Skip to content

Legal Considerations Around Recording Customers Who Enter My Business

As a business, you may consider installing video surveillance on your premises to discourage theft or ensure the safety of your customers and personnel. However, your business may suffer significant legal implications if you do not adhere to legal requirements around filming or recording customers that enter your store. This article explains the legal requirements around the use of optical surveillance devices. Additionally, it considers the potential consequences of breaching customers’ privacy, as demonstrated by the 7-Eleven case. 

There are certain situations where it is not illegal to collect the personal information of individuals. This includes collecting their images or identity information. Installing optical surveillance devices, such as CCTV, which collect videos or images of customers that enter your business is legal. However, if you elect to record customers through these devices, you must comply with certain laws. 

Restrictions 

The Privacy Act 1998 (‘Privacy Act’) applies to personal information and governs how businesses can handle their customers’ personal information. The Act will apply to a business if the business:

  • has an annual turnover of over $3 million;
  • provides a health service, or holds health information;
  • is a contractor for the Commonwealth government; or 
  • trades in personal information (e.g. sells personal information to other parties).

Such businesses will be ‘APP entities’ that must comply with the provisions of the Privacy Act

Suppose your business is covered under the law. Then any personal information that you collect through your surveillance devices must comply with the Australian Privacy Principles under the Act, which require you to: 

  • inform customers that you may capture their images before recording takes place. For example, you may post clear signage at the entrance of and throughout your premises, and install cameras in clearly visible locations on your premises to ensure adequate notification to customers that they may be under surveillance; 
  • ensure that any personal information recorded is stored securely, and either destroyed or de-identified when you no longer require the information. For example, you may delete CCTV footage of customers every month; and 
  • only use or disclose the information recorded for the primary collection purpose, for example, to seek action against a person who committed theft on your premises (or for a secondary purpose if an exemption applies).

Additionally, a business’ use of surveillance devices may also be subject to state and territory laws depending on where you reside. For example, in NSW, the installation, use, maintenance and retrieval of surveillance devices is governed by the Surveillance Devices Act 2007 (NSW) (the ‘Surveillance Act’). This strictly forbids the use of an optical surveillance device where such use involves entry into a premises or vehicle without consent of owner, occupier or lawful controller of the premises or vehicle.

Continue reading this article below the form
Loading form

Additional Considerations

Additionally, you should consider what obligations you may have to your employees. Each state and territory has different laws and regulations around the surveillance of employees. Generally, businesses should only monitor employees when they are ‘at work’. This means when they are at their workplace or elsewhere whilst performing work for the employer. 

In addition to installing surveillance devices in visible places, a business needs to have appropriate policies around surveillance. Additionally, it must adequately communicate and explain this to employees. In certain states, such as NSW, you may also need to give your employees a certain period of notice regarding the implementation of the surveillance. 

Front page of publication
Directors' Duties Complete Guide

If you are a company director, complying with directors’ duties are core to adhering to corporate governance laws.
This guide will help you understand the directors’ duties that apply to you within the Australian corporate law framework.

Download Now

7-Eleven Case

In 2021, the Office of the Australian Information Commissioner (‘OAIC’) began investigations into the convenience store group 7-Eleven for collecting facial images of customers who entered their store and completed surveys relating to their in-store experience. Between June 2020 and August 2021, over 1.6 million surveys were completed on tablets with built-in cameras in store to understand and improve customers’ store experience. 

In addition to taking pictures of their customers’ faces, 7-Eleven used the images to create algorithmic representations or ‘faceprints’. They held them for seven days and compared to other faceprints. This allowed 7-eleven to eliminate ingenuine survey responses from their results. Additionally, it gave them a broad comprehension of the surveyed customers’ demographic profiles. To notify their customers that their images may be subject to facial recognition technology, 7-eleven stores placed a notice at the store’s entrance and a message on their website.

In October 2021, the OAIC found the business had interfered with the privacy of its customers. In taking the customers’ face prints, 7-Eleven has collected sensitive biometric information. This was not necessary for the purpose stated and ‘not proportional to the impact on privacy’. 

Additionally, 7-Eleven did provide sufficient notice or acquire adequate customer consent. Therefore, they were acting in breach of their obligations under the law.

Front page of publication
Directors' Duties Complete Guide

If you are a company director, complying with directors’ duties are core to adhering to corporate governance laws.
This guide will help you understand the directors’ duties that apply to you within the Australian corporate law framework.

Download Now

Key Takeaways 

Before you install devices to record customers and their activity in your store, you must understand the legal restrictions and implications of installing such devices on your premises. Suppose you wish to record customers in store. In that case, you should seek advice before installing optical surveillance devices to ensure that you comply with your legal obligations. These include providing sufficient notice to your customers and other individuals who may be affected. 

If you require assistance with understanding your privacy obligations, our experienced contract lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 1300 544 755 or visit our membership page.

Frequently Asked Questions

Is it legal to film or record someone who enters my business?

Yes, but there are legal restrictions that you must comply with. Such legislation differs depending on your state or territory. If you choose to install optical surveillance on your premises, generally, you should ensure that you provide adequate notice to your customers that their image may be recorded, that any personal information recorded is securely stored and that any information is recorded, used and disclosed only as necessary.

What law governs recording customers on my business premises?

The Privacy Act 1998 (‘Privacy Act’) governs how businesses can handle their customers’ personal information. Additionally, you may be subject to State laws.

Register for our free webinars

ACCC Merger Reforms: Key Takeaways for Executives and Legal Counsel

Online
Understand how the ACCC’s merger reforms impact your legal strategy. Register for our free webinar.
Register Now

Ask an Employment Lawyer: Contracts, Performance and Navigating Dismissals

Online
Ask an employment lawyer your contract, performance and dismissal questions in our free webinar. Register today.
Register Now

Stop Chasing Unpaid Invoices: Payment Terms That Actually Work

Online
Stop chasing late payments with stronger terms and protections. Register for our free webinar.
Register Now

Managing Psychosocial Risks: Employer and Legal Counsel Responsibilities

Online
Protect your business by managing workplace psychosocial risks. Register for our free webinar.
Register Now
See more webinars >
May Preedeesanit

May Preedeesanit

Lawyer | View profile

May is a Lawyer in LegalVision’s Corporate and Commercial team. She assists businesses seeking advice on commercial contracts, or developing their online presence and operating in the e-commerce space.

Qualifications: Bachelor of Laws, University of New South Wales.

Read all articles by May

About LegalVision

LegalVision is an innovative commercial law firm that provides businesses with affordable, unlimited and ongoing legal assistance through our membership. We operate in Australia, the United Kingdom and New Zealand.

Learn more

We’re an award-winning law firm

  • Award

    2025 Future of Legal Services Innovation Finalist - Legal Innovation Awards

  • Award

    2025 Employer of Choice - Australasian Lawyer

  • Award

    2024 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2024 Law Firm of the Year Finalist - Modern Law Private Client Awards

  • Award

    2022 Law Firm of the Year - Australasian Law Awards