CCTV cameras in commercial premises have remained common as a security measure and a deterrence tool for preventing criminal activities while monitoring businesses. Nevertheless, there are several legal issues that organisations need to observe if the implementation of CCTV systems is to optimise the legal requirement. It is crucial for businesses that are considering the installation of commercial CCTV cameras or are currently using them to understand the following legal aspects.
1. Compliance with Privacy Laws
The installation of CCTV systems is controlled by the Privacy Act 1988. For instance, those covered include businesses whose total turnover is high and certain classes of small businesses, including healthcare providers and supply chains, etc. Since the Act affects the management of personal information, it requires that CCTV personal data be processed in accordance with the guidelines.
Key Points:
- Companies are allowed to capture only surveillance footage necessary for the business’s running and security.
- People should be told prior that they are under surveillance. This is usually accomplished by placing signs that can be seen by anyone within the area that such an area is being monitored.
- They pointed out that security issues, such as restricting the number of people who can review the CCTV footage, must be put in place to allow only certain personnel, for instance, the police or related authorities, to review the clips.
- This is to implement the principle of subsidiarity in footage management, where each recording should be retained only when it is practical. Once it is no longer applicable, it should be discarded.
2. Informed Consent and Notification
While explicit consent is not typically required for CCTV recording in public areas, businesses are generally required to inform individuals that they are being monitored. This is often achieved through clear and visible signs at the entrance and within the premises, indicating that CCTV cameras are operating.
Key Points:
- It is essential for signs to be easily noticeable and displayed in areas where people can view them.
- The signs should include the reason for surveillance, personnel operating the system, and contact details for additional information.
- The omission of some of these steps may lead to a violation of privacy laws.
3. Workplace Surveillance Legislation
Apart from the privacy statutes, Workplace Surveillance Legislation must also be followed, and it depends on the state. For instance, in New South Wales, the Workplace Surveillance Act 2005 disclosure provisions require employers to communicate the extent of their surveillance activity to the employees at least two weeks before the employer installs the surveillance system. Similar laws apply in states like Victoria and Queensland for CCTV cameras and installation.
Key Points:
- The employer must give a written notice about the CCTV program and its usage, and that’s why it will be used.
- Surveillance should not be bureaucratic and should be applied to some extent and in moderation.
- Sneak cameras are usually unlawful except in cases where the police have permitted them.
4. Use of CCTV Footage
CCTV surveillance is tightly regulated. Employers must ensure that the recordings are not utilised for purposes other than their intended reasons, such as security or incident investigation. It is crucial to note that when the use or disclosure of the footage is unauthorised, legal consequences also arise when sharing such footage.
Key Points:
- Footage should only be accessed by authorised personnel.
- Any sharing or disclosure of footage should be consistent with the original purpose of collection.
- Third parties’ footage, such as law enforcement, should be carefully evaluated to ensure compliance with legal requirements.
5. Data Retention and Disposal Policies
Companies control the CCTV footage, and data minimisation should comply with data minimisation, which is when an organisation holds the footage. The Privacy Act also notes that information is to be destroyed or used anonymised when it is no longer needed for the purpose for which it was collected.
Key Points:
- Enact stringent retention formulas that set up clear retention policies about how long CCTV footage is retained depending on its intended use, such as longer retention for ongoing investigations or legal needs.
- When no longer needed, safely dispose of CCTV footage by deleting files or destroying unauthorised devices to prevent unauthorised access or data breaches.
- Ensure awareness of legal requirements for retaining CCTV footage, as some industries may have regulations mandating specific retention periods.
6. Dealing with Data Breaches
The best-laid plan can sometimes go sour, which is also true regarding data breaches based on CCTV footage. The Notifiable Data Breaches (NDB) scheme requires entities under the Act to report interrupting individuals and OAIC where the data breach will likely result in harm.
Key Points:
- Ensure there’s a legitimate technique to measure the breach in case of a facts breach, isolate the violation, identify the consequences, and inform the affected people.
- If a CCTV data breach may result in serious harm, promptly notify those affected, providing details of the breach, compromised data, and protective actions they could undertake.
- Report the breach to the OAIC, including a description of the incident, the information involved, and movements to mitigate the effect.
Final Takeaway
CCTV cameras, particularly those located on business premises, are essential for enhancing security and monitoring operations. However, the use of CCTV in businesses based in Australia must comply with the sections of the Privacy Act 1988, Workplace Surveillance Act 2011, and data protection standards. Based on the discussed legal concerns, companies can deal with CCTV, preserving lawful integrated freedoms and essential individual privacy.