VII. Conclusion and Recommendations

On Feb. 27, 2020, not even a month after ICE agents arrested and detained her husband, Maribel Cortez walked into the halls of the Maryland General Assembly. She was accompanied by three of her children and representatives from CASA, the immigrant rights organization that spearheaded efforts to protect immigrants in Maryland from the reach of ICE surveillance. 

Maribel testified before committees in both the House of Delegates and the state Senate, telling her story and working to pass a law to protect families like her own. She spoke in Spanish with the support of an interpreter from CASA. “This has destroyed my children,” Maribel said, through tears.339 “For their whole lives, they’ve had their father in their lives. And now it’s very difficult for them,” she told The Washington Post.340

Maribel Cortez poses in a "CASA" shirt next to 3 of her children at the Maryland General Assembly.
Maribel Cortez with her children on the day of her testimony at the Maryland General Assembly. (Photo: Erin Cox/The Washington Post via Getty Images)

Maribel’s story encouraged lawmakers to act. A year and one month to that day, the Maryland General Assembly passed the Maryland Driver Privacy Act, a bill that will end ICE’s warrantless access to Marylanders’ data.

Remarkably, what Maribel did in Annapolis, Maryland, that day, other immigrants have done across the country in Albany, New York; Denver; the district;, Honolulu; Montpelier, Vermont; Olympia, Washington; Richmond, Virginia; Sacramento; Salem, New Hampshire; Santa Fe, New Mexico; Springfield, Massachusetts; and Trenton, New Jersey – arm in arm with organizations like the Immigrant Defense Project, Just Futures Law, the Legal Aid Justice Center, Make the Road New York, Mijente, and NILC. 

The following recommendations are inspired by the bravery of the communities that continue to fight against mass deportation and have been crafted in consultation with leaders in the immigrant rights movement and other experts.

A. Congress

1. Congress should reform U.S. immigration laws to radically reduce the number of people who can be subjected to deportation.

The best and ultimately perhaps the only way to take apart ICE’s dragnet is to take apart the laws on the basis of which the executive branch targets hundreds of thousands of people (primarily poor people and people of color) for deportation every year. Congress could significantly reduce the number of people subject to deportations by creating a pathway to citizenship for undocumented people and by dramatically reducing the grounds of removability that are based on criminal legal involvement. To build an additional bulwark, Congress could enact a statute of limitations on deportations. Most crimes and civil offenses cannot be prosecuted after five years. Incongruously, however, a person can be deported from this country via a process in which they are not legally guaranteed an attorney, despite having lived here, built a family and paid taxes over the course of decades. Immigrant rights organizations have put forth a number of legislative frameworks over the last decade that would accomplish these reforms among many important others.341 While these proposals do not address surveillance itself, they are the most direct way to undercut ICE’s claims of broad surveillance authority.

2. Congress should protect the privacy of people who trust the federal government with their data.

The federal government runs a series of programs that actively solicit undocumented people, many of whom are in trauma or under duress, to provide federal agencies with a wide variety of highly sensitive personally identifying information. 

Congress must broadly prohibit the government from using data solicited from people, for the purpose of providing benefits and services, to carry out deportations. Such a policy could be modeled on the federal laws protecting the confidentiality of census data, the gold standard for protections of sensitive data the federal government solicits from the people.342 Critically, those laws prohibit the use of census data for nonstatistical purposes and broadly mandate that “[i]n no case shall information furnished [to the Census Bureau] be used to the detriment of any respondent or other person to whom such information relates,” with a narrow exception for violations of the census rules themselves.343 Congress should achieve those protections via a wraparound statute; until that passes, Congress should do so through restrictions on the usage of funds in appropriations bills, and the DHS should do so via policy. 

At a minimum, Congress should amend the laws governing these programs to prohibit immigration enforcement’s use of the specific data that the programs generate. Congress should amend the following laws in this way:

  • TVPRA, 8 U.S.C. § 1232, which protects unaccompanied children;
  • the federal statutes creating T and U visas for victims of trafficking and other crimes, 8 U.S.C. § 1101(a)(15)(T) & (U);
  • the federal tax privacy laws, 26 U.S.C. § 6103; and
  • the Higher Education Act’s privacy provisions for data from federal financial aid forms, 20 U.S.C. § 1090(a)(3)(E).

President Biden or the DHS secretary could also enact additional privacy protections for DACA applicants and other forms of temporary status or deferred action through executive order or department policy.

3. Congress should stop ICE’s use of DMV data.

Congress passed the DPPA before the modern era of mass surveillance and mass deportation. The act passed in 1994 – three years before the U.S. began removing approximately 100,000 people annually, nine years before ICE was created and 15 years before ICE began deporting roughly 0.1% of the American population every year.344

ICE has not hesitated to use the broad carve-outs for government agency access in the DPPA to warrantlessly scan the faces of an astonishing number of Americans and to search through the address information of most U.S. residents. Congress should update the DPPA to prohibit or require a warrant or court order for any law enforcement use of DMV data for immigration purposes.

4. Congress should conduct aggressive oversight of ICE surveillance.

While specific members of Congress have begun to pressure ICE through oversight letters, no congressional committee or subcommittee of the many ostensibly charged with overseeing ICE has held a hearing devoted to this subject. There also has not been any GAO investigation into ICE’s vast surveillance arsenal. 

That must change—and it can change quickly. Committee and subcommittee chairs do not need a majority or supermajority vote to force ICE to answer for its surveillance abuses and the vast secrecy that surrounds them. Potential subjects for a hearing or GAO report include:

  • whether there exists any legal basis, given the absence of any explicit authorization in statute or regulation, for ICE’s surveillance practices;
  • how ICE sidesteps state laws protecting the data of drivers and other residents;
  • whether ICE’s dragnet surveillance and data sharing violates the Fourth Amendment or any other constitutional provision;
  • how ICE’s reliance on data brokers evades public scrutiny and helps the agency circumvent statutory and constitutional privacy protections; 
  • how ICE currently uses biometrics, including face recognition, fingerprints and DNA, and how it plans to use them in the future;
  • the practical and ethical ramifications of ICE’s use of gas, electric, water, phone and internet records to target deportations; and
  • the taxpayer expense of ICE surveillance.

The wide range of concerns raised by ICE surveillance should make it possible for any number of congressional committees and subcommittees to engage on this topic through a hearing or a request for a GAO investigation. 

Congress should also require detailed public reporting about ICE’s surveillance programs as part of the annual appropriations process.

Two individual photos of Representatives Jimmy Gomez and Raja Krishnamoorthy speaking.
Reps. Jimmy Gomez (D-CA) and Raja Krishnamoorthy (D-IL) pressed Thomson Reuters and Equifax for more information on their sale of utilities customers’ data to ICE. (Photos: Tom Williams / Pool via Getty Images)

B. DHS & ICE

1. ICE should end all dragnet surveillance programs.

ICE agents have run or obtained face recognition searches on the faces of at least 1 in 3 adults. They have hired a company that tracks vehicle movements of the residents of America’s 50 largest cities—a majority of the U.S. population. They have hired another company to give them the utilities records of a majority of the U.S. population. 

Run in secret, even to the most senior members of Congress charged with conducting oversight of the agency, those actions undermine even basic notions of balance of powers, corrode public trust and fly in the face of the Fourth Amendment. 

All of ICE’s surveillance programs should be placed under piercing scrutiny. However, ICE should immediately terminate all dragnet surveillance programs—both ICE-led and obtained from data brokers—that indiscriminately collect data on as many people in the U.S. as possible. Programs that ought to be characterized as this type of especially problematic dragnet surveillance include at least (1) the practice of scanning driver’s license photos for immigration enforcement purposes; (2) the bulk collection of address information and other records from DMVs and utility companies; and (3) the bulk collection of license plate photos capturing the movement of drivers in major U.S. metropolitan areas; the purchase of bulk data sets containing any of the above information from corporate data brokers. 

2. ICE should stop using face recognition for immigration enforcement.

In May 2020, ICE issued a Privacy Impact Assessment asserting that “Enforcement and Removal Operations (ERO) will not use and HSI will not support ERO in using [face recognition systems] solely in furtherance of civil immigration enforcement.”345 This statement would appear to still allow ICE to use face recognition to freely target roughly 4 in 10 undocumented people who entered the country without inspection or any other immigrant who was alleged to be involved in any other crime, however minor.346 Those offenses would justify scans of the faces of millions of Americans, native- and foreign-born, documented and undocumented alike. 

In 2021, face recognition algorithms have been found to be rife with race and gender bias—by the federal government itself.347 They have been used in ways that obviously violate basic principles of privacy and due process.348 They have resulted in the wrongful arrests or accusations of several people without legal basis, many of whom were people of color.349 ICE should not use that tool for any kind of immigration enforcement.

3. ICE should stop exploiting people’s need for water, heat, electricity, phone or internet to target them for deportation.

There is now a broad body of evidence-based, peer-reviewed research showing that immigrants avoid basic services like health care, not just for fear that they will be arrested on-site but also because they fear their data will be shared with the federal government and that their information will be held in government systems.350

People need heat, water and electricity to survive. They need the internet and phone lines to maintain their livelihoods and connect with their communities. Yet we now know that nearly 200 million adults have had their addresses and other information shared with ICE as a result of their opening accounts for water, gas, electric, phone or internet service.351 DHS should immediately issue a clear prohibition against the use of this data in immigration enforcement.

4. ICE should disclose surveillance investments and programs to members of Congress and key state officials.

The chairs of key congressional committees have learned of vast ICE surveillance programs from the newspaper. So have state legislators, who are responsible for authorizing and voting to finance many of the state databases that ICE uses. One in 3 adults have had their faces scanned by or at the request of ICE—all without their knowledge.352

This is not acceptable. It is also incompatible with basic principles of democratic governance. At a bare minimum, ICE should regularly brief the members and staffs of key congressional oversight committees and subcommittees, including:

  • the Senate Homeland Security & Government Affairs Committee; 
  • the Senate Judiciary Committee, including the Subcommittee on Immigration, Citizenship & Border Security and the Subcommittee on Privacy, Technology & the Law;
  • the House Homeland Security Committee;
  • the House Judiciary Committee, including the Subcommittee on Immigration & Citizenship; and
  • the House Committee on Oversight & Reform.

ICE should also brief the governors and key legislators in states where ICE is conducting surveillance. ICE commonly notifies state and local officials before large on-site enforcement actions targeting several hundred people. When ICE engages in dragnet surveillance programs that ensnare millions of the state’s licensed drivers, for example, they should tell state officials about it.

5. The DHS inspector general should issue regular public reports on ICE surveillance activities. 

Briefing legislators alone is not enough; the executive branch often has a very different sense of what it has disclosed as compared to its audience. In 2013, after the press published court orders revealing that the National Security Agency was collecting substantially all Americans’ domestic call records, Obama assured the public that “every member of Congress has been briefed on this program.”353 The House sponsor of the USA PATRIOT Act, Rep. Jim Sensenbrenner (R-WI) immediately retorted that, actually, “most” members of Congress—including himself—had been left in the dark.354

To avoid repeating these mistakes, the DHS inspector general should go beyond disclosure to members of Congress, governors and state legislators by offering annual public reporting. At a bare minimum, these reports should identify:

  • the kinds of technologies ICE is using (e.g., face recognition, automated license plate reader, etc.);
  • the states and counties in which ICE uses them;
  • the government and commercial databases ICE is accessing, the kinds of data held within those databases and the number of searches within those databases;
  • the approximate number of individuals whose data it has collected or whose data is held in the databases accessed; 
  • the number of individuals who were arrested, incarcerated and deported on the basis of the information collected or accessed; and 
  • whether ICE has briefed federal, state and local officials about these deployments.

The federal government already releases detailed annual reports on where, when and for how long it conducts wiretaps; the nature of the crimes investigated; and the ultimate results of those investigations. That is done regardless of the severity of the offense.355

C. State & local lawmakers356

  • 356. There are federal statutes that purport to prohibit state and local governments from themselves prohibiting the sharing if immigration status information with the federal government. Scholars, and recently some judges, have pointed out the questionable constitutionality of such statutes, and to date efforts to invoke them to limit the reach of sanctuary policies through the courts have had little success. But state and local policymakers should be aware of the existence of such laws and take steps to craft legislation and policy that will avoid running afoul of them.

1. State and local lawmakers must protect people who trust them with their data.

When undocumented people apply for a driver’s license, enroll themselves or their kids in school, register for a COVID-19 vaccination, or rely on state or local nutritional assistance programs, they do so under explicit or implied promises that state and local authorities will not allow for their data to be shared, in bulk, with immigration enforcement.

State and local governments must offer wraparound protections for any data solicited from undocumented residents and held by the state – not just driver information. What’s more, jurisdictions that have already enacted those policies should take steps to make them as strong as possible. Specifically, policymakers should:

  • Adopt a policy of data minimization. Immigration authorities, data brokers and other parties cannot exploit data that does not exist. State and local bureaucracies should adopt a policy of data minimization, collecting only data that is necessary to administer services, storing that data for the minimum time necessary and designing digital record keeping systems with data minimization in mind on the front end. 
  • Focus on the data, not the custodian. Many different agencies can have access to the same pools of data, including driver records. The D.C. Sanctuary Values Act avoids that problem by restricting release of personally identifying information and other data by the “District of Columbia,” rather than naming any specific agencies or subagencies.357
  • Focus on the purpose of the sharing, not the recipient. Naming ICE is both under- and overinclusive. Other federal agencies (e.g., CBP) regularly engage in immigration enforcement, and certain ICE components’ work is typically separate from immigration enforcement.358 Thus, jurisdictions should protect against sharing for the purpose of immigration enforcement, not merely against sharing to ICE, the entity. One example is Maryland’s Driver Privacy Act, passed in 2021, which blocks warrantless sharing of data with “any federal agency” seeking access for the purpose of “enforcing federal immigration law.”359
  • Protect against all forms of information sharing, including (1) sharing in response to a direct request, (2) database access for immigration enforcement officials, and (3) the sale or sharing of information to data brokers, who in turn give that data to immigration enforcement. It is often straightforward to address the first two modes of sharing, but the third typically requires dedicated language. New York’s Green Light law is a model in that respect, containing a provision that requires any entity receiving driver data to certify that it will not disclose the information to immigration enforcement agencies.360 
  • Don’t distinguish between “civil” and “criminal” immigration enforcement for the purposes of privacy protection and data-sharing restrictions, because federal law criminalizes illegal entry and illegal re-entry.361 For example, Hawaii’s law allowing undocumented people to apply for driver’s licenses institutes a simple prohibition against sharing of applicants’ data without any carve-outs for any kind of immigration enforcement.362
  • Ensure that face recognition is clearly encompassed by these restrictions. DMV photos are sometimes excluded from the categories of data protected by state privacy laws.363
  • Eliminate blanket exceptions for “law enforcement” access to state or locally held data. Between 2017 and 2019, California legislators passed three separate laws to prevent state agencies from freely sharing driver data with immigration authorities.364 Unfortunately, they did not amend a separate law mandating that “law enforcement agencies … shall have access to” the records of the California DMV, a provision cited by the DMV to defend its apparent sharing of driver data with ICE.365
  • State and local lawmakers should structure their government databases to track ICE access and audit those databases regularly to identify the routes, frequency and nature of that access. 

    Any database administrator must be able to answer two questions: Does ICE have access to this database? If so, how and why has ICE used it? In the third decade of the 21st century, there is no excuse for a state or local government to build a database containing sensitive data that does not allow for detailed monitoring to ensure it is being accessed by authorized people for authorized use.

    State and local authorities should regularly audit these databases to determine whether, how and how often ICE is accessing them. If authorities do not run those audits on their own, legislators should send oversight letters to state agencies demanding that they do so and hold oversight hearings to force agency officials to do the work. 

    Legislators who press for those audits should know that it is unacceptable and unusual for a modern database to omit those capacities; if they are told otherwise, they should press further. In Maryland, for example, legislators were initially told that the state’s face recognition system, the Maryland Image Repository System, was not capable of tracking users by agency. During a subsequent site visit, however, the legislators learned that the Department of Public Safety and Correctional Services was, in fact, capable of tracking that data.366

  • 357. See The Sanctuary Values Act, D.C. Code § 24–211.07(a) (2020), available at https://code.dccouncil.us/us/dc/council/code/sections/24-211.07.html.
  • 358. See, e.g., U.S. Immigration and Customs Enforcement, National Intellectual Property Rights Coordination Center (Jan. 12, 2021), https://www.ice.gov/partnerships-centers/iprc.
  • 359. See The Maryland Driver Privacy Act, H.B. 23 §4-320(g)(2) (2021) (restricting sharing of driver data “to a federal agent or federal agency for the purpose of federal immigration enforcement”); id. at  §4-320.1(B)(1) & (B)(2) (restricting access to face recognition systems by “any federal agency seeking access for the purpose of enforcing federal immigration law”).
  • 360. See New York Vehicle & Traffic Code, Ch. 71, Title 2, Art. 2, §201 at 12(b).
  • 361. See Improper Entry by Alien, 8 U.S.C. §1325; Robert Warren, US Undocumented Population Continued to Fall from 2016 to 2017, and Visa Overstays Significantly Exceeded Illegal Crossings for the Seventh Consecutive Year, Center for Migration Studies (Jan. 16, 2019), https://cmsny.org/publications/essay-2017-undocumented-and-overstays/.
  • 362. See Hawaii Rev. Stat. § 286-104.5(h).
  • 363. See, e.g., The Public Information Act, Md. Code Ann. § 4-101, at (j)(3) (excluding from the definition of “public record” digital images stored by the Maryland Motor Vehicle Administration).
  • 364. See Cal. Gov. Code, Title 1, Div. 7, Ch. 15.25 at § 7284.6(a)(1)(D) (a restriction against law enforcement sharing of residents’ addresses added by the California Values Act, SB 54, 2017); Cal. Veh. Code, Div. 6, Ch. 1, Art. 3, § 12801.9(j) (prohibition against sharing driver data, “except as required by law,” as added by SB 244, 2018); Cal. Gov. Code, Title 2, Div. 3, Part 6, Ch. 2.5 at § 15160(b)(1) (clarifying that no users of the California Law Enforcement Telecommunications System may use it to access driver data or to enforce certain provisions of immigration law, added by AB 1747, 2019).
  • 365. See Cal. Veh. Code, Div. 2, Art. 1, Ch. 3 at § 1810.5. See Letter from Sonia Huestis, Deputy Dir., Commc’ns Programs Div., California Dep’t of Motor Vehicles, to the Hon. Lorena Gonzalez, California Gen. Assembly (Feb. 4, 2019) (on file with Voice of San Diego); Maya Srikrishnan, How California Laws Meant to Integrate Immigrants Can Open a Backdoor for ICE, Voice of San Diego (Feb. 19, 2019), https://www.voiceofsandiego.org/topics/news/how-california-laws-meant-to-integrate-immigrants-can-open-a-backdoor-for-ice/ (explaining context of letter).
  • 366. See Hearing before the Maryland House of Delegates Environment & Transportation Committee (Feb. 27, 2020) (Testimony of Del. Dana Stein, D - Baltimore County, Dist. 11, for H.B. 892) (“Prior to a visit to the Department last year it had been my understanding that the Department could not determine when ICE was accessing MIRS. But during a legislative visit last October we were told that the Department in fact can determine when ICE accesses the system and we received a follow-up letter from the Department confirming that.”).
It is unacceptable and unusual for a modern government database to lack audit trails. If legislators are told otherwise, they should press further.

Sidebar 4. Federal Prohibitions on State and Local “Sanctuary” Laws

There is no federal law that limits or prohibits a state or locality from establishing restrictions on the collection, retention or disclosure of residents’ name and address information. One federal law, 8 U.S.C. 1373, purports to prohibit a state or locality setting limits on information sharing related to a resident’s “citizenship or immigration status.”367 But that law’s constitutionality remains unsettled368 and by its own terms does not extend to restrictions on collecting, retaining or sharing a resident’s name and address information.

2. State and local lawmakers should block the disclosure, sale or resale of utilities data for use in immigration enforcement.

Gas, water and electric utilities are largely regulated at the state and local level through statutes, ordinances and oversight by public utilities commissions. State and local governments also often have protections for telephone and internet data that supplement federal law.369 State and local authorities should prohibit the disclosure, sale or resale of that data for immigration purposes. 

A few states have good standards that apply to a specific utility (e.g., gas or electricity). Not one state or territory has enacted meaningful wraparound privacy protections for all utilities. In enacting those protections, state and local authorities should:

  • Restrict disclosure to data brokers, not just the government. ICE usually gets access to utilities data through data brokers, rather than direct requests to companies. Laws must protect against disclosure of the data to third-party companies, not just the government. 
  • Avoid blanket carve-outs for credit reporting and evaluation. Data disclosed to a credit agency for credit purposes can easily be redisclosed for immigration enforcement. Indeed, the entity that created the database accessed by Equifax to disclose utilities data to Thomson Reuters, and subsequently to ICE, is a credit reporting agency.370 Unfortunately, state privacy laws governing utilities are rife with these loopholes.371
  • Protect against all forms of disclosure. The pathway of utilities data to ICE appears to have involved utilities voluntarily sharing (rather than selling) data to NCTUE, which in turn disclosed the data to Equifax, which then disclosed it to Thomson Reuters, which then disclosed it to ICE. Any law that prohibits only “sale” of that data rather than any form of disclosure or that does not address resale or redisclosure of the data will fall short. 
  • Be sure to protect customer addresses. Many utility privacy laws focus on usage data. Unfortunately, some of those laws are unclear on whether addresses are protected.372 

Connecticut privacy laws for gas companies offer a rare model for what an ideal statute might look like. The laws prohibit sharing with most third parties, closely limit the sharing that does occur, contain no blanket exceptions for credit reporting and protect against all forms of sharing—not just sale.373 

*  *  *

Since Biden took office in early 2021, not much has changed about the scope of ICE surveillance. The agency’s contracts for automated license plate readers, public records databases, face recognition technology, geolocation tracking, and systems for data visualization and analysis have each been sustained, renewed and—in some cases—enlarged. Government policies and agreements that allow unchecked access to state databases still remain in place. Instead of dismantling what was inherited, Biden and Congress have maintained the immigrant surveillance state. 

Before the election, the Biden campaign promised “sensible enforcement priorities,” writing that “no one should be afraid to seek medical attention, go to school, their job, or their place of worship for fear of an immigration enforcement action.”374 Nearly one year later, Biden has taken some steps to reduce deportation, and the number of immigration arrests are at their lowest level in a decade.375 But the administration has not yet used the considerable power of the executive to curtail the large-scale surveillance activities that ICE is engaging in every day, posing immediate risks to the safety and well-being of immigrant communities across the country. 

Regardless of whether this particular administration uses surveillance to carry out four or 400,000 deportations this year, the existence of ICE’s surveillance apparatus is itself a serious problem. Just as there is no statute or regulation explicitly authorizing the federal government to use mass surveillance to carry out deportations, there is no statute or regulation requiring the federal government to use the information gathered from such surveillance only for deportation. ICE surveillance should concern you, if not because you care about what may happen to immigrant communities or to public trust in government institutions or to privacy rights or to the balance of political power in our democracy, then because you care about what may happen to you and to the people you love if someone goes looking for you in the American dragnet.

  • 369. See, e.g., California Consumer Privacy Act of 2018 (CCPA), Cal. Civ. Code §§ 1798.100 et seq. (Ca. 2018); Colorado Privacy Act, Colo. Rev. Stat. § 6-1-1301 et seq. (Co. 2021); Consumer Data Protection Act, H.B. 2307 (Va. 2021).
  • 370. National Consumer Telecom and Utilities Exchange, Consumers, https://nctue.com/consumers (last visited Nov. 30, 2021) (“National Consumer Telecom & Utilities Exchange (NCTUE) is a credit reporting agency that maintains data, such as payment and account history, reported by member service providers in the telecommunications, pay TV, and utility industries.”).
  • 371. See, e.g., Ariz. Admin. Code R14-2-203 (2021) (“2. Customer-specific information shall not be released without specific prior written customer authorization unless the information is . . . reasonably required for legitimate account collection activities, or is necessary to provide safe and reliable service to the customer”); Code Del. Regs. 26 3001 (“3.3.4 An Electric Supplier may disclose a Customer's billing, payment, and credit information for the sole purpose of facilitating billing, bill collection, and credit reporting.”); Md. Code Regs. 20.53.07.02 (“B. A supplier may disclose a customer's billing, payment, and credit information for the sole purpose of facilitating billing, bill collection, and credit reporting.”).
  • 372. See, e.g.,  Colo. Code Regs. § 723-3:3027(b) (regulating electric utility companies: “A utility shall not disclose customer data unless such disclosure conforms to these rules, except as required by law or to comply with Commission rule. Illustratively, this includes responses to requests of the Commission, warrants, subpoenas, court orders, or as authorized by § 16-15.5-102, C.R.S.”); 4 Colo. Code Regs. § 723-3:3001(i) (“‘Customer data’ means customer-specific data or information, excluding personal information as defined in paragraph 1004(x)...”); 4 Colo. Code Regs. § 723-1:1004(x) (“‘Personal information’ means the following: . . . customer's name only in combination with any one or more other enumerated data elements that relate to such customer . . . .”).
  • 373. See Conn. Agencies Regs. 16-47a-1 at (3) (explicitly defining “customer information” to include address); Conn. Agencies Regs. 16-47a-3 at (b) (“Except as otherwise allowed under this Gas Code of Conduct, no gas company or affiliate shall not disclose customer information to any person or company, without the customer's consent, and then only to the extent specified by the customer.”); at (f) (“Notwithstanding the prohibitions established in this section, a gas company may disclose customer information to an affiliate (including a CSC) or non-affiliated third party each without customer consent, but only to the extent necessary for the affiliate or non-affiliated third party to provide goods or services (including shared corporate support services such as customer service, billing and collection services) to the gas company and upon their explicit agreement to protect the confidentiality of such customer information.”).
  • 374. The Biden Plan for Securing Our Values as a Nation of Immigrants, Biden for President, https://joebiden.com/immigration/. Last accessed 2022-04-18.
  • 375. Nick Miroff & Maria Sacchetti, Immigration arrests fell to lowest level in more than a decade during fiscal 2021, ICE data shows, Washington Post (Oct. 26, 2021), https://www.washingtonpost.com/national/ice-arrests-biden-trump/2021/10/25/f33130b8-35b5-11ec-9a5d-93a89c74e76d_story.html.