Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.

More Accept ×

We respect your Do Not Track preference.

Close ×

opc header logo

Resources and learning

Print | Email this page

CCTV

A white CCTV camera juts out of a white wall. CCTV records footage of people, which can be stored, shared or changed so how you use it must comply with the Privacy Act. 

Agencies (businesses and organisations) can only collect personal information (like footage of someone) that is necessary for a reason connected to their functions or activities. With CCTV you need to understand what personal information you’re collecting, and how you’ll manage that well before you install cameras. A good way to work things out before you install cameras, is to do a Privacy Impact Assessment. We have guides and templates you can use to do that mahi

Getting things right from the start will limit any privacy issues later. Before you install cameras, you need to know: 

  • your purpose for using CCTV to collect information
  • whether the cameras need to record visuals as well as audio
  • how you will use it
  • how you’ll tell people that you’re using cameras
  • who can access the cameras
  • how long the information will be kept
  • how the information will be kept secure and who can access it
  • how you will deal with someone asking to see footage of themselves.

Collect only the essentials

Our advice is that you collect the least amount of personal information that you can. 

CCTV shouldn’t record sound

Collecting audio from CCTV is more invasive so if it’s not necessary, don’t do it. Some CCTV equipment comes with the ability to record sound, and we’d suggest switching that off. However, if you go ahead with sound recording then you must tell people that is happening.

Public authorities should consult their privacy officers and legal teams if they want to record sound

Tell people what’s happening and be clear and obvious

You need to tell people they are being recorded; most people choose signage. Your signs (or other information) should also be clear who owns and operates the CCTV system. The sign should include the contact, and the contact details of that agency if this information is not already obvious.

You may need to provide people with access to the CCTV footage 

If someone asks for their personal information, organisations need to be able to respond to the request.

This is set out in principle 6 of the Privacy Act , which says people have the basic right to access information that is about themselves. This right includes CCTV recordings. Read more information.

Examples of CCTV gone wrong

Case notes are written examples of privacy breaches that we have investigated. They are anonymised and show how the law applies in real life.

Back to top