44-15-111. Audit -- reporting. (1) The criminal intelligence information section shall adopt an audit process to ensure that facial recognition technology is only used for legitimate law enforcement purposes, including audits of uses or requests made by law enforcement agencies.
(2) By June 30 of each year, a local law enforcement agency that utilized facial recognition technology shall submit a report to the criminal intelligence information section established in 44-5-501 containing all of the following information based on data from the previous calendar year:
(a) the number of facial recognition searches run;
(b) the offenses that the searches were used to investigate; and
(c) the number of arrests and convictions that resulted from the searches.
(3) By September 1 of each year, in accordance with 5-11-210, the department of justice shall submit a report to the economic affairs interim committee and the law and justice interim committee containing all the following information based on data from the previous calendar year:
(a) the information submitted to the department of justice pursuant to subsection (2);
(b) the names of the law enforcement agencies and other entities requesting facial recognition services;
(c) the number of searches run;
(d) the offenses that the searches were used to investigate; and
(e) the number of arrests and convictions that resulted from the searches.
(4) (a) By June 30 of each year, a third-party vendor providing facial recognition services to a state agency because of a contract under 44-15-108 shall submit a report to the state agency containing all the following information based on data from the previous calendar year:
(i) the number of warrants, subpoenas, or court orders received requesting facial recognition services; and
(ii) a summary of an audit completed by the third-party vendor.
(b) The state agency receiving the report from the third-party vendor shall submit a copy of the report to the economic affairs interim committee, the law and justice interim committee, and the information technology board created in 2-15-1021, by September 1 of each year, in accordance with 5-11-210.