4 Things to Know When Installing CCTVs Legally

Installing CCTVs Legally requires compliance to personal data protection laws
Installing CCTVs Legally requires compliance to personal data protection laws

In the advent of technology era, security has been one of the most improved aspect of business organizations. The use of closed-circuit television (CCTV) cameras has become undeniably popular in recent years. Nowadays, you rarely find business premises without these. However, could you just install security cameras that easy? Not so fast! Here are the basic things you need to know when installing CCTVs legally.

1. Laws on installing CCTVs legally

Unlike home installations, setting up security cameras for your business can be quite complicated. The main reason is that, in contrast to private individuals, companies are considered as juridical entities and are subject to more stringent compliance with laws.

While different countries enforces different legalities, the rules on CCTV installation are primarily governed by personal data protection laws. An example of which is the Personal Data Protection of Singapore. In a nutshell, the PDPA imposes these 3 obligations (among others), on business organizations:

  • Consent Obligation: your business must not collect, use, or disclose personal data without the consent of the private individual
  • Reasonable Purpose Obligation: your business must only limit the collection, use, or disclosure of personal data for purposes a reasonable person would consider appropriate
  • Notification Obligation: your business must notify the private individual of the purposes of collection, usage, and disclosure of the data

Revolving around these three precepts, installing CCTVs legally entails several responsibilites.

Operating in Singapore? Also Read: Personal Data Protection Act Singapore: Is Your Business Compliant?

2. CCTV cameras in public and non-public premises

There are certain rules to observe in installing CCTV cameras inside or outside your business premises. Generally, national security laws exempts businesses from complying with certain obligations when it comes to publicly available personal data. That’s why you see most CCTV cameras whenever you withdraw from an ATM machine, pass by company gates, or even on several streetlights.

Below is a table summarizing the aforementioned obligations to be complied with, relative to the nature of the premises:

Consent ObligationReasonable Purposes ObligationNotification Obligation
Publicly accessible premisesNo need to obtain consent from customers (but it is good practice to do so)Need to ensure that personal data collected by the CCTV footage is used for reasonable purposes onlyNo need to notify customers that they are being monitored by CCTV cameras (but it is good practice to do so)
Non-publicly accessible premisesNeed to obtain consent from customers and should do so by putting up notices or signsNeed to ensure that personal data collected by the CCTV footage is used for reasonable purposes onlyNeed to notify customers and should do so by putting up notices or signs
Source: singaporelegaladvice.com
There are rules when installing CCTVs legally in public and non-public premises

3. Installing CCTVs legally requires consent and notification

From what you can deduce from the table above, if you would like to install security cameras outside of your business premises in an area that is non-publicly accessible, you have to comply with the consent and notification obligation.

The law requires that you let the general public know that they are being recorded. This is generally important for most stores or offices in public. To comply, you can put up signs. You can make one yourself, but it is more practical to buy pre-printed ones because these are more durable and can withstand rain and heat.

One thing to note is that the notice should not just contain an image of a CCTV camera but should likewise state the purpose of the footage collection, i.e., it should at least be written that the camera is “installed for security purposes”.

4. Retention and deletion of CCTV camera footage

Your business must ensure to discontinue retaining CCTV footage when the purpose for which it was collected is no longer valid. Although most security laws do no stipulate a particularly fixed duration, footages should be erased when it is no longer required for security purposes. Thus, your organization is recommended to regularly review CCTV camera footage every quarter of the year.

You should likewise be guided that a private individual has the right to withdraw his consent to the collection, use, or disclosure of his personal data. As such, with a given reasonable notice, he/she may request for the discontinuation of the use of a CCTV footage that features him. However, your organization is not obliged to delete or destroy this footage, hence you may still retain it as long as it serves its legal or business purpose.

These are fundamental things to know when installing CCTVs legally. You should ensure that you are compliant with your country’s security laws in order to avoid hefty penalties and certain damage to your company’s reputation.

In both cyberworld and real-life, security and data protection should be of paramount importance. Laws can be quite strict and tedious to follow, but should be complied with, nonetheless. As your business expands and make advances on improving your company’s security features, you should consider hiring a Data Protection Officer. Today!

Also Read: Data Protection Officer Singapore | 10 FAQs

Outsourced DPO – It is mandatory to appoint a Data Protection Officer. Engage us today.

PDPA Training (SkillsFuture Eligible) – Empower data protection knowledge for your employees.

Vulnerability Assessment Penetration Testing – Find loopholes in your websites, mobile apps or systems.

Privacy Ninja provides GUARANTEED quality and results for the following services: 
DPO-As-A-Service (Outsourced DPO Subscription)
PDPA Compliance Training
DPA Compliance Audit
ital Transformation Consultancy
Data Protection Trustmarks Certification Readiness Consultancy

PDPA Data Protection Software
Vulnerability Assessment & Penetration Testing (VAPT)
Smart Contract Audit

Like & Subscribe:


Leave a Reply

Your email address will not be published. Required fields are marked *