Legal Considerations Around Recording Customers Who Enter My Business

As a business, you may consider installing video surveillance on your premises to discourage theft or ensure the safety of your customers and personnel. However, your business may suffer significant legal implications if you do not adhere to legal requirements around filming or recording customers that enter your store.


This article explains the legal requirements around the use of optical surveillance devices. Additionally, it considers the potential consequences of breaching customers’ privacy, as demonstrated by the 7-Eleven case. 

Is it Legal to Record Customers Who Enter My Business?

There are certain situations where it is not illegal to collect the personal information of individuals. This includes collecting their images or identity information. Installing optical surveillance devices, such as CCTV, which collect videos or images of customers that enter your business is legal. However, if you elect to record customers through these devices, you must comply with certain laws. 


The Privacy Act 1998 (‘Privacy Act’) applies to personal information and governs how businesses can handle their customers’ personal information. The Act will apply to a business if the business:

  • has an annual turnover of over $3 million;
  • provides a health service, or holds health information;
  • is a contractor for the Commonwealth government; or 
  • trades in personal information (e.g. sells personal information to other parties).

Such businesses will be ‘APP entities’ that must comply with the provisions of the Privacy Act

Suppose your business is covered under the law. Then any personal information that you collect through your surveillance devices must comply with the Australian Privacy Principles under the Act, which require you to: 

  • inform customers that you may capture their images before recording takes place. For example, you may post clear signage at the entrance of and throughout your premises, and install cameras in clearly visible locations on your premises to ensure adequate notification to customers that they may be under surveillance; 
  • ensure that any personal information recorded is stored securely, and either destroyed or de-identified when you no longer require the information. For example, you may delete CCTV footage of customers every month; and 
  • only use or disclose the information recorded for the primary collection purpose, for example, to seek action against a person who committed theft on your premises (or for a secondary purpose if an exemption applies).

May Preedeesanit
May 11

More Articles


Deciding on your retirement funding options comes down to personal choice. . If you’re close to...

Read full article

The Deadliest pandemics in History

Check out the Deadliest pandemics in...

Read full article

Middle-to-higher incomes boosting SMSF growth

The SMSF sector experienced healthy growth over the March quarter, with men and women on middle-to-higher...

Read full article

The superannuation changes from 1 July

The super changes on the way from the start of the 2024-25 financial year. . A number of...

Read full article

Investment and economic outlook, May 2024

Region-by-region economic outlook and latest forecasts for investment returns. . For the last...

Read full article

Downsizer contributions can be time critical

With the expansion of the downsizer contribution, the timing of when it is used can affect how to use...

Read full article

Deeming freeze a win for Age Pensioners

Why the decision to keep deeming rates on hold may be a window for interest rates.   . In...

Read full article

Plan now to take advantage of stage 3 tax cuts

With the stage three tax cuts set to be implemented in around six weeks, opportunities for tax-saving...

Read full article

Sofie Korac is an Authorised Representative (No. 400164) of Prudentia Financial Planning Pty Ltd, AFSL 544118 and a member of the Association of Financial Advisers.

Financial Advice Sydney and the North Shore Office based in Gordon NSW

Financial Services Guide - Disclaimer & Privacy Policy