4 Things to Know When Installing CCTVs Legally
In the advent of technology era, security has been one of the most improved aspect of business organizations. The use of closed-circuit television (CCTV) cameras has become undeniably popular in recent years. Nowadays, you rarely find business premises without these. However, could you just install security cameras that easy? Not so fast! Here are the basic things you need to know when installing CCTVs legally.
1. Laws on installing CCTVs legally
Unlike home installations, setting up security cameras for your business can be quite complicated. The main reason is that, in contrast to private individuals, companies are considered as juridical entities and are subject to more stringent compliance with laws.
While different countries enforces different legalities, the rules on CCTV installation are primarily governed by personal data protection laws. An example of which is the Personal Data Protection of Singapore. In a nutshell, the PDPA imposes these 3 obligations (among others), on business organizations:
- Consent Obligation: your business must not collect, use, or disclose personal data without the consent of the private individual
- Reasonable Purpose Obligation: your business must only limit the collection, use, or disclosure of personal data for purposes a reasonable person would consider appropriate
- Notification Obligation: your business must notify the private individual of the purposes of collection, usage, and disclosure of the data
Revolving around these three precepts, installing CCTVs legally entails several responsibilites.
Operating in Singapore? Also Read: Personal Data Protection Act Singapore: Is Your Business Compliant?
2. CCTV cameras in public and non-public premises
There are certain rules to observe in installing CCTV cameras inside or outside your business premises. Generally, national security laws exempts businesses from complying with certain obligations when it comes to publicly available personal data. That’s why you see most CCTV cameras whenever you withdraw from an ATM machine, pass by company gates, or even on several streetlights.
Below is a table summarizing the aforementioned obligations to be complied with, relative to the nature of the premises:
|Consent Obligation||Reasonable Purposes Obligation||Notification Obligation|
|Publicly accessible premises||No need to obtain consent from customers (but it is good practice to do so)||Need to ensure that personal data collected by the CCTV footage is used for reasonable purposes only||No need to notify customers that they are being monitored by CCTV cameras (but it is good practice to do so)|
|Non-publicly accessible premises||Need to obtain consent from customers and should do so by putting up notices or signs||Need to ensure that personal data collected by the CCTV footage is used for reasonable purposes only||Need to notify customers and should do so by putting up notices or signs|
3. Installing CCTVs legally requires consent and notification
From what you can deduce from the table above, if you would like to install security cameras outside of your business premises in an area that is non-publicly accessible, you have to comply with the consent and notification obligation.
The law requires that you let the general public know that they are being recorded. This is generally important for most stores or offices in public. To comply, you can put up signs. You can make one yourself, but it is more practical to buy pre-printed ones because these are more durable and can withstand rain and heat.
One thing to note is that the notice should not just contain an image of a CCTV camera but should likewise state the purpose of the footage collection, i.e., it should at least be written that the camera is “installed for security purposes”.
4. Retention and deletion of CCTV camera footage
Your business must ensure to discontinue retaining CCTV footage when the purpose for which it was collected is no longer valid. Although most security laws do no stipulate a particularly fixed duration, footages should be erased when it is no longer required for security purposes. Thus, your organization is recommended to regularly review CCTV camera footage every quarter of the year.
You should likewise be guided that a private individual has the right to withdraw his consent to the collection, use, or disclosure of his personal data. As such, with a given reasonable notice, he/she may request for the discontinuation of the use of a CCTV footage that features him. However, your organization is not obliged to delete or destroy this footage, hence you may still retain it as long as it serves its legal or business purpose.
These are fundamental things to know when installing CCTVs legally. You should ensure that you are compliant with your country’s security laws in order to avoid hefty penalties and certain damage to your company’s reputation.
In both cyberworld and real-life, security and data protection should be of paramount importance. Laws can be quite strict and tedious to follow, but should be complied with, nonetheless. As your business expands and make advances on improving your company’s security features, you should consider hiring a Data Protection Officer. Today!
Also Read: Data Protection Officer Singapore | 10 FAQs
Protecting personal data that the organisation manages is the primary duty that must be upheld, or else risk the financial penalty imposed by the PDPC in case of a breach. To help organisations with their PDPA compliance, they can outsource a DPO, which is an officer responsible for ensuring that all data protection provisions are complied with at all times.
DPOs can ensure that upon installing a CCTV, it still follows the standard that the PDPA establishes when it comes to personal data collection, use, and disclosure.