How to Legally Install CCTVs for Home/Business Use in Singapore
The use of closed-circuit television (CCTV) cameras has become increasingly popular in recent years, whether for home or business use.
For business owners, the installation of CCTV cameras on business premises is essential as it ensures the safety and security of employees and work equipment.
For individuals, the installation of a CCTV camera within the home can provide working parents with a peace of mind over the safety and welfare of their children or elderly parents. Furthermore, installing CCTV cameras outside the home may be necessary for individuals who need to collect evidence of, or deter, acts of harassment, theft or vandalism.
This article provides an overview of Singapore’s laws regulating the installation of CCTV cameras at your residence or business premises, and the steps you can take to ensure your installation complies with the law.
It will cover, specifically:
- Whether you can install CCTV cameras inside or outside your home
- Whether doorbells or peepholes with inbuilt cameras that record video and/or audio are considered CCTV cameras
- The laws to comply with when operating CCTV cameras at your home
- Whether you can install CCTV cameras inside or outside your business premises and the PDPA rules/obligations to comply with when operating the CCTV cameras
- Penalties for breaching the PDPA obligations
- Whether you can install CCTV cameras on your own
Can I install CCTV cameras inside my home?
If you wish to install CCTV cameras inside your home, you are free to do so and there is no need to obtain permission from the authorities.
However, this does not mean that the CCTV camera can be installed without any restrictions.
In the case of HDB flats, you should be mindful that HDB does not permit the installation of CCTV cameras within the flat for the purpose of carrying out the surveillance of common areas.
If your neighbour is aware that you’ve placed a CCTV camera within your flat and feels that the CCTV camera surveillance is unnecessarily intrusive (e.g. if the CCTV camera is positioned such that it focuses on your neighbour’s unit and records his movements), he may lodge a complaint with the HDB. The HDB may send someone to investigate the complaint and order the removal of the CCTV camera.
Regardless of whether you live in private or public property, you may also be sued by your neighbour for interfering with his enjoyment of his property if you use the CCTV camera to record his movements. This is discussed in more detail below.
Can I install CCTV cameras outside my home?
Whether you may install CCTV cameras outside your home will depend on the type of property that you live in.
Installing a CCTV camera outside an HDB flat
The installation of CCTV cameras outside your HDB flat is regulated by Town Council by-laws. This is because the area outside your flat is considered common property managed by the Town Council.
Under the by-laws, you must obtain authorisation if you wish to install any structure, fixture or thing in common areas, and this includes CCTV cameras. If you install CCTV cameras without prior authorisation, you can face a penalty of a fine up to $5,000.
Steps to obtain the Town Council’s permission to install CCTV cameras
- You must first lodge a police report concerning the misdeeds of your neighbours or other individuals (that call for a CCTV camera to be installed). This is an essential step as the Town Council will not approve an installation request until a police report has been obtained.
- Write an email to the Town Council of your HDB estate to request approval to install a CCTV camera and attach a copy of the police report. The approval process should take between 1-2 weeks and you will be notified of the outcome by email.
- When approval has been given, you may then proceed to purchase the CCTV camera and have it installed. CCTV cameras are permitted to be installed on a temporary basis, for a maximum duration of 6 months. When this period expires, you will need to submit a new request.
Installing a CCTV camera outside a condominium unit
The installation of CCTV cameras outside a condominium unit may be regulated by the MCST rules or by-laws governing your estate. You should check these by-laws to ensure that you comply with any requirements, e.g. whether you need to apply for approval and the maximum duration that a CCTV camera can be installed for.
Installing a CCTV camera on landed property
Are doorbells or peepholes with inbuilt cameras that record video and/or audio considered CCTV cameras?
It is increasingly common for doorbells or peepholes to offer video and/or audio recording functions. Such devices are considered CCTV cameras and permission to install such devices may be needed, depending on the type of property you live in and whether the devices are installed within or outside the property.
For example, if you wish to install such a doorbell outside your HDB unit, you will need approval from the Town Council (see above for the procedure). This is because the area outside your main door is considered common property.
In the case of peepholes, no approval from the Town Council is required as they are attached to your door and are considered to be within your HDB unit. However, as discussed above, you should be sensitive to your neighbours’ concerns. If your neighbours feel that it is overly intrusive and amounts to a surveillance of the common areas, they can lodge a complaint to HDB.
Can I install CCTV cameras on my own?
Even if you have obtained the required permission to install a CCTV camera, you are not permitted to install them on your own.
Under the Private Security Industry Act, a person who installs a CCTV camera must have a Security Service Provider licence. This means that even if you choose to order the CCTV camera online yourself, you should still hire someone with a Security Service Provider licence to install the camera for you.
What laws must I comply with when operating my CCTV cameras?
No interference with neighbour’s enjoyment of property
Singapore’s Personal Data Protection Act (PDPA) applies only to organisations, and does not regulate how CCTV footage collected for individual (i.e non-business) use should be used or what objects can be captured by the CCTV footage.
However, the Community Disputes Resolution Act (CDRA) places an obligation on you to refrain from interfering with the enjoyment or use of your neighbour’s place of residence. This obligation applies regardless of whether the CCTV camera is located within your home or outside in common spaces.
For the purposes of the CDRA, a “neighbour” is considered someone who lives in the same building as you or within a 100m radius of your residence.
For example, you are likely to be interfering with your neighbour’s enjoyment of his property if your CCTV camera faces his unit or the staircase landing outside his main door, recording his movements. To avoid penalties under the CDRA, the CCTV camera should be installed such that it focuses on capturing footage directly outside the main door of your unit.
If you interfere with your neighbour’s enjoyment of his property, your neighbour can file a dispute with the Community Disputes Resolution Tribunal, which has the power to award a number of court orders. For example, you may be required to compensate your neighbour up to $20,000 and/or ordered to remove the CCTV camera or change the way it is installed.
Removing the CCTV camera once the approved installation duration expires
As discussed above, the Town Council will approve the installation of CCTV cameras outside your HDB flat for only a fixed period of time.
When the approved duration for installation expires, you must remove the CCTV cameras or you will be in breach of Town Council by-laws. Non-compliance can result in a fine of up to $5,000.
Installing CCTV Cameras for Business Use
In contrast to the installation of CCTV cameras for home use, the installation of CCTV cameras for business use is more complicated because organisations, unlike individuals, are subject to the Personal Data Protection Act (PDPA).
The collection, use or disclosure of CCTV camera footage must comply with PDPA requirements where the camera will capture personal data, such as footage from which individuals can be identified.
Overview of the PDPA
The PDPA imposes the following 3 obligations, among others, on organisations:
- Consent obligation: The organisation must not collect, use or disclose personal data unless the individual has, or is deemed to have, given consent to such collection, use or disclosure.
- Reasonable purposes requirement: The collection, use or disclosure of personal data must be for purposes that a reasonable person would consider appropriate in the circumstances.
- Notification obligation: The organisation must notify the individual of the purposes of collecting, using or disclosing the data.
The following sections will consider these obligations in the context of CCTV camera footage.
Can I install CCTV cameras inside or outside my business premises? What rules must I comply with when operating the CCTV cameras?
You may install CCTV cameras inside or outside your business premises. The PDPA does not prohibit organisations from installing CCTV cameras that capture footage beyond the boundaries of the business premises.
However, you may be subject to PDPA obligations depending on whether the premises where the CCTV cameras are to be installed are accessible to the public. This is because the PDPA exempts businesses from complying with certain obligations with respect to publicly available personal data, i.e. where the personal data is observed at a location open to the public, with few or no access restrictions.
In general, shopping malls, stores, or restaurants would be considered publicly accessible business premises, while offices, where keycard access is required, would not be considered publicly accessible business premises.
The following table is a summary of PDPA obligations to be complied with depending on whether your business premises are accessible by the public:
|Consent obligation||Reasonable purposes requirement||Notification obligation|
|Publicly accessible premises||You do not need to obtain consent from customers but it is good practice to do so.||You must ensure that personal data collected by the CCTV footage is used for reasonable purposes.||You do not need to notify customers that they are being monitored by CCTV cameras but it is good practice to do so.|
|Non-publicly accessible premises||You need to obtain consent from customers and should do so by putting up notices.||You must ensure that personal data collected by the CCTV footage is used for reasonable purposes.||You need to notify customers and should do so by putting up notices.|
Considerations when complying with the consent and notification obligations
It should be noted that regardless of whether your premises are publicly accessible, if you intend to install the cameras outside the business premises in an area that is not publicly accessible, you must comply with the consent and notification obligations as outlined above.
Guidelines for putting up notices
You can put up notices at entry points of the premises informing individuals that CCTV cameras are being used to collect their personal data.
This will satisfy the notification obligation under the PDPA as well as the consent obligation, as an individual who sees the notice is deemed to have provided his consent upon entry.
As a general rule, the notice should not merely contain an image of a CCTV camera but should also state the purpose of the CCTV camera if the purpose is not obvious (e.g. “installed for security purposes”).
Considerations when complying with the reasonable purposes requirement
This obligation must be complied with for the installation of CCTV cameras in both publicly accessible and non-publicly accessible business premises. To comply with this obligation, the organisation must consider whether the extent of obtainable coverage is reasonable for the purpose of installing the CCTV cameras.
As mentioned above, the PDPA does not prohibit the installation of CCTV cameras outside the business premises. However, you should take special care to ensure that any such installation complies with the reasonable purposes requirement. This is because it may be more difficult to justify extensive CCTV camera surveillance beyond the business premises.
For example, if the purpose of CCTV cameras is to ensure the security of a factory, it may be considered reasonable for the CCTV cameras to also capture footage extending beyond the factory (e.g. the footage would provide information on how trespassers entered the premises).
On the other hand, if the extent of coverage would not be considered reasonable, the organisation may be in breach of PDPA obligations.
Places where you should not install CCTV cameras
As a general rule, CCTV cameras should not be installed in toilets or changing rooms. An installation in these areas may amount to the committing of the criminal offences of either outrage of modesty or voyeurism.
Other PDPA obligations that you must comply with
Under sections 21 and 22 of the PDPA, individuals have the right to request for access to their personal data, which includes CCTV camera footage of them.
When such a request has been made, the organisation must, as soon as reasonably possible, provide them with the footage featuring them that is in the organisation’s possession and control, and information on how such footage has been used or disclosed, within a year of the request.
This obligation applies to all CCTV camera footage, regardless of whether the footage is recorded in publicly accessible or non-publicly accessible business premises.
What if the CCTV footage contains the personal data of another individual?
Under section 21(3)(c) of the PDPA, an organisation is prohibited from responding to an access request when the provision of access would also reveal the personal data of another individual. This is a common scenario as CCTV footage often records the movements of several individuals at once.
In such cases, the PDPC has suggested that the organisation should still comply with the access request if:
- The organisation is able to use masking techniques to conceal the personal data of other individuals present in the CCTV footage, e.g. by blurring their faces; or
- The personal data captured in the CCTV footage is publicly available, e.g. where the CCTV footage captures movements in publicly accessible business premises; or
- The individuals that appear in the CCTV footage consent to the disclosure of their personal data.
The organisation may charge a reasonable fee for the costs that are incurred as a result of responding to the access request.
Retention of CCTV footage
Organisations must ensure that they do not continue retaining CCTV footage when the purpose for which it was collected is no longer valid, or when there are no legal or business purposes that justify such retention.
The PDPA does not stipulate a fixed retention duration for CCTV footage and what is considered an appropriate duration will depend on the business needs of your organisation. For example, if you are collecting CCTV footage for security purposes, you should erase the CCTV footage when it is no longer required for your security needs.
The PDPC recommends that organisations regularly review the CCTV footage collected to ensure that it is not retained for an excessive period of time. It is also good practice for each organisation to draft a personal data retention policy that sets out the length of time it intends to retain documents that contain personal data, such as CCTV footage, and its rationale for doing so.
What if an individual requests that I delete the CCTV footage of him?
Under the PDPA, an individual has the right to withdraw his consent to the collection, use or disclosure of his personal data, including CCTV footage, by giving reasonable notice.
If an individual withdraws his consent, your organisation should not continue to use the CCTV footage collected or disclose the CCTV footage to others in the future.
However, organisations are not under an obligation to delete or destroy the personal data of an individual on his request. Your organisation is therefore not obliged to erase the CCTV footage and may continue to retain the CCTV footage for as long as it is still required for legal or business purposes.
Penalties for breaching the PDPA obligations
In general, the penalty for a breach of PDPA obligations is a fine up to $10,000 or imprisonment for a term up to 3 years, or both for a first offence.
The case of Management Corporation Strata Title Plan No. 3593 (MCST) & Others provides a useful illustration of the potential consequences of breaching PDPA obligations. In that case, a security company employed by the MCST of a condominium was found to have breached PDPA obligations due to an unauthorised disclosure of the CCTV footage collected.
A resident of the condominium had requested access to CCTV footage of the condominium lobby, which contained the personal data of other individuals. A security officer employed by the security company sent a copy of the CCTV footage to the resident via WhatsApp messenger without obtaining approval from the MCST.
The court found that the responsibility for ensuring PDPA compliance laid with the MCST, as it had appointed the security company. For its breach of PDPA obligations, the MCST was ordered to pay a fine of $5,000 – this lower amount took into account the fact that the MCST had voluntarily notified the PDPC of the breach and took prompt remedial actions.
Can I install the CCTV cameras on my own?
Under the Private Security Industry Act, a person who installs a CCTV camera must have a licence to provide security-related services. Thus, you are not permitted to install the CCTV camera on your own, and should engage the installation services of someone with a Security Service Provider licence to install the CCTV camera for you, as discussed above.
While CCTV cameras can serve many useful purposes, their installation for home or business use is governed by various laws in Singapore that have to be complied with.
If you are a business owner and you are considering the installation of a CCTV camera for your business premises, it is recommended that you consult a data protection lawyer. The personal data protection requirements under the PDPA are complex, and a lawyer can help you to navigate and comply with these requirements to avoid legal penalties.
- Appointing Company Directors in Singapore: Eligibility, Process etc.
- Managing Director vs CEO in Singapore: Roles and Obligations
- Guide to Directors' Remuneration in Singapore
- Directors' Duties in Singapore
- Shadow Directors: Who are They and What Duties Do They Owe to the Company?
- How to Remove a Director from a Company in Singapore
- Removal and Resignation of Company Auditor in Singapore
- Appointing a Company Secretary: Roles and Responsibilities
- Appointing an Authorised Representative for Foreign Companies in Singapore
- Process Agents in Singapore
- 2 Ways to Remove a Singapore Company Shareholder ASAP
- Guide to Paid-Up Capital in Singapore (Is $1 Enough?)
- Preparing a Register of Shareholders for a Singapore Company
- How to Issue Shares in a Singapore Private Company
- Guide to Transferring Shares in a Singapore Private Company
- Your Guide to Share Certificates in Singapore: Usage and How to Prepare
- Shareholder Rights in Singapore Private Companies
- Shareholder Roles and Obligations in Singapore Companies
- Dividend Payments Guide for Singapore Business Owners
- Share Transmission: What Happens If a Shareholder Dies in Singapore?
- How to Reduce the Share Capital of Your Singapore Company
- Buy-Sell Agreements: How to Write & Fund Them in Singapore
- Oppression of Minority Shareholders
- Essential Regulatory Compliance Guide for Singapore Companies
- Dormant Companies and Their Filing Obligations in Singapore
- Anti-Money Laundering Regulations and Your Business: What You Need to Know
- Price-Fixing, Bid-Rigging and Other Anti-Competitive Practices to Avoid
- Legally Conducting Lucky Draws for Singapore Businesses
- Restaurant Inspection and Food Safety Rules in Singapore
- Does Your Company Need a Legal Team (In-House Counsel)?
- Acqui-Hiring of Singapore Companies: How Does It Work?
- How to Change the Name of Your Singapore Company
- Can Directors be Liable for Company Debts in Singapore?
- Company Loans to Directors/Shareholders in Singapore
- 3 Types of Insurance Every Singapore Business Needs
- Creating and Registering Charges in Singapore: Guide for Companies
- Guide to Effective Business Continuity Planning in Singapore
- Business Asset Sale & Disposal in Singapore: How Do They Work?
- Business Partnership Disputes in Singapore: How to Resolve
- How to Commence a Derivative Action on Behalf of a Company in Singapore
- Business Will: How to Pass on Your Business to Your Successors in Singapore
- Record-Keeping Requirements for Singapore Companies
- Company Constitutions in Singapore and How to Draft One
- Company Memorandum and Articles of Association
- Company Resolutions: What are They?
- Board Resolutions in Singapore
- Minutes of Company Meeting in Singapore: How to Record
- How to Set Up a Register of Controllers
- How to Set Up a Register of Nominee Directors
- Guide to Filing Financial Statements for Singapore Business Owners
- Filing Annual Returns For Your Business
- Singapore Corporate Tax: How to Pay, Tax Rate, Exemptions
- Start-Up Tax Exemption Guide for New Singapore Companies
- GST Registration: Requirements and Procedure in Singapore
- What is Withholding Tax and When to Pay It in Singapore
- Singapore Influencers: Here's How to Calculate Your Income Tax
- Tax Investigation of Tax-Evading Business Owners in Singapore
- Small Business Accounting Services in Singapore
- Company Audits in Singapore: Requirements and Exemptions
- Suspect a PDPA Data Breach? Here's What to Do Next
- Must You Notify PDPC About a Data Breach in Your Business?
- Summary: Your Organisation's 10 Main PDPA Obligations
- Essential PDPA Compliance Guide for Singapore Businesses
- PDPA Consent Requirements: How Can Your Business Comply?
- Is It Legal for Businesses to Ask for Your NRIC in Singapore?
- Here's a 7-Step Plan for Companies to Prevent Unauthorised Disclosure When Processing and Sending Personal Data
- Cloud Storage of Personal Data: Your Business’ Data Protection Obligations
- GDPR Compliance in Singapore: Is it Required and How to Comply
- Appointing a Data Protection Officer For Your Business: All You Need to Know
- How Can Companies Dispose of Documents Containing Personal Data?
- Check the Do-Not-Call Registry Before Marketing to Singapore Phone Numbers
- How to Legally Install CCTVs for Home/Business Use in Singapore
- Is Web Scraping or Crawling Legal in Singapore?
- Legal Options If Employees Breach Confidentiality in Singapore
- Your Guide to E-commerce Website Terms of Service in Singapore
- Dealing with Defamation of Your Business: Can You Sue?
- Sending Email Newsletters That Comply With Singapore Law
- A legal guide to drafting a social media policy for your company
- Your Guide to a Media Release Form in Singapore
- Your Guide to an Influencer Marketing Agreement in Singapore
- Outdoor Advertising: How to Legally Display Public Ads in Singapore
- Should You Save or Close Your Zombie Company in Singapore?
- Voluntary Suspension of Business in Singapore: How to Handle
- Winding Up a Singapore Company: Grounds and Procedure
- Closing Your Singapore Business: What You Need to Settle
- Striking Off a Company
- Can a Company that Struck Itself Off the Register Later Apply to Restore Itself?
- Dissolution of partnerships in Singapore
- What Should a Creditor Do When a Company Becomes Insolvent?
- How to File a Proof of Debt Against a Company in Liquidation
- Validation of Payments Made by Companies Being Wound Up