Coblentz Press Room

California ALPR Litigation Is on the Rise: Parking Operators, Retailers, and Property Owners Should Review (Or Prepare) Their ALPR Policies

By Scott Hall, Phillip Wiese, and Leeza Arbatman

Businesses that use automated license plate recognition (ALPR) technology should take a fresh look at their compliance with California’s Automated License Plate Recognition law. A recent California Court of Appeal decision, followed by several new class action complaints, has increased litigation risk for parking operators, shopping centers, retailers, property managers, and other businesses that use ALPR technology but have not adopted and publicly posted a compliant ALPR usage and privacy policy.

California’s ALPR statute, Civil Code sections 1798.90.5–1798.90.55, has been in effect since 2016, but many private businesses are not aware of the law’s requirement to post an ALPR policy or may not realize that the statute applies beyond law enforcement or dedicated parking technology companies. The law can apply to private entities that operate, access, or use systems that capture license plate information through cameras and convert that information into searchable computer-readable data.

The Policy Requirement

California law requires ALPR operators and end-users to maintain reasonable security procedures and implement a usage and privacy policy governing the collection, use, maintenance, sharing, and dissemination of ALPR information. The required policy must address specific topics, including authorized purposes for using ALPR information, who may access it, training requirements, security monitoring, sharing restrictions, data accuracy measures, retention periods, and destruction procedures. In Bartholomew v. Parking Concepts, Inc., the Court of Appeal summarized these requirements and emphasized the requirement to publicly post the policy in writing, and, if the business has a website, conspicuously post the policy on that website. 

Why the Risk Has Increased

The key recent development is the February 2026 Bartholomew decision. In that case, a plaintiff alleged that a parking garage operator collected his license plate information when he entered and exited a garage but failed to implement and make publicly available the required ALPR usage and privacy policy. The trial court sustained the parking garage operator’s demurrer, but the Court of Appeal reversed in part.

The most important part of the decision is the Court of Appeal’s ruling on “harm.” The ALPR statute authorizes a private civil action only by an individual “harmed” by a violation. The parking garage operator argued that a plaintiff must show misuse, mishandling, or measurable damages—not simply lack of compliance with statutory requirements. The Court of Appeal disagreed. Although the court held that a mere technical violation is not always enough, it concluded that collecting and maintaining ALPR information without implementing and making public the required policy harms individuals by violating their statutory “right to know” who is collecting their ALPR data and how it is being used and maintained.

That holding is significant because the statute provides for actual damages, but not less than $2,500 in liquidated damages, along with potential punitive damages, attorneys’ fees, litigation costs, and injunctive relief. 

New ALPR Lawsuits Are On The Rise After Bartholomew

Since Bartholomew, plaintiffs’ firms have filed new putative class actions against businesses and property owners that allegedly used ALPR technology without the required public policy. Complaints have even been filed against businesses that have posted ALPR policies, but which plaintiffs assert lack information or details required by the statute.

What Businesses Should Do Now

Businesses that use ALPR technology in parking lots, garages, retail centers, residential communities, office properties, hospitals, or other facilities should promptly determine whether the California ALPR law applies to them. This review should consider facilities the business operates directly, as well as those operated by vendors, parking managers, security contractors, or property management companies.

At a minimum, businesses should consider taking the following steps:

  • Identify all locations where cameras or parking systems capture license plate information.
  • Determine whether those systems create or access a searchable database of license plate information.
  • Confirm whether the business is an ALPR “operator,” “end-user,” or both.
  • Review vendor contracts to understand who collects, stores, accesses, shares, and deletes ALPR information.
  • Adopt a written ALPR usage and privacy policy that includes all required statutory elements.
  • Post the policy conspicuously on the business’s website and make it available in writing.
  • Review retention, access, audit, training, and security practices to ensure they match the posted policy.
  • Periodically audit compliance, particularly when deploying new parking, security, or access-control technology.

Conclusion

The recent wave of ALPR litigation shows that businesses may face legal claims not only arising from the collection or use of license plate data, but also from the absence of a posted, statute-compliant policy. After Bartholomew, one of the most important steps businesses can take to reduce litigation exposure is to adopt and post a compliant ALPR policy.

If your company needs assistance with any privacy issues, the Coblentz Data Privacy & Cybersecurity team can help. Please reach out to Scott Hall or Phillip Wiese for further information or assistance.