Privacy Ninja

4 Things to Know When Installing CCTVs Legally

4 Things to Know When Installing CCTVs Legally

Installing CCTVs Legally requires compliance to personal data protection laws
Installing CCTVs Legally requires compliance to personal data protection laws

In the advent of technology era, security has been one of the most improved aspect of business organizations. The use of closed-circuit television (CCTV) cameras has become undeniably popular in recent years. Nowadays, you rarely find business premises without these. However, could you just install security cameras that easy? Not so fast! Here are the basic things you need to know when installing CCTVs legally.

1. Laws on installing CCTVs legally

Unlike home installations, setting up security cameras for your business can be quite complicated. The main reason is that, in contrast to private individuals, companies are considered as juridical entities and are subject to more stringent compliance with laws.

While different countries enforces different legalities, the rules on CCTV installation are primarily governed by personal data protection laws. An example of which is the Personal Data Protection of Singapore. In a nutshell, the PDPA imposes these 3 obligations (among others), on business organizations:

  • Consent Obligation: your business must not collect, use, or disclose personal data without the consent of the private individual
  • Reasonable Purpose Obligation: your business must only limit the collection, use, or disclosure of personal data for purposes a reasonable person would consider appropriate
  • Notification Obligation: your business must notify the private individual of the purposes of collection, usage, and disclosure of the data

Revolving around these three precepts, installing CCTVs legally entails several responsibilites.

Operating in Singapore? Also Read: Personal Data Protection Act Singapore: Is Your Business Compliant?

2. CCTV cameras in public and non-public premises

There are certain rules to observe in installing CCTV cameras inside or outside your business premises. Generally, national security laws exempts businesses from complying with certain obligations when it comes to publicly available personal data. That’s why you see most CCTV cameras whenever you withdraw from an ATM machine, pass by company gates, or even on several streetlights.

Below is a table summarizing the aforementioned obligations to be complied with, relative to the nature of the premises:

Consent ObligationReasonable Purposes ObligationNotification Obligation
Publicly accessible premisesNo need to obtain consent from customers (but it is good practice to do so)Need to ensure that personal data collected by the CCTV footage is used for reasonable purposes onlyNo need to notify customers that they are being monitored by CCTV cameras (but it is good practice to do so)
Non-publicly accessible premisesNeed to obtain consent from customers and should do so by putting up notices or signsNeed to ensure that personal data collected by the CCTV footage is used for reasonable purposes onlyNeed to notify customers and should do so by putting up notices or signs
There are rules when installing CCTVs legally in public and non-public premises

3. Installing CCTVs legally requires consent and notification

From what you can deduce from the table above, if you would like to install security cameras outside of your business premises in an area that is non-publicly accessible, you have to comply with the consent and notification obligation.

The law requires that you let the general public know that they are being recorded. This is generally important for most stores or offices in public. To comply, you can put up signs. You can make one yourself, but it is more practical to buy pre-printed ones because these are more durable and can withstand rain and heat.

One thing to note is that the notice should not just contain an image of a CCTV camera but should likewise state the purpose of the footage collection, i.e., it should at least be written that the camera is “installed for security purposes”.

4. Retention and deletion of CCTV camera footage

Your business must ensure to discontinue retaining CCTV footage when the purpose for which it was collected is no longer valid. Although most security laws do no stipulate a particularly fixed duration, footages should be erased when it is no longer required for security purposes. Thus, your organization is recommended to regularly review CCTV camera footage every quarter of the year.

You should likewise be guided that a private individual has the right to withdraw his consent to the collection, use, or disclosure of his personal data. As such, with a given reasonable notice, he/she may request for the discontinuation of the use of a CCTV footage that features him. However, your organization is not obliged to delete or destroy this footage, hence you may still retain it as long as it serves its legal or business purpose.

These are fundamental things to know when installing CCTVs legally. You should ensure that you are compliant with your country’s security laws in order to avoid hefty penalties and certain damage to your company’s reputation.

In both cyberworld and real-life, security and data protection should be of paramount importance. Laws can be quite strict and tedious to follow, but should be complied with, nonetheless. As your business expands and make advances on improving your company’s security features, you should consider hiring a Data Protection Officer. Today!

Also Read: Data Protection Officer Singapore | 10 FAQs

Protecting personal data that the organisation manages is the primary duty that must be upheld, or else risk the financial penalty imposed by the PDPC in case of a breach. To help organisations with their PDPA compliance, they can outsource a DPO, which is an officer responsible for ensuring that all data protection provisions are complied with at all times. 

DPOs can ensure that upon installing a CCTV, it still follows the standard that the PDPA establishes when it comes to personal data collection, use, and disclosure.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us