After a gym in Singapore was found out to have CCTV cameras active in a ladies changing area, it sparked huge debate on privacy laws and personal data protection nationwide.
This week in Parliament, the Minister for Communications and Information was asked whether the Ministry has plans to better regulate the installation and access to CCTVs installed in public and private premises in the wake of the recent outcry of CCTVs in a private gym.
Minister for Communications and Information Mr Iswaran replied that The Police Licensing and Regulatory Department requires any person who provides CCTV installation or maintenance as a service to have a Security Service Provider licence under the Private Security Industry Act. These licensees must undergo security screening to ensure they are fit and proper persons to provide security services.
Personal Data Protection Act (PDPA) includes personal data and details captured on CCTV
He also highlighted that under the Personal Data Protection Act (PDPA), organisations are required to notify individuals of the purpose and obtain their consent to collect, use or disclose their personal data, including those captured by CCTV recordings. Also, organisations are required to protect personal data in their possession or control by making reasonable security arrangements.
The Personal Data Protection Commission (PDPC) has issued advisory guidelines to help organisations deploying CCTVs comply with the PDPA. The advisory guidelines provide examples of good practices, such as placing notices at points of entry to a building or prominent locations in a venue, where individuals are able to read the notices prior to the collection of their personal data by CCTVs.
Organisations that fail to notify or obtain consent on data collection will face penalties
Organisations that install CCTVs but fail to notify or obtain consent from an individual for the collection of personal data, or fail to protect such personal data, are liable for breaching the PDPA. The PDPC will investigate and take enforcement action for breaches, which include issuing directions and imposing financial penalties.