Security camera laws for Australian businesses

Security camera laws for Australian businesses

If you’re an Australian business that is considering CCTV for the workplace, it’s important to know about the privacy laws.

While we suggest checking the laws for the state you live in, these are some general guidelines to follow.

Permission to monitor

Most laws prohibit you from recording people without their express or implied consent.

One simple way to achieve consent is with visible signage at the entrance of your building or office that lets people know your premises is being monitored.

These signs and the cameras themselves should be clearly visible to staff and visitors.

No sound recording

Most laws prohibit the recording of private conversations without consent. For this reason, most security cameras are unable to record and save the sound.

Prohibited areas

There are certain areas of a business that are prohibited from monitoring. These include areas where privacy should be respected such as a change room or toilet. This may also include a staff member’s personal office or work cubicle.

In addition, cameras must not intrude on any private property adjacent to the business.

Security of personal information

Any recordings captured by security cameras should be kept secure.

For example, if recordings are stored locally on a server then you should follow best practices to protect the server from theft or being tampered with.

This means making sure the office is securely locked up at night, updating and maintaining staff access, installing good locks, and other general security measures.

If recordings are stored in the cloud, your security provider should be following best practices to protect that data.

For example, here at Cammy, we make sure data is stored safely in the cloud by using a reputable cloud hosting company with a good track record of securing data. We also make sure the footage is kept separate from other entities, access rights are retained, and an up-to-date and compliant privacy policy is maintained.

Destroy information no longer required

Personal information captured by cameras should be destroyed or de-identified when it is no longer required.

Most camera systems will delete recordings after a certain amount of time to free up more storage for new recordings so you shouldn’t need to manually delete footage.

If however, if you have saved or downloaded footage for any reason, but no longer require it, you will need to manually delete it.


Whether you’re a business considering CCTV or have cameras already, it’s important to know the privacy laws that exist.

We have listed some guidelines to follow such as:

  • Businesses must notify staff if they are being recorded. This can be explained in an employment agreement or staff handbook.
  • Businesses must display a sign at the entrance notifying visitors of security cameras and who is monitoring the cameras.
  • Businesses are not permitted to record conversations.
  • Businesses are prohibited from monitoring certain locations such as change rooms or toilets.
  • Business cameras must not intrude on neighbouring properties.
  • Businesses have an obligation to destroy footage once it is no longer required.
  • Security measures should be followed for data hosted in the cloud and on-site control rooms kept secure.
  • Footage must be disclosed to law enforcement agencies that have authority to collect evidence.

There may be additional state laws so we suggest doing your own research to ensure you’re covered for the use of security cameras in your business.

Sources: Surveillance Devices Act 2007