In a recent NSW case of SF v Shoalhaven City Council [2013] NSW ADT 94, the Administrative Decisions Tribunal (Tribunal) has found that Shoalhaven City Council’s (Council) CCTV surveillance breaches the Information Privacy Principles set out in the Privacy and Personal Information Protection Act 1988 (NSW) (the NSW Act).

In terms of whether South Australian has similar laws, the simple answer is ‘no’. There is no equivalent to the NSW Act in South Australia. The Privacy Act 1988 (Cth) does not apply to Local Government.

That said however, it is perhaps important to consider any ‘privacy policy’ that your council may have in effect in the context of this recently decided case. This serves as a good reminder for council’s to review their CCTV policies to ensure they comply with their policy position and the legislation that does exist in South Australia relating to this issue.

Background

The Council operated a CCTV program in their area. There are signs indicating the presence of CCTV camera coverage throughout the Council area. Up to this point in time, the recorded images were retained on a computer hard drive located at the local police station. It was important to note that the general public cannot view any of the live footage.

Under an agreement between the NSW Police and the Council, the NSW police can apply to the Council for copies of the captured images.

Reason why action was brought

SF (the Applicant) originally requested that the Council carry out an internal review of the CCTV policy under the NSW Act. However, there was no evidence to confirm whether the Applicant was identifiable from any of the footage captured by the CCTV cameras. Therefore, the application was dismissed by the Council.

Consequently, the Applicant brought proceedings in the Tribunal as permitted under the NSW Act. The Applicant argued that the CCTV surveillance was intrusive and coercive in nature and he did not consent to being subject to CCTV surveillance.

Findings

Under the NSW Act, a council may only use CCTV camera to collect personal information that is directly related to a function or activity of the council. Also, the collection of that personal information must be “reasonably necessary” for that function or activity of the agency.

The Councils Crime Prevention Plan

The Council successfully argued that it has the authority to collect personal information as part of its crime prevention plan. It was considered CCTV surveillance was reasonably necessary to effectively implement the plan.

Even though the Tribunal found that the Council’s CCTV program was valid, the Tribunal found that the Council breached a number of Information Protection Principles prescribed by the NSW Act. These breaches are listed below:

  • Appropriate Signage - Not all of the CCTV cameras had appropriate signage to inform the public that their images were being recorded;
  • Was it being used for its purpose - The CCTV footage was not recorded for the “crime prevention” purpose but rather as additional information for the Police (expert evidence proved that CCTV surveillance did not prevent crime); and
  • Secure access - Council did not have appropriate procedures in place for access to the footage (i.e. a generic password would allow access to the footage).

Impact of the Tribunal’s Decision

The Tribunal found that the Council is to refrain from any conduct or action in contravention of an information protection principle or a privacy code of practice. The Council also has to provide a written apology to the Applicant and steps to be taken by the Council to remove possible future breaches.

Whether the Council will appeal the decision of the Tribunal remains to be seen. As it stands, the decision was handed down by a single member of the Tribunal (as opposed to a full sitting of the Tribunal) and therefore, some commentators might suggest it does not carry the same weight as a decision from the full sitting of the Tribunal. Also, the NSW Act is more prescriptive than any legislation currently in force in South Australia regarding this issue and therefore the decision could be viewed by many as being moderately ‘persuasive’. Council operations, so far as we are concerned as they relate to CCTV usage, in South Australia have not been similarly tested in this regard.

What could this mean for councils?

Councils are advised to review their existing privacy policies (if they have one) and satisfy themselves that they are operating within their policy, particularly in relation to any arrangements that they have with SAPOL.

This is a reminder for councils in South Australia to ensure that their CCTV programs comply with the purpose set out in their strategic management plans (for example ‘town safety’, ‘damage to infrastructure’, ‘anti graffiti’ may have reference to the council’s ability to ‘monitor’ or record data to limit vandalism and crime generally etc).

Additionally, councils should ensure safe and appropriate practices are followed by SAPOL regarding the access of the CCTV footage.

Norman Waterhouse has experience in drafting CCTV and security policies, Memoranda of Understandings with SAPOL, and providing risk assessment to councils who currently implement CCTV surveillance in their area.