MCI's response to PQ on regulation of CCTVs
Parliament Sitting on 1 April 2019
QUESTION FOR WRITTEN ANSWER
1226. Mr Ang Wei Neng: To ask the Minister for Communications and Information whether the Ministry has plans to better regulate the installation and access to CCTVs installed in public and private premises in the wake of the recent outcry of CCTVs in a private gym.
The Police Licensing and Regulatory Department requires any person who provides CCTV installation or maintenance as a service to have a Security Service Provider licence under the Private Security Industry Act. These licensees must undergo security screening to ensure they are fit and proper persons to provide security services.
In addition, under the Personal Data Protection Act (“PDPA”), organisations are required to notify individuals of the purpose and obtain their consent to collect, use or disclose their personal data, including those captured by CCTV recordings. Also, organisations are required to protect personal data in their possession or control by making reasonable security arrangements.
The Personal Data Protection Commission (“PDPC”) has issued advisory guidelines to help organisations deploying CCTVs comply with the PDPA. The advisory guidelines provide examples of good practices, such as placing notices at points of entry to a building or prominent locations in a venue, where individuals are able to read the notices prior to the collection of their personal data by CCTVs.
Organisations that install CCTVs but fail to notify or obtain consent from an individual for the collection of his/her personal data, or fail to protect such personal data, are liable for breaching the PDPA. The PDPC will investigate and take enforcement action for breaches, which include issuing directions and imposing financial penalties.