on steps that the person whose information has been breached may take to protect himself or herself. (4) In the case of a breach of the security of the system involving personal information defined in paragraph (2) of subdivision (g) for an online account, and no other personal information defined in paragraph (1) of subdivision (g), the agency may comply with this section by providing the security breach notification in electronic or other form that directs the person whose personal information has been breached to promptly change his or her password and security question or answer, as applicable, or to take other steps appropriate to protect the online account with the agency and all other online accounts for which the person uses the same user name or email address and password or security question or answer. (5) In the case of a breach of the security of the system involving personal information defined in paragraph (2) of subdivision (g) for login credentials of an email account furnished by the agency, the agency shall not comply with this section by providing the security breach notification to that email address, but may, instead, comply with this section by providing notice by another method described in subdivision (i) or by clear and conspicuous notice delivered to the resident online when the resident is connected to the online account from an Internet Protocol address or online location from which the agency knows the resident customarily accesses the account. (e) Any agency that is required to issue a security breach notification pursuant to this section to more than 500 California residents as a result of a single breach of the security system shall electronically submit a single sample copy of that security breach notification, excluding any personally identifiable information, to the Attorney General. A single sample copy of a security breach notification shall not be deemed to be within subdivision (f) of Section 6254 of the Government Code. (f) For purposes of this section, "breach of the security of the system" means unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of personal information maintained by the agency. Good faith acquisition of personal information by an employee or agent of the agency for the purposes of the agency is not a breach of the security of the system, provided that the personal information is not used or subject to further unauthorized disclosure. (g) For purposes of this section, "personal information" means either of the following: (1) An individual's first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted: (A) Social security number. (B) Driver's license number or California identification card number. (C) Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account. (D) Medical information. (E) Health insurance information. (F) Information or data collected through the use or operation of an automated license plate recognition system, as defined in Section 1798.90.5. (2) A user name or email address, in combination with a password or security question and answer that would permit access to an online account. (h) (1) For purposes of this section, "personal information" does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records. (2) For purposes of this section, "medical information" means any information regarding an individual's medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional. (3) For purposes of this section, "health insurance information" means an individual's health insurance policy number or subscriber identification number, any unique identifier used by a health insurer to identify the individual, or any information in an individual's application and claims history, including any appeals records. (i) For purposes of this section, "notice" may be provided by one of the following methods: (1) Written notice. (2) Electronic notice, if the notice provided is consistent with the provisions regarding electronic records and signatures set forth in Section 7001 of Title 15 of the United States Code. (3) Substitute notice, if the agency demonstrates that the cost of providing notice would exceed two hundred fifty thousand dollars ($250,000), or that the affected class of subject persons to be notified exceeds 500,000, or the agency does not have sufficient contact information. Substitute notice shall consist of all of the following: (A) Email notice when the agency has an email address for the subject persons. (B) Conspicuous posting of the notice on the agency's Internet Web site page, if the agency maintains one. (C) Notification to major statewide media and the Office of Information Security within the Department of Technology. (j) Notwithstanding subdivision (i), an agency that maintains its own notification procedures as part of an information security policy for the treatment of personal information and is otherwise consistent with the timing requirements of this part shall be deemed to be in compliance with the notification requirements of this section if it notifies subject persons in accordance with its policies in the event of a breach of security of the system. (k) Notwithstanding the exception specified in paragraph (4) of subdivision (b) of Section 1798.3, for purposes of this section, "agency" includes a local agency, as defined in subdivision (a) of Section 6252 of the Government Code. SEC. 1.1. Section 1798.29 of the Civil Code is amended to read: 1798.29. (a) Any agency that owns or licenses computerized data that includes personal information shall disclose any breach of the security of the system following discovery or notification of the breach in the security of the data to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. The disclosure shall be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement, as provided in subdivision (c), or any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system. (b) Any agency that maintains computerized data that includes personal information that the agency does not own shall notify the owner or licensee of the information of any breach of the security of the data immediately following discovery, if the personal information was, or is reasonably believed to have been, acquired by an unauthorized person. (c) The notification required by this section may be delayed if a law enforcement agency determines that the notification will impede a criminal investigation. The notification required by this section shall be made after the law enforcement agency determines that it will not compromise the investigation. (d) Any agency that is required to issue a security breach notification pursuant to this section shall meet all of the following requirements: (1) The security breach notification shall be written in plain language, shall be titled "Notice of Data Breach," and shall present the information described in paragraph (2) under the following headings: "What Happened," "What Information Was Involved," "What We Are Doing," "What You Can Do," and "For More Information." Additional information may be provided as a supplement to the notice. (A) The format of the notice shall be designed to call attention to the nature and significance of the information it contains. (B) The title and headings in the notice shall be clearly and conspicuously displayed. (C) The text of the notice and any other notice provided pursuant to this section shall be no smaller than 10-point type. (D) For a written notice described in paragraph (1) of subdivision (i), use of the model security breach notification form prescribed below or use of the headings described in this paragraph with the information described in paragraph (2), written in plain language, shall be deemed to be in compliance with this subdivision. [NAME OF INSTITUTION / LOGO] Date: [insert date] NOTICE OF DATA BREACH What Happened? What Information Was Involved? What We Are Doing. What You Can Do. Other Important Information. [insert other important information] For More Information. Call [telephone number] or go to [Internet Web site] (E) For an electronic notice described in paragraph (2) of subdivision (i), use of the headings described in this paragraph with the information described in paragraph (2), written in plain language, shall be deemed to be in compliance with this subdivision. (2) The security breach notification described in paragraph (1) shall include, at a minimum, the following information: (A) The name and contact information of the reporting agency subject to this section. (B) A list of the types of personal information that were or are reasonably believed to have been the subject of a breach. (C) If the information is possible to determine at the time the notice is provided, then any of the following: (i) the date of the breach, (ii) the estimated date of the breach, or (iii) the date range within which the breach occurred. The notification shall also include the date of the notice. (D) Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided. (E) A general description of the breach incident, if that information is possible to determine at the time the notice is provided. (F) The toll -free telephone numbers and addresses of the major credit reporting agencies, if the breach exposed a social security number or a driver's license or California identification card number. (3) At the discretion of the agency, the security breach notification may also include any of the following: (A) Information about what the agency has done to protect individuals whose information has been breached. (B) Advice on steps that the person whose information has been breached may take to protect himself or herself. (e) Any agency that is required to issue a security breach notification pursuant to this section to more than 500 California residents as a result of a single breach of the security system shall electronically submit a single sample copy of that security breach notification, excluding any personally identifiable information, to the Attorney General. A single sample copy of a security breach notification shall not be deemed to be within subdivision (f) of Section 6254 of the Government Code. (f) For purposes of this section, "breach of the security of the system" means unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of personal information maintained by the agency. Good faith acquisition of personal information by an employee or agent of the agency for the purposes of the agency is not a breach of the security of the system, provided that the personal information is not used or subject to further unauthorized disclosure. (g) For purposes of this section, "personal information" means either of the following: (1) An individual's first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted: (A) Social security number. (B) Driver's license number or California identification card number. (C) Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account. (D) Medical information. (E) Health insurance information. (F) Information or data collected through the use or operation of an automated license plate recognition system, as defined in Section 1798.90.5. (2) A user name or email address, in combination with a password or security question and answer that would permit access to an online account. (h) (1) For purposes of this section, "personal information" does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records. (2) For purposes of this section, "medical information" means any information regarding an individual's medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional. (3) For purposes of this section, "health insurance information" means an individual's health insurance policy number or subscriber identification number, any unique identifier used by a health insurer to identify the individual, or any information in an individual's application and claims history, including any appeals records. (i) For purposes of this section, "notice" may be provided by one of the following methods: (1) Written notice. (2) Electronic notice, if the notice provided is consistent with the provisions regarding electronic records and signatures set forth in Section 7001 of Title 15 of the United States Code. (3) Substitute notice, if the agency demonstrates that the cost of providing notice would exceed two hundred fifty thousand dollars ($250,000), or that the affected class of subject persons to be notified exceeds 500,000, or the agency does not have sufficient contact information. Substitute notice shall consist of all of the following: (A) Email notice when the agency has an email address for the subject persons. (B) Conspicuous posting, for a minimum of 30 days, of the notice on the agency's Internet Web site page, if the agency maintains one. For purposes of this subparagraph, conspicuous posting on the agency's Internet Web site means providing a link to the notice on the home page or first significant page after entering the Internet Web site that is in larger type than the surrounding text, or in contrasting type, font, or color to the surrounding text of the same size, or set off from the surrounding text of the same size by symbols or other marks that call attention to the link. (C) Notification to major statewide media and the Office of Information Security within the Department of Technology. (4) In the case of a breach of the security of the system involving personal information defined in paragraph (2) of subdivision (g) for an online account, and no other personal information defined in paragraph (1) of subdivision (g), the agency may comply with this section by providing the security breach notification in electronic or other form that directs the person whose personal information has been breached to promptly change his or her password and security question or answer, as applicable, or to take other steps appropriate to protect the online account with the agency and all other online accounts for which the person uses the same user name or email address and password or security question or answer. (5) In the case of a breach of the security of the system involving personal information defined in paragraph (2) of subdivision (g) for login credentials of an email account furnished by the agency, the agency shall not comply with this section by providing the security breach notification to that email address, but may, instead, comply with this section by providing notice by another method described in this subdivision or by clear and conspicuous notice delivered to the resident online when the resident is connected to the online account from an Internet Protocol address or online location from which the agency knows the resident customarily accesses the account. (j) Notwithstanding subdivision (i), an agency that maintains its own notification procedures as part of an information security policy for the treatment of personal information and is otherwise consistent with the timing requirements of this part shall be deemed to be in compliance with the notification requirements of this section if it notifies subject persons in accordance with its policies in the event of a breach of security of the system. (k) Notwithstanding the exception specified in paragraph (4) of subdivision (b) of Section 1798.3, for purposes of this section, "agency" includes a local agency, as defined in subdivision (a) of Section 6252 of the Government Code. SEC. 1.2. Section 1798.29 of the Civil Code is amended to read: 1798.29. (a) Any agency that owns or licenses computerized data that includes personal information shall disclose any breach of the security of the system following discovery or notification of the breach in the security of the data to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. The disclosure shall be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement, as provided in subdivision (c), or any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system. (b) Any agency that maintains computerized data that includes personal information that the agency does not own shall notify the owner or licensee of the information of any breach of the security of the data immediately following discovery, if the personal information was, or is reasonably believed to have been, acquired by an unauthorized person. (c) The notification required by this section may be delayed if a law enforcement agency determines that the notification will impede a criminal investigation. The notification required by this section shall be made after the law enforcement agency determines that it will not compromise the investigation. (d) Any agency that is required to issue a security breach notification pursuant to this section shall meet all of the following requirements: (1) The security breach notification shall be written in plain language. (2) The security breach notification shall include, at a minimum, the following information: (A) The name and contact information of the reporting agency subject to this section. (B) A list of the types of personal information that were or are reasonably believed to have been the subject of a breach. (C) If the information is possible to determine at the time the notice is provided, then any of the following: (i) the date of the breach, (ii) the estimated date of the breach, or (iii) the date range within which the breach occurred. The notification shall also include the date of the notice. (D) Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided. (E) A general description of the breach incident, if that information is possible to determine at the time the notice is provided. (F) The toll -free telephone numbers and addresses of the major credit reporting agencies, if the breach exposed a social security number or a driver's license or California identification card number. (3) At the discretion of the agency, the security breach notification may also include any of the following: (A) Information about what the agency has done to protect individuals whose information has been breached. (B) Advice on steps that the person whose information has been breached may take to protect himself or herself. (4) In the case of a breach of the security of the system involving personal information defined in paragraph (2) of subdivision (g) for an online account, and no other personal information defined in paragraph (1) of subdivision (g), the agency may comply with this section by providing the security breach notification in electronic or other form that directs the person whose personal information has been breached to promptly change his or her password and security question or answer, as applicable, or to take other steps appropriate to protect the online account with the agency and all other online accounts for which the person uses the same user name or email address and password or security question or answer. (5) In the case of a breach of the security of the system involving personal information defined in paragraph (2) of subdivision (g) for login credentials of an email account furnished by the agency, the agency shall not comply with this section by providing the security breach notification to that email address, but may, instead, comply with this section by providing notice by another method described in subdivision (i) or by clear and conspicuous notice delivered to the resident online when the resident is connected to the online account from an Internet Protocol address or online location from which the agency knows the resident customarily accesses the account. (e) Any agency that is required to issue a security breach notification pursuant to this section to more than 500 California residents as a result of a single breach of the security system shall electronically submit a single sample copy of that security breach notification, excluding any personally identifiable information, to the Attorney General. A single sample copy of a security breach notification shall not be deemed to be within subdivision (f) of Section 6254 of the Government Code. (f) For purposes of this section, "breach of the security of the system" means unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of personal information maintained by the agency. Good faith acquisition of personal information by an employee or agent of the agency for the purposes of the agency is not a breach of the security of the system, provided that the personal information is not used or subject to further unauthorized disclosure. (g) For purposes of this section, "personal information" means either of the following: (1) An individual's first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted: (A) Social security number. (B) Driver's license number or California identification card number. (C) Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account. (D) Medical information. (E) Health insurance information. (F) Information or data collected through the use or operation of an automated license plate recognition system, as defined in Section 1798.90.5. (2) A user name or email address, in combination with a password or security question and answer that would permit access to an online account. (h) (1) For purposes of this section, "personal information" does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records. (2) For purposes of this section, "medical information" means any information regarding an individual's medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional. (3) For purposes of this section, "health insurance information" means an individual's health insurance policy number or subscriber identification number, any unique identifier used by a health insurer to identify the individual, or any information in an individual's application and claims history, including any appeals records. (4) For purposes of this section, "encrypted" means rendered unusable, unreadable, or indecipherable to an unauthorized person through a security technology or methodology generally accepted in the field of information security. (i) For purposes of this section, "notice" may be provided by one of the following methods: (1) Written notice. (2) Electronic notice, if the notice provided is consistent with the provisions regarding electronic records and signatures set forth in Section 7001 of Title 15 of the United States Code. (3) Substitute notice, if the agency demonstrates that the cost of providing notice would exceed two hundred fifty thousand dollars ($250,000), or that the affected class of subject persons to be notified exceeds 500,000, or the agency does not have sufficient contact information. Substitute notice shall consist of all of the following: (A) Email notice when the agency has an email address for the subject persons. (B) Conspicuous posting of the notice on the agency's Internet Web site page, if the agency maintains one. (C) Notification to major statewide media and the Office of Information Security within the Department of Technology. (j) Notwithstanding subdivision (i), an agency that maintains its own notification procedures as part of an information security policy for the treatment of personal information and is otherwise consistent with the timing requirements of this part shall be deemed to be in compliance with the notification requirements of this section if it notifies subject persons in accordance with its policies in the event of a breach of security of the system. (k) Notwithstanding the exception specified in paragraph (4) of subdivision (b) of Section 1798.3, for purposes of this section, "agency" includes a local agency, as defined in subdivision (a) of Section 6252 of the Government Code. SEC. 1.3. Section 1798.29 of the Civil Code is amended to read: 1798.29. (a) Any agency that owns or licenses computerized data that includes personal information shall disclose any breach of the security of the system following discovery or notification of the breach in the security of the data to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. The disclosure shall be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement, as provided in subdivision (c), or any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system. (b) Any agency that maintains computerized data that includes personal information that the agency does not own shall notify the owner or licensee of the information of any breach of the security of the data immediately following discovery, if the personal information was, or is reasonably believed to have been, acquired by an unauthorized person. (c) The notification required by this section may be delayed if a law enforcement agency determines that the notification will impede a criminal investigation. The notification required by this section shall be made after the law enforcement agency determines that it will not compromise the investigation. (d) Any agency that is required to issue a security breach notification pursuant to this section shall meet all of the following requirements: (1) The security breach notification shall be written in plain language, shall be titled "Notice of Data Breach," and shall present the information described in paragraph (2) under the following headings: "What Happened," "What Information Was Involved," "What We Are Doing," "What You Can Do," and "For More Information." Additional information may be provided as a supplement to the notice. (A) The format of the notice shall be designed to call attention to the nature and significance of the information it contains. (B) The title and headings in the notice shall be clearly and conspicuously displayed. (C) The text of the notice and any other notice provided pursuant to this section shall be no smaller than 10-point type. (D) For a written notice described in paragraph (1) of subdivision (i), use of the model security breach notification form prescribed below or use of the headings described in this paragraph with the information described in paragraph (2), written in plain language, shall be deemed to be in compliance with this subdivision. [NAME OF INSTITUTION / LOGO] Date: [insert date] NOTICE OF DATA BREACH What Happened? What Information Was Involved? What We Are Doing. What You Can Do. Other Important Information. [insert other important information] For More Information. Call [telephone number] or go to [Internet Web site] (E) For an electronic notice described in paragraph (2) of subdivision (i), use of the headings described in this paragraph with the information described in paragraph (2), written in plain language, shall be deemed to be in compliance with this subdivision. (2) The security breach notification described in paragraph (1) shall include, at a minimum, the following information: (A) The name and contact information of the reporting agency subject to this section. (B) A list of the types of personal information that were or are reasonably believed to have been the subject of a breach. (C) If the information is possible to determine at the time the notice is provided, then any of the following: (i) the date of the breach, (ii) the estimated date of the breach, or (iii) the date range within which the breach occurred. The notification shall also include the date of the notice. (D) Whether the notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided. (E) A general description of the breach incident, if that information is possible to determine at the time the notice is provided. (F) The toll -free telephone numbers and addresses of the major credit reporting agencies, if the breach exposed a social security number or a driver's license or California identification card number. (3) At the discretion of the agency, the security breach notification may also include any of the following: (A) Information about what the agency has done to protect individuals whose information has been breached. (B) Advice on steps that the person whose information has been breached may take to protect himself or herself. (e) Any agency that is required to issue a security breach notification pursuant to this section to more than 500 California residents as a result of a single breach of the security system shall electronically submit a single sample copy of that security breach notification, excluding any personally identifiable information, to the Attorney General. A single sample copy of a security breach notification shall not be deemed to be within subdivision (f) of Section 6254 of the Government Code. (f) For purposes of this section, "breach of the security of the system" means unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of personal information maintained by the agency. Good faith acquisition of personal information by an employee or agent of the agency for the purposes of the agency is not a breach of the security of the system, provided that the personal information is not used or subject to further unauthorized disclosure. (g) For purposes of this section, "personal information" means either of the following: (1) An individual's first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted: (A) Social security number. (B) Driver's license number or California identification card number. (C) Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account. (D) Medical information. (E) Health insurance information. (F) Information or data collected through the use or operation of an automated license plate recognition system, as defined in Section 1798.90.5. (2) A user name or email address, in combination with a password or security question and answer that would permit access to an online account. (h) (1) For purposes of this section, "personal information" does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records. (2) For purposes of this section, "medical information" means any information regarding an individual's medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional. (3) For purposes of this section, "health insurance information" means an individual's health insurance policy number or subscriber identification number, any unique identifier used by a health insurer to identify the individual, or any information in an individual's application and claims history, including any appeals records. (4) For purposes of this section, "encrypted" means rendered unusable, unreadable, or indecipherable to an unauthorized person through a security technology or methodology generally accepted in the field of information security. i) For purposes of this section, "notice" may be provided by one of the following methods: (1) Written notice. (2) Electronic notice, if the notice provided is consistent with the provisions regarding electronic records and signatures set forth in Section 7001 of Title 15 of the United States Code. (3) Substitute notice, if the agency demonstrates that the cost of providing notice would exceed two hundred fifty thousand dollars ($250,000), or that the affected class of subject persons to be notified exceeds 500,000, or the agency does not have sufficient contact information. Substitute notice shall consist of all of the following: (A) Email notice when the agency has an email address for the subject persons. (B) Conspicuous posting, for a minimum of 30 days, of the notice on the agency's Internet Web site page, if the agency maintains one. For purposes of this subparagraph, conspicuous posting on the agency's Internet Web site means providing a link to the notice on the home page or first significant page after entering the Internet Web site that is in larger type than the surrounding text, or in contrasting type, font, or color to the surrounding text of the same size, or set off from the surrounding text of the same size by symbols or other marks that call attention to the link. (C) Notification to major statewide media and the Office of Information Security within the Department of Technology. (4) In the case of a breach of the security of the system involving personal information defined in paragraph (2) of subdivision (g) for an online account, and no other personal information defined in paragraph (1) of subdivision (g), the agency may comply with this section by providing the security breach notification in electronic or other form that directs the person whose personal information has been breached to promptly change his or her password and security question or answer, as applicable, or to take other steps appropriate to protect the online account with the agency and all other online accounts for which the person uses the same user name or email address and password or security question or answer. (5) In the case of a breach of the security of the system involving personal information defined in paragraph (2) of subdivision (g) for login credentials of an email account furnished by the agency, the agency shall not comply with this section by providing the security breach notification to that email address, but may, instead, comply with this section by providing notice by another method described in this subdivision or by clear and conspicuous notice delivered to the resident online when the resident is connected to the online account from an Internet Protocol address or online location from which the agency knows the resident customarily accesses the account. (j) Notwithstanding subdivision (i), an agency that maintains its own notification procedures as part of an information security policy for the treatment of personal information and is otherwise consistent with the timing requirements of this part shall be deemed to be in compliance with the notification requirements of this section if it notifies subject persons in accordance with its policies in the event of a breach of security of the system. (k) Notwithstanding the exception specified in paragraph (4) of subdivision (b) of Section 1798.3, for purposes of this section, "agency" includes a local agency, as defined in subdivision (a) of Section 6252 of the Government Code. SEC. 2. Section 1798.82 of the Civil Code is amended to read: 1798.82. (a) A person or business that conducts business in California, and that owns or licenses computerized data that includes personal information, shall disclose a breach of the security of the system following discovery or notification of the breach in the security of the data to a resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. The disclosure shall be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement, as provided in subdivision (c), or any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system. (b) A person or business that maintains computerized data that includes personal information that the person or business does not own shall notify the owner or licensee of the information of the breach of the security of the data immediately following discovery, if the personal information was, or is reasonably believed to have been, acquired by an unauthorized person. (c) The notification required by this section may be delayed if a law enforcement agency determines that the notification will impede a criminal investigation. The notification required by this section shall be made promptly after the law enforcement agency determines that it will not compromise the investigation. (d) A person or business that is required to issue a security breach notification pursuant to this section shall meet all of the following requirements: (1) The security breach notification shall be written in plain language. (2) The security breach notification shall include, at a minimum, the following information: (A) The name and contact information of the reporting person or business subject to this section. (B) A list of the types of personal information that were or are reasonably believed to have been the subject of a breach. (C) If the information is possible to determine at the time the notice is provided, then any of the following: (i) the date of the breach, (ii) the estimated date of the breach, or (iii) the date range within which the breach occurred. The notification shall also include the date of the notice. (D) Whether notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided. (E) A general description of the breach incident, if that information is possible to determine at the time the notice is provided. f p ( 3 ( (e) A covered entity under the federal Health Insurance Portability and Accountability Act of 1996 (42 U.S.C. Sec. 1320d et seq.) will be deemed to have complied with the notice requirements in subdivision (d) if it has complied completely with Section 13402(f) of the federal Health Information Technology for Economic and Clinical Health Act (Public Law 111-5). However, nothing in this subdivision shall be construed to exempt a covered entity from any other provision of this section. (f) A person or business that is required to issue a security breach notification pursuant to this section to more than 500 California residents as a result of a single breach of the security system shall electronically submit a single sample copy of that security breach notification, excluding any personally identifiable information, to the Attorney General. A single sample copy of a security breach notification shall not be deemed to be within subdivision (f) of Section 6254 of the Government Code. (g) For purposes of this section, "breach of the security of the system" means unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of personal information maintained by the person or business. Good faith acquisition of personal information by an employee or agent of the person or business for the purposes of the person or business is not a breach of the security of the system, provided that the personal information is not used or subject to further unauthorized disclosure. (h) For purposes of this section, "personal information" means either of the following: (1) An individual's first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted: (A) Social security number. (B) Driver's license number or California identification card number. (C) Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account. (D) Medical information. (E) Health insurance information. (F) Information or data collected through the use or operation of an automated license plate recognition system, as defined in Section 1798.90.5. (2) A user name or email address, in combination with a password or security question and answer that would permit access to an online account. (i) (1) For purposes of this section, "personal information" does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records. (2) For purposes of this section, "medical information" means any information regarding an individual's medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional. (3) For purposes of this section, "health insurance information" means an individual's health insurance policy number or subscriber identification number, any unique identifier used by a health insurer to identify the individual, or any information in an individual's application and claims history, including any appeals records. (j) For purposes of this section, "notice" may be provided by one of the following methods: (1) Written notice. (2) Electronic notice, if the notice provided is consistent with the provisions regarding electronic records and signatures set forth in Section 7001 of Title 15 of the United States Code. (3) Substitute notice, if the person or business demonstrates that the cost of providing notice would exceed two hundred fifty thousand dollars ($250,000), or that the affected class of subject persons to be notified exceeds 500,000, or the person or business does not have sufficient contact information. Substitute notice shall consist of all of the following: (A) Email notice when the person or business has an email address for the subject persons. (B) Conspicuous posting of the notice on the Internet Web site page of the person or business, if the person or business maintains one. (C) Notification to major statewide media. (k) Notwithstanding subdivision (j), a person or business that maintains its own notification procedures as part of an information security policy for the treatment of personal information and is otherwise consistent with the timing requirements of this part, shall be deemed to be in compliance with the notification requirements of this section if the person or business notifies subject persons in accordance with its policies in the event of a breach of security of the system. SEC. 2.1. Section 1798.82 of the Civil Code is amended to read: 1798.82. (a) A person or business that conducts business in California, and that owns or licenses computerized data that includes personal information, shall disclose a breach of the security of the system following discovery or notification of the breach in the security of the data to a resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. The disclosure shall be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement, as provided in subdivision (c), or any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system. (b) A person or business that maintains computerized data that includes personal information that the person or business does not own shall notify the owner or licensee of the information of the breach of the security of the data immediately following discovery, if the personal information was, or is reasonably believed to have been, acquired by an unauthorized person. (c) The notification required by this section may be delayed if a law enforcement agency determines that the notification will impede a criminal investigation. The notification required by this section shall be made promptly after the law enforcement agency determines that it will not compromise the investigation. (d) A person or business that is required to issue a security breach notification pursuant to this section shall meet all of the following requirements: (1) The security breach notification shall be written in plain language, shall be titled "Notice of Data Breach," and shall present the information described in paragraph (2) under the following headings: "What Happened," "What Information Was Involved," "What We Are Doing," "What You Can Do," and "For More Information." Additional information may be provided as a supplement to the notice. (A) The format of the notice shall be designed to call attention to the nature and significance of the information it contains. (B) The title and headings in the notice shall be clearly and conspicuously displayed. (C) The text of the notice and any other notice provided pursuant to this section shall be no smaller than 10-point type. (D) For a written notice described in paragraph (1) of subdivision (j), use of the model security breach notification form prescribed below or use of the headings described in this paragraph with the information described in paragraph (2), written in plain language, shall be deemed to be in compliance with this subdivision. [NAME OF INSTITUTION / LOGO] Date: [insert date] NOTICE OF DATA BREACH What Happened? What Information Was Involved? What We Are Doing. What You Can Do. Other Important Information. [insert other important information] For More Information. Call [telephone number] or go to [Internet Web site] (E) For an electronic notice described in paragraph (2) of subdivision (j), use of the headings described in this paragraph with the information described in paragraph (2), written in plain language, shall be deemed to be in compliance with this subdivision. (2) The security breach notification described in paragraph (1) shall include, at a minimum, the following information: (A) The name and contact information of the reporting person or business subject to this section. (B) A list of the types of personal information that were or are reasonably believed to have been the subject of a breach. (C) If the information is possible to determine at the time the notice is provided, then any of the following: (i) the date of the breach, (ii) the estimated date of the breach, or (iii) the date range within which the breach occurred. The notification shall also include the date of the notice. (D) Whether notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided. (E) A general description of the breach incident, if that information is possible to determine at the time the notice is provided. (F) The toll -free telephone numbers and addresses of the major credit reporting agencies if the breach exposed a social security number or a driver's license or California identification card number. (G) If the person or business providing the notification was the source of the breach, an offer to provide appropriate identity theft prevention and mitigation services, if any, shall be provided at no cost to the affected person for not less than 12 months along with all information necessary to take advantage of the offer to any person whose information was or may have been breached if the breach exposed or may have exposed personal information defined in subparagraphs (A) and (B) of paragraph (1) of subdivision (h). (3) At the discretion of the person or business, the security breach notification may also include any of the following: (A) Information about what the person or business has done to protect individuals whose information has been breached. (B) Advice on steps that the person whose information has been breached may take to protect himself or herself. (e) A covered entity under the federal Health Insurance Portability and Accountability Act of 1996 (42 U.S.C. Sec. 1320d et seq.) will be deemed to have complied with the notice requirements in subdivision (d) if it has complied completely with Section 13402(f) of the federal Health Information Technology for Economic and Clinical Health Act (Public Law 111-5). However, nothing in this subdivision shall be construed to exempt a covered entity from any other provision of this section. (f) A person or business that is required to issue a security breach notification pursuant to this section to more than 500 California residents as a result of a single breach of the security system shall electronically submit a single sample copy of that security breach notification, excluding any personally identifiable information, to the Attorney General. A single sample copy of a security breach notification shall not be deemed to be within subdivision (f) of Section 6254 of the Government Code. (g) For purposes of this section, "breach of the security of the system" means unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of personal information maintained by the person or business. Good faith acquisition of personal information by an employee or agent of the person or business for the purposes of the person or business is not a breach of the security of the system, provided that the personal information is not used or subject to further unauthorized disclosure. (h) For purposes of this section, "personal information" means either of the following: (1) An individual's first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted: (A) Social security number. (B) Driver's license number or California identification card number. (C) Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account. (D) Medical information. (E) Health insurance information. (F) Information or data collected through the use or operation of an automated license plate recognition system, as defined in Section 1798.90.5. (2) A user name or email address, in combination with a password or security question and answer that would permit access to an online account. (i) (1) For purposes of this section, "personal information" does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records. (2) For purposes of this section, "medical information" means any information regarding an individual's medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional. (3) For purposes of this section, "health insurance information" means an individual's health insurance policy number or subscriber identification number, any unique identifier used by a health insurer to identify the individual, or any information in an individual's application and claims history, including any appeals records. (j) For purposes of this section, "notice" may be provided by one of the following methods: (1) Written notice. (2) Electronic notice, if the notice provided is consistent with the provisions regarding electronic records and signatures set forth in Section 7001 of Title 15 of the United States Code. (3) Substitute notice, if the person or business demonstrates that the cost of providing notice would exceed two hundred fifty thousand dollars ($250,000), or that the affected class of subject persons to be notified exceeds 500,000, or the person or business does not have sufficient contact information. Substitute notice shall consist of all of the following: (A) Email notice when the person or business has an email address for the subject persons. (B) Conspicuous posting, for a minimum of 30 days, of the notice on the Internet Web site page of the person or business, if the person or business maintains one. For purposes of this subparagraph, conspicuous posting on the person's or business's Internet Web site means providing a link to the notice on the home page or first significant page after entering the Internet Web site that is in larger type than the surrounding text, or in contrasting type, font, or color to the surrounding text of the same size, or set off from the surrounding text of the same size by symbols or other marks that call attention to the link. (C) Notification to major statewide media. (4) In the case of a breach of the security of the system involving personal information defined in paragraph (2) of subdivision (h) for an online account, and no other personal information defined in paragraph (1) of subdivision (h), the person or business may comply with this section by providing the security breach notification in electronic or other form that directs the person whose personal information has been breached promptly to change his or her password and security question or answer, as applicable, or to take other steps appropriate to protect the online account with the person or business and all other online accounts for which the person whose personal information has been breached uses the same user name or email address and password or security question or answer. (5) In the case of a breach of the security of the system involving personal information defined in paragraph (2) of subdivision (h) for login credentials of an email account furnished by the person or business, the person or business shall not comply with this section by providing the security breach notification to that email address, but may, instead, comply with this section by providing notice by another method described in this subdivision or by clear and conspicuous notice delivered to the resident online when the resident is connected to the online account from an Internet Protocol address or online location from which the person or business knows the resident customarily accesses the account. (k) Notwithstanding subdivision (j), a person or business that maintains its own notification procedures as part of an information security policy for the treatment of personal information and is otherwise consistent with the timing requirements of this part, shall be deemed to be in compliance with the notification requirements of this section if the person or business notifies subject persons in accordance with its policies in the event of a breach of security of the system. SEC. 2.2. Section 1798.82 of the Civil Code is amended to read: 1798.82. (a) A person or business that conducts business in California, and that owns or licenses computerized data that includes personal information, shall disclose a breach of the security of the system following discovery or notification of the breach in the security of the data to a resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. The disclosure shall be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement, as provided in subdivision (c), or any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system. (b) A person or business that maintains computerized data that includes personal information that the person or business does not own shall notify the owner or licensee of the information of the breach of the security of the data immediately following discovery, if the personal information was, or is reasonably believed to have been, acquired by an unauthorized person. (c) The notification required by this section may be delayed if a law enforcement agency determines that the notification will impede a criminal investigation. The notification required by this section shall be made promptly after the law enforcement agency determines that it will not compromise the investigation. (d) A person or business that is required to issue a security breach notification pursuant to this section shall meet all of the following requirements: (1) The security breach notification shall be written in plain language. (2) The security breach notification shall include, at a minimum, the following information: (A) The name and contact information of the reporting person or business subject to this section. (B) A list of the types of personal information that were or are reasonably believed to have been the subject of a breach. (C) If the information is possible to determine at the time the notice is provided, then any of the following: (i) the date of the breach, (ii) the estimated date of the breach, or (iii) the date range within which the breach occurred. The notification shall also include the date of the notice. (D) Whether notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided. (E) A general description of the breach incident, if that information is possible to determine at the time the notice is provided. (F) The toll -free telephone numbers and addresses of the major credit reporting agencies if the breach exposed a social security number or a driver's license or California identification card number. (G) If the person or business providing the notification was the source of the breach, an offer to provide appropriate identity theft prevention and mitigation services, if any, shall be provided at no cost to the affected person for not less than 12 months, along with all information necessary to take advantage of the offer to any person whose information was or may have been breached if the breach exposed or may have exposed personal information defined in subparagraphs (A) and (B) of paragraph (1) of subdivision (h). (3) At the discretion of the person or business, the security breach notification may also include any of the following: (A) Information about what the person or business has done to protect individuals whose information has been breached. (B) Advice on steps that the person whose information has been breached may take to protect himself or herself. (4) In the case of a breach of the security of the system involving personal information defined in paragraph (2) of subdivision (h) for an online account, and no other personal information defined in paragraph (1) of subdivision (h), the person or business may comply with this section by providing the security breach notification in electronic or other form that directs the person whose personal information has been breached promptly to change his or her password and security question or answer, as applicable, or to take other steps appropriate to protect the online account with the person or business and all other online accounts for which the person whose personal information has been breached uses the same user name or email address and password or security question or answer. (5) In the case of a breach of the security of the system involving personal information defined in paragraph (2) of subdivision (h) for login credentials of an email account furnished by the person or business, the person or business shall not comply with this section by providing the security breach notification to that email address, but may, instead, comply with this section by providing notice by another method described in subdivision (j) or by clear and conspicuous notice delivered to the resident online when the resident is connected to the online account from an Internet Protocol address or online location from which the person or business knows the resident customarily accesses the account. (e) A covered entity under the federal Health Insurance Portability and Accountability Act of 1996 (42 U.S.C. Sec. 1320d et seq.) will be deemed to have complied with the notice requirements in subdivision (d) if it has complied completely with Section 13402(f) of the federal Health Information Technology for Economic and Clinical Health Act (Public Law 111-5). However, nothing in this subdivision shall be construed to exempt a covered entity from any other provision of this section. (f) A person or business that is required to issue a security breach notification pursuant to this section to more than 500 California residents as a result of a single breach of the security system shall electronically submit a single sample copy of that security breach notification, excluding any personally identifiable information, to the Attorney General. A single sample copy of a security breach notification shall not be deemed to be within subdivision (f) of Section 6254 of the Government Code. (g) For purposes of this section, "breach of the security of the system" means unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of personal information maintained by the person or business. Good faith acquisition of personal information by an employee or agent of the person or business for the purposes of the person or business is not a breach of the security of the system, provided that the personal information is not used or subject to further unauthorized disclosure. (h) For purposes of this section, "personal information" means either of the following: (1) An individual's first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted: (A) Social security number. (B) Driver's license number or California identification card number. (C) Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account. (D) Medical information. (E) Health insurance information. (F) Information or data collected through the use or operation of an automated license plate recognition system, as defined in Section 1798.90.5. (2) A user name or email address, in combination with a password or security question and answer that would permit access to an online account. (i) (1) For purposes of this section, "personal information" does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records. (2) For purposes of this section, "medical information" means any information regarding an individual's medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional. (3) For purposes of this section, "health insurance information" means an individual's health insurance policy number or subscriber identification number, any unique identifier used by a health insurer to identify the individual, or any information in an individual's application and claims history, including any appeals records. (4) For purposes of this section, "encrypted" means rendered unusable, unreadable, or indecipherable to an unauthorized person through a security technology or methodology generally accepted in the field of information security. (j) For purposes of this section, "notice" may be provided by one of the following methods: (1) Written notice. (2) Electronic notice, if the notice provided is consistent with the provisions regarding electronic records and signatures set forth in Section 7001 of Title 15 of the United States Code. (3) Substitute notice, if the person or business demonstrates that the cost of providing notice would exceed two hundred fifty thousand dollars ($250,000), or that the affected class of subject persons to be notified exceeds 500,000, or the person or business does not have sufficient contact information. Substitute notice shall consist of all of the following: (A) Email notice when the person or business has an email address for the subject persons. (B) Conspicuous posting of the notice on the Internet Web site page of the person or business, if the person or business maintains one. (C) Notification to major statewide media. (k) Notwithstanding subdivision (j), a person or business that maintains its own notification procedures as part of an information security policy for the treatment of personal information and is otherwise consistent with the timing requirements of this part, shall be deemed to be in compliance with the notification requirements of this section if the person or business notifies subject persons in accordance with its policies in the event of a breach of security of the system. SEC. 2.3. Section 1798.82 of the Civil Code is amended to read: 1798.82. (a) A person or business that conducts business in California, and that owns or licenses computerized data that includes personal information, shall disclose a breach of the security of the system following discovery or notification of the breach in the security of the data to a resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. The disclosure shall be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement, as provided in subdivision (c), or any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system. (b) A person or business that maintains computerized data that includes personal information that the person or business does not own shall notify the owner or licensee of the information of the breach of the security of the data immediately following discovery, if the personal information was, or is reasonably believed to have been, acquired by an unauthorized person. (c) The notification required by this section may be delayed if a law enforcement agency determines that the notification will impede a criminal investigation. The notification required by this section shall be made promptly after the law enforcement agency determines that it will not compromise the investigation. (d) A person or business that is required to issue a security breach notification pursuant to this section shall meet all of the following requirements: (1) The security breach notification shall be written in plain language, shall be titled "Notice of Data Breach," and shall present the information described in paragraph (2) under the following headings: "What Happened," "What Information Was Involved," "What We Are Doing," "What You Can Do," and "For More Information." Additional information may be provided as a supplement to the notice. (A) The format of the notice shall be designed to call attention to the nature and significance of the information it contains. (B) The title and headings in the notice shall be clearly and conspicuously displayed. (C) The text of the notice and any other notice provided pursuant to this section shall be no smaller than 10-point type. (D) For a written notice described in paragraph (1) of subdivision (j), use of the model security breach notification form prescribed below or use of the headings described in this paragraph with the information described in paragraph (2), written in plain language, shall be deemed to be in compliance with this subdivision. [NAME OF INSTITUTION / LOGO] Date: [insert date] NOTICE OF DATA BREACH What Happened? What Information Was Involved? What We Are Doing. What You Can Do. Other Important Information. [insert other important information] For More Information. Call [telephone number] or go to [Internet Web site] (E) For an electronic notice described in paragraph (2) of subdivision (j), use of the headings described in this paragraph with the information described in paragraph (2), written in plain language, shall be deemed to be in compliance with this subdivision. (2) The security breach notification described in paragraph (1) shall include, at a minimum, the following information: (A) The name and contact information of the reporting person or business subject to this section. (B) A list of the types of personal information that were or are reasonably believed to have been the subject of a breach. (C) If the information is possible to determine at the time the notice is provided, then any of the following: (i) the date of the breach, (ii) the estimated date of the breach, or (iii) the date range within which the breach occurred. The notification shall also include the date of the notice. (D) Whether notification was delayed as a result of a law enforcement investigation, if that information is possible to determine at the time the notice is provided. (E) A general description of the breach incident, if that information is possible to determine at the time the notice is provided. (F) The toll -free telephone numbers and addresses of the major credit reporting agencies if the breach exposed a social security number or a driver's license or California identification card number. (G) If the person or business providing the notification was the source of the breach, an offer to provide appropriate identity theft prevention and mitigation services, if any, shall be provided at no cost to the affected person for not less than 12 months along with all information necessary to take advantage of the offer to any person whose information was or may have been breached if the breach exposed or may have exposed personal information defined in subparagraphs (A) and (B) of paragraph (1) of subdivision (h). (3) At the discretion of the person or business, the security breach notification may also include any of the following: (A) Information about what the person or business has done to protect individuals whose information has been breached. (B) Advice on steps that the person whose information has been breached may take to protect himself or herself. (e) A covered entity under the federal Health Insurance Portability and Accountability Act of 1996 (42 U.S.C. Sec. 1320d et seq.) will be deemed to have complied with the notice requirements in subdivision (d) if it has complied completely with Section 13402(f) of the federal Health Information Technology for Economic and Clinical Health Act (Public Law 111-5). However, nothing in this subdivision shall be construed to exempt a covered entity from any other provision of this section. (f) A person or business that is required to issue a security breach notification pursuant to this section to more than 500 California residents as a result of a single breach of the security system shall electronically submit a single sample copy of that security breach notification, excluding any personally identifiable information, to the Attorney General. A single sample copy of a security breach notification shall not be deemed to be within subdivision (f) of Section 6254 of the Government Code. (g) For purposes of this section, "breach of the security of the system" means unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of personal information maintained by the person or business. Good faith acquisition of personal information by an employee or agent of the person or business for the purposes of the person or business is not a breach of the security of the system, provided that the personal information is not used or subject to further unauthorized disclosure. (h) For purposes of this section, "personal information" means either of the following: (1) An individual's first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted: (A) Social security number. (B) Driver's license number or California identification card number. (C) Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account. (D) Medical information. (E) Health insurance information. (F) Information or data collected through the use or operation of an automated license plate recognition system, as defined in Section 1798.90.5. (2) A user name or email address, in combination with a password or security question and answer that would permit access to an online account. (i) (1) For purposes of this section, "personal information" does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records. (2) For purposes of this section, "medical information" means any information regarding an individual's medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional. (3) For purposes of this section, "health insurance information" means an individual's health insurance policy number or subscriber identification number, any unique identifier used by a health insurer to identify the individual, or any information in an individual's application and claims history, including any appeals records. (4) For purposes of this section, "encrypted" means rendered unusable, unreadable, or indecipherable to an unauthorized person through a security technology or methodology generally accepted in the field of information security. (j) For purposes of this section, "notice" may be provided by one of the following methods: (1) Written notice. (2) Electronic notice, if the notice provided is consistent with the provisions regarding electronic records and signatures set forth in Section 7001 of Title 15 of the United States Code. (3) Substitute notice, if the person or business demonstrates that the cost of providing notice would exceed two hundred fifty thousand dollars ($250,000), or that the affected class of subject persons to be notified exceeds 500,000, or the person or business does not have sufficient contact information. Substitute notice shall consist of all of the following: (A) Email notice when the person or business has an email address for the subject persons. (B) Conspicuous posting, for a minimum of 30 days, of the notice on the Internet Web site page of the person or business, if the person or business maintains one. For purposes of this subparagraph, conspicuous posting on the person's or business's Internet Web site means providing a link to the notice on the home page or first significant page after entering the Internet Web site that is in larger type than the surrounding text, or in contrasting type, font, or color to the surrounding text of the same size, or set off from the surrounding text of the same size by symbols or other marks that call attention to the link. (C) Notification to major statewide media. (4) In the case of a breach of the security of the system involving personal information defined in paragraph (2) of subdivision (h) for an online account, and no other personal information defined in paragraph (1) of subdivision (h), the person or business may comply with this section by providing the security breach notification in electronic or other form that directs the person whose personal information has been breached promptly to change his or her password and security question or answer, as applicable, or to take other steps appropriate to protect the online account with the person or business and all other online accounts for which the person whose personal information has been breached uses the same user name or email address and password or security question or answer. (5) In the case of a breach of the security of the system involving personal information defined in paragraph (2) of subdivision (h) for login credentials of an email account furnished by the person or business, the person or business shall not comply with this section by providing the security breach notification to that email address, but may, instead, comply with this section by providing notice by another method described in this subdivision or by clear and conspicuous notice delivered to the resident online when the resident is connected to the online account from an Internet Protocol address or online location from which the person or business knows the resident customarily accesses the account. (k) Notwithstanding subdivision (j), a person or business that maintains its own notification procedures as part of an information security policy for the treatment of personal information and is otherwise consistent with the timing requirements of this part, shall be deemed to be in compliance with the notification requirements of this section if the person or business notifies subject persons in accordance with its policies in the event of a breach of security of the system. SEC. 3. Title 1.81.23 (commencing with Section 1798.90.5) is added to Part 4 of Division 3 of the Civil Code, to read: TITLE 1.81.23. COLLECTION OF LICENSE PLATE INFORMATION 1798.90.5. The following definitions shall apply for purposes of this title: (a) "Automated license plate recognition end -user" or"ALPR end -user" means a person that accesses or uses an ALPR system, but does not include any of the following: (1) A transportation agency when subject to Section 31490 of the Streets and Highways Code. (2) A person that is subject to Sections 6801 to 6809, inclusive, of Title 15 of the United States Code and state or federal statutes or regulations implementing those sections, if the person is subject to compliance oversight by a state or federal regulatory agency with respect to those sections. (3) A person, other than a law enforcement agency, to whom information may be disclosed as a permissible use pursuant to Section 2721 of Title 18 of the United States Code. (b) "Automated license plate recognition information," or "ALPR information" means information or data collected through the use of an ALPR system. (c) "Automated license plate recognition operator" or "ALPR operator" means a person that operates an ALPR system, but does not include a transportation agency when subject to Section 31490 of the Streets and Highways Code. (d) "Automated license plate recognition system" or "ALPR system" means a searchable computerized database resulting from the operation of one or more mobile or fixed cameras combined with computer algorithms to read and convert images of registration plates and the characters they contain into computer -readable data. (e) "Person" means any natural person, public agency, partnership, firm, association, corporation, limited liability company, or other legal entity. (f) "Public agency" means the state, any city, county, or city and county, or any agency or political subdivision of the state or a city, county, or city and county, including, but not limited to, a law enforcement agency. 1798.90.51. An ALPR operator shall do all of the following: (a) Maintain reasonable security procedures and practices, including operational, administrative, technical, and physical safeguards, to protect ALPR information from unauthorized access, destruction, use, modification, or disclosure. (b) (1) Implement a usage and privacy policy in order to ensure that the collection, use, maintenance, sharing, and dissemination of ALPR information is consistent with respect for individuals' privacy and civil liberties. The usage and privacy policy shall be available to the public in writing, and, if the ALPR operator has an Internet Web site, the usage and privacy policy shall be posted conspicuously on that Internet Web site. (2) The usage and privacy policy shall, at a minimum, include all of the following: (A) The authorized purposes for using the ALPR system and collecting ALPR information. (B) A description of the job title or other designation of the employees and independent contractors who are authorized to use or access the ALPR system, or to collect ALPR information. The policy shall identify the training requirements necessary for those authorized employees and independent contractors. (C) A description of how the ALPR system will be monitored to ensure the security of the information and compliance with applicable privacy laws. (D) The purposes of, process for, and restrictions on, the sale, sharing, or transfer of ALPR information to other persons. (E) The title of the official custodian, or owner, of the ALPR system responsible for implementing this section. (F) A description of the reasonable measures that will be used to ensure the accuracy of ALPR information and correct data errors. (G) The length of time ALPR information will be retained, and the process the ALPR operator will utilize to determine if and when to destroy retained ALPR information. 1798.90.52. If an ALPR operator accesses or provides access to ALPR information, the ALPR operator shall do both of the following: (a) Maintain a record of that access. At a minimum, the record shall include all of the following: (1) The date and time the information is accessed. (2) The license plate number or other data elements used to query the ALPR system. (3) The username of the person who accesses the information, and, as applicable, the organization or entity with whom the person is affiliated. (4) The purpose for accessing the information. (b) Require that ALPR information only be used for the authorized purposes described in the usage and privacy policy required by subdivision (b) of Section 1798.90.51. 1798.90.53. An ALPR end -user shall do all of the following: (a) Maintain reasonable security procedures and practices, including operational, administrative, technical, and physical safeguards, to protect ALPR information from unauthorized access, destruction, use, modification, or disclosure. (b) (1) Implement a usage and privacy policy in order to ensure that the access, use, sharing, and dissemination of ALPR information is consistent with respect for individuals' privacy and civil liberties. The usage and privacy policy shall be available to the public in writing, and, if the ALPR end -user has an Internet Web site, the usage and privacy policy shall be posted conspicuously on that Internet Web site. (2) The usage and privacy policy shall, at a minimum, include all of the following: (A) The authorized purposes for accessing and using ALPR information. (B) A description of the job title or other designation of the employees and independent contractors who are authorized to access and use ALPR information. The policy shall identify the training requirements necessary for those authorized employees and independent contractors. (C) A description of how the ALPR system will be monitored to ensure the security of the information accessed or used, and compliance with all applicable privacy laws and a process for periodic system audits. (D) The purposes of, process for, and restrictions on, the sale, sharing, or transfer of ALPR information to other persons. (E) The title of the official custodian, or owner, of the ALPR information responsible for implementing this section. (F) A description of the reasonable measures that will be used to ensure the accuracy of ALPR information and correct data errors. (G) The length of time ALPR information will be retained, and the process the ALPR end -user will utilize to determine if and when to destroy retained ALPR information. 1798.90.54. (a) In addition to any other sanctions, penalties, or remedies provided by law, an individual who has been harmed by a violation of this title, including, but not limited to, unauthorized access or use of ALPR information or a breach of security of an ALPR system, may bring a civil action in any court of competent jurisdiction against a person who knowingly caused the harm. (b) The court may award a combination of any one or more of the following: (1) Actual damages, but not less than liquidated damages in the amount of two thousand five hundred dollars ($2,500). (2) Punitive damages upon proof of willful or reckless disregard of the law. (3) Reasonable attorney's fees and other litigation costs reasonably incurred. (4) Other preliminary and equitable relief as the court determines to be appropriate. 1798.90.55. Notwithstanding any other law or regulation: (a) A public agency that operates or intends to operate an ALPR system shall provide an opportunity for public comment at a regularly scheduled public meeting of the governing body of the public agency before implementing the program. (b) A public agency shall not sell, share, or transfer ALPR information, except to another public agency, and only as otherwise permitted by law. For purposes of this section, the provision of data hosting or towing services shall not be considered the sale, sharing, or transferring of ALPR information. SEC. 4. (a) Section 1.1 of this bill incorporates amendments to Section 1798.29 of the Civil Code proposed by both this bill and Senate Bill 570. It shall only become operative if (1) both bills are enacted and become effective on or before January 1, 2016, (2) each bill amends Section 1798.29 of the Civil Code, (3) Assembly Bill 964 is not enacted or as enacted does not amend that section, and (4) this bill is enacted after Senate Bill 570, in which case Sections 1, 1.2, and 1.3 of this bill shall not become operative. (b) Section 1.2 of this bill incorporates amendments to Section 1798.29 of the Civil Code proposed by both this bill and Assembly Bill 964. It shall only become operative if (1) both bills are enacted and become effective on or before January 1, 2016, (2) each bill amends Section 1798.29 of the Civil Code, (3) Senate Bill 570 is not enacted or as enacted does not amend that section, and (4) this bill is enacted after Assembly Bill 964, in which case Sections 1, 1.1, and 1.3 of this bill shall not become operative. (c) Section 1.3 of this bill incorporates amendments to Section 1798.29 of the Civil Code proposed by this bill, Senate Bill 570, and Assembly Bill 964. It shall only become operative if (1) all three bills are enacted and become effective on or before January 1, 2016, (2) all three bills amend Section 1798.29 of the Civil Code, and (3) this bill is enacted after Senate Bill 570 and Assembly Bill 964, in which case Sections 1, 1.1, and 1.2 of this bill shall not become operative. SEC. 5. (a) Section 2.1 of this bill incorporates amendments to Section 1798.82 of the Civil Code proposed by both this bill and Senate Bill 570. It shall only become operative if (1) both bills are enacted and become effective on or before January 1, 2016, (2) each bill amends Section 1798.82 of the Civil Code, (3) Assembly Bill 964 is not enacted or as enacted does not amend that section, and (4) this bill is enacted after Senate Bill 570, in which case Sections 2, 2.2, and 2.3 of this bill shall not become operative. (b) Section 2.2 of this bill incorporates amendments to Section 1798.82 of the Civil Code proposed by both this bill and Assembly Bill 964. It shall only become operative if (1) both bills are enacted and become effective on or before January 1, 2016, (2) each bill amends Section 1798.82 of the Civil Code, (3) Senate Bill 570 is not enacted or as enacted does not amend that section, and (4) this bill is enacted after Assembly Bill 964, in which case Sections 2, 2.1, and 2.3 of this bill shall not become operative. (c) Section 2.3 of this bill incorporates amendments to Section 1798.82 of the Civil Code proposed by this bill, Senate Bill 570, and Assembly Bill 964. It shall only become operative if (1) all three bills are enacted and become effective on or before January 1, 2016, (2) all three bills amend Section 1798.82 of the Civil Code, and (3) this bill is enacted after Senate Bill 570 and Assembly Bill 964, in which case Sections 2, 2.1, and 2.2 of this bill shall not become operative. Policy ATTACHMENT 4 412 Riverside County Sheriff's Department Riverside County Sheriffs Department Standards Manual (DSM) Automated License Plate Readers 412.1 PURPOSE AND SCOPE The purpose of this policy is to provide guidance for the capture, storage and use of digital data obtained through the use of Automated License Plate Reader (ALPR) technology. 412.2 DEFINITIONS Definitions related to this policy include: ALPR Data - Information or data and images collected using an ALPR system. ALPR Operator - An agency that operates an ALPR system. ALPR System - A searchable computerized database resulting from the operation of one or more mobile or fixed cameras combined with computer algorithms to read and convert images of registration plates and the characters they contain into computer -readable data. ALPR User - A person that accesses or uses an ALPR system. 412.3 POLICY The policy of the Riverside County Sheriff's Department is to utilize ALPR technology to capture and store digital license plate data and images while recognizing established privacy rights of the public. All data and images gathered by the ALPR system are for the official use of this department. Because such data may contain confidential information, it may not be open to public review. 412.4 ADMINISTRATION The ALPR technology, allows for the automated detection of license plates. It is used by the Riverside County Sheriff's Department to convert data associated with vehicle license plates for official law enforcement purposes, including identifying stolen or wanted vehicles, stolen license plates and missing persons. It may also be used to gather information related to arrest warrants, homeland security, electronic surveillance, suspect interdiction and stolen property recovery. All installation and maintenance of ALPR equipment, as well as ALPR data retention and access, shall be managed by the Support Services Chief Deputy. This Chief Deputy will assign members under their command to administer the day-to-day operation of the ALPR equipment and data. 412.4.1 ALPR ADMINISTRATOR The Support Services Chief Deputy shall be responsible for developing guidelines and procedures to comply with the requirements of Civil Code § 1798.90.5 et seq. This includes, but is not limited to (Civil Code § 1798.90.51; Civil Code § 1798.90.53): (a) A description of the job title or other designation of the members and independent contractors who are authorized to use or access the ALPR system or to collect ALPR information. Copyright Lexipol, LLC 2024/04/11, All Rights Reserved. Published with permission by Riverside County Sheriffs Department Automated License Plate Readers - 1 Riverside County Sheriff's Department Riverside County Sheriffs Department Standards Manual (DSM) Automated License Plate Readers (b) Training requirements for authorized users. (c) A description of how the ALPR system will be monitored to ensure the security of the information and compliance with applicable privacy laws. (d) Procedures for system operators to maintain records of access in compliance with Civil Code § 1798.90.52. (e) The title and name of the current designee in overseeing the ALPR operation. (f) Working with the Custodian of Records on the retention and destruction of ALPR data. (g) Ensuring this policy and related procedures are conspicuously posted on the department's website. 412.4.2 PUBLIC HEARING In accordance with Civil Code §1798.90.55(a), the department provided an opportunity for public comment on the use of the ALPR program within Riverside County during an open meeting of the Riverside County Board of Supervisors on August 29, 2017 (BOS Agenda Item# 3.108). 412.4.3 AUTHORIZED USERS Users authorized to access any ALPR information operated by the department are those in positions, assignments, or otherwise tasked with criminal investigations or patrol operations. These users include sworn peace officers and classified department personnel such as, but not limited to, Community Service Officers, Crime Analysts, and 911 Communications Officers. 412.5 OPERATIONS Use of an ALPR system is restricted to the purposes outlined below. Department members shall not use, or allow others to use the equipment or database records for any unauthorized purpose (Civil Code § 1798.90.51; Civil Code § 1798.90.53). (a) An ALPR system shall only be used for official law enforcement business. (b) An ALPR system may be used in conjunction with any routine patrol operation or criminal investigation. Reasonable suspicion or probable cause is not required before using an ALPR system. (c) No member of this department shall operate ALPR equipment or access ALPR data without first completing department approved training. (d) No ALPR operator may access department, state or federal data unless otherwise authorized to do so. (e) When applicable, authorized users shall verify an ALPR response through the California Law Enforcement Telecommunications System (CLETS) before taking enforcement action that is based solely on an ALPR alert. 412.5.1 CUSTOM HOT LISTS ALPR Custom Hot Lists are ALPR user created lists of vehicles with associated information, actions, or requests to other ALPR users. Custom Hot Lists are an invaluable tool to assist law enforcement share information with other law enforcement agencies that has historically been Copyright Lexipol, LLC 2024/04/11, All Rights Reserved. Published with permission by Riverside County Sheriffs Department Automated License Plate Readers - 2 Riverside County Sheriff's Department Riverside County Sheriff's Department Standards Manual (DSM) Automated License Plate Readers conducted through printed or digital flyers, such as information related to specific wanted vehicles or vehicles associated to verified crimes. When using Custom Hot Lists, the following shall apply: (a) Custom Hot Lists should generally be created by the primary investigating ALPR user or an authorized designee. (b) No user shall create a Custom Hot List accessible only to themselves. At minimum, each Custom Hot List shall include the creator's supervisor or any other supervisor tasked with ALPR usage audits. (c) The creator is required to maintain, update, or remove entries as circumstances change, such as when the vehicle is no longer wanted or no longer suspected of a crime. (d) All entries shall include the creator's contact information, specific incident details, and actionable instructions. (e) Entries may include attachments, such as law enforcement flyers, that contain further details of the crime or requests from the investigating ALPR user. 412.5.2 REPORT WRITING The ALPR EDP code shall be used as a secondary EDP and is required on any written report where ALPR technology was effectively utilized during an investigation. This practice will ensure proper identification of ALPR-related incidents and crime trends. • For example, if an abandoned stolen vehicle is located via a notification from the ALPR system, the recovery should be documented as a Stolen Vehicle Recovery and the corresponding EDP for the recovery should be first on the Form A. On the second line of the Form A, "ALPR" should be entered in the offense section and "25T1-N" should be entered in the EDP code section. 412.6 DATA COLLECTION, SECURITY AND RETENTION The Support Services Chief Deputy is responsible for ensuring systems and processes are in place for the proper collection and retention of ALPR data. (a) ALPR records retained by the department will be maintained, safeguarded, and purged according to all applicable laws, policies and ALPR system provider limitations. ALPR information that may be needed for active or probable litigation, is the subject of an active public records request, or is needed for auditing purposes shall be maintained until the underlying matters are fully resolved before being destroyed. When applicable, the destruction of ALPR information will follow the steps specified in the Riverside County Board of Supervisors Policy A-43 and in accordance with the Sheriff Department's records retention schedule. (b) The Riverside County Sheriff's Department, or its authorized vendors, will retain raw ALPR information for a period not to exceed the lesser of the maximum period allowed by law, or the retention period established in applicable service agreements. (c) Electronic data gathered during ALPR usage is the property of the Riverside County Sheriff's Department. The approved ALPR vendor will maintain responsibility for Copyright Lexipol, LLC 2024/04/11, All Rights Reserved. Published with permission by Riverside County Sheriffs Department Automated License Plate Readers - 3 Riverside County Sheriff's Department Riverside County Sheriffs Department Standards Manual (DSM) Automated License Plate Readers adherence to protocols involving information security in accordance with FBI CJIS security policy. The approved vendor will also be responsible for executing retention and/or deletion routines of electronically stored data as specified by the Riverside County Records Management and Archive Policy A-43 and in compliance with applicable laws. (d) Authorized department vendors with access to systems containing ALPR data shall maintain reasonable security procedures and practices, including operational, administrative, technical, and physical safeguards, to protect ALPR information from unauthorized access, destruction, use, modification, or disclosure. (e) All ALPR login and query records will be retained for at least the minimum period required by law, unless the information has been timely requested for investigative or other legal reasons. Pursuant to Civil Code § 1798.90.52, any records retained must contain, at a minimum, the following information: 1. The date and time ALPR information was accessed. 2. The username of who accessed the information. 3. The license plate number or other data elements used to query the ALPR system. 4. The stated purpose for accessing the information. 412.7 ACCOUNTABILITY All data will be closely safeguarded and protected by both procedural and technological means. The Riverside County Sheriff's Department will observe the following safeguards regarding access to and use of stored data (Civil Code § 1798.90.51; Civil Code § 1798.90.53): (a) All ALPR data downloaded to the mobile workstation and in storage shall be accessible only through a login/password-protected system capable of documenting all access of information by name, date and time (Civil Code § 1798.90.52). (b) Members approved to access ALPR data under these guidelines are permitted to access the data for legitimate law enforcement purposes only, such as when the data relates to a specific criminal investigation or department -related civil or administrative action. (c) Department members shall only use their own assigned username and password when accessing any ALPR system. (d) When conducting a specific license plate search of ALPR data, department members shall include a related case number for justification. (e) When conducting a generic vehicle description search of ALPR data, department members shall include a justification description or related case number. (f) Any printed ALPR information must be destroyed using a secure method. No materials shall be disposed of in regular trash or recycling containers. (g) No ALPR data shall be given, sold, shared or otherwise transferred to any unauthorized party. Copyright Lexipol, LLC 2024/04/11, All Rights Reserved. Published with permission by Riverside County Sheriffs Department Automated License Plate Readers - 4 Riverside County Sheriff's Department Riverside County Sheriffs Department Standards Manual (DSM) Automated License Plate Readers (h) ALPR system audits should be conducted on a regular basis. Stations or bureaus with ALPR networks within their commands are responsible for the completion of monthly audits of ALPR queries performed by their assigned personnel to include any Custom Hot Lists created by those users. (i) Any violations of this policy may result in temporary or permanent revocation of access. (j) Any breach or unauthorized or unintentional release of any ALPR information shall be immediately reported to the Support Services Chief Deputy. This policy does not prohibit any bureau, station, or command from further restricting user access, revoking access without cause, or requiring supplemental training for its assigned ALPR users. 412.8 CUSTODIAN OF RECORD The manager of the Technical Services Bureau (TSB), acting on behalf of the Riverside County Sheriff's Department, is responsible for implementing the provisions of this usage and privacy policy as the official custodian/owner of the ALPR system and ALPR information covered herein. 412.9 ACCESS, SHARING AND RELEASING OF ALPR DATA The department may be authorized discretionary access to ALPR data owned by other law enforcement agencies and may be revoked without cause. In order to maintain public trust, the integrity of all ALPR data, and collaborative relationships with other agencies, this policy will also apply to searches of all shared data. At the discretion of the Support Services Chief Deputy, access to ALPR networks owned or managed by the Riverside County Sheriff's Department may be shared with other law enforcement agencies as authorized by law, excluding federal law enforcement agencies. ALPR data may be released to other law enforcement or prosecutorial agencies with a nexus for official law enforcement purposes, or as otherwise permitted by law. All other information release requests from law enforcement agencies shall use the following procedures: (a) The agency makes a written request for the ALPR data that includes: 1. The name of the agency. 2. The name of the person requesting. 3. The intended purpose of obtaining the information. (b) The request is reviewed by the affected commander or the authorized designee and approved before the request is fulfilled. (c) The approved request is retained on file. Requests for ALPR data by non -law enforcement or non -prosecutorial agencies will be processed as provided in the Records Maintenance and Release Policy (DSM 809). Public record requests for ALPR data shall be routed to the CPRA Unit for disposition. Copyright Lexipol, LLC 2024/04/11, All Rights Reserved. Published with permission by Riverside County Sheriffs Department Automated License Plate Readers - 5 Riverside County Sheriff's Department Riverside County Sheriffs Department Standards Manual (DSM) Automated License Plate Readers 412.10 TRAINING The department will ensure the presentation of department -approved training to those authorized to use or access the ALPR system (Civil Code § 1798.90.51; Civil Code § 1798.90.53). Each user's unique ALPR system username and password will only be activated upon the successful completion of the required training courses. 412.11 INTEGRATION WITH OTHER TECHNOLOGY The department may elect to integrate ALPR technology with other technology to enhance available information. Systems such as gunshot detection, incident mapping, crime analysis, public safety camera systems, facial recognition, and other video -based analytical systems may be considered based upon availability and the nature of department strategy. 412.12 PREVIOUS DEPARTMENT DIRECTIVE RESCINDED With the publication of this Automated License Plate Readers Policy (DSM 412), Department Directive #18-132 and any supplemental directives are rescinded. Copyright Lexipol, LLC 2024/04/11, All Rights Reserved. Published with permission by Riverside County Sheriffs Department Automated License Plate Readers - 6