Jurisdiction - Australia
Australia – Council Captured In CCTV Privacy Breaches.

18 September, 2013


SF v Shoalhaven City Council [2013] NSWADT 94



  • In response to the New South Wales Administrative Decisions Tribunal’s decision, the NSW Government has amended the PPIP Regulations to specifically exempt council CCTV programs from certain IPPs.


Councils using CCTV cameras for the purpose of crime prevention should ensure:


  • any personal information recorded is relevant to the purpose of crime prevention;
  • the signage alerting people to the presence of CCTV cameras is sufficient to meet their privacy obligations;
  • the footage is of sufficient quality to be useful in preventing crimes (for example, faces and numberplates can be identified); and
  • adequate safeguards are in place against the loss, unauthorised access and misuse of personal information.

In SF v Shoalhaven City Council [2013] NSWADT 94, the New South Wales Administrative Decisions Tribunal ruled that the Shoalhaven City Council’s (Council) CCTV program contravened the Privacy and Personal Information Protection Act 1998 (NSW) (PPIP Act). The Tribunal did not accept that the Council’s CCTV program was exempt for “law enforcement purposes”, concluding that the Council was required to comply with the Information Protection Principles (IPPs) set out in the PPIP Act for any personal information it collected as part of its CCTV program.

In response to the Tribunal’s decision, the NSW Government amended the PPIP Regulations to specifically exempt council CCTV programs from certain IPPs.

The Application for Internal Review

The Council operates its CCTV cameras 24 hours a day within the Nowra CBD. The images are streamed live to a monitor, and stored on a hard drive, at the Nowra Police Station. Signs are located within the vicinity of the cameras to alert people of their presence.
An application for Internal Review was brought by a resident of Nowra who claimed that the collection and storage of his personal information through the Council’s CCTV program breached the IPPs.

The IPPs govern the collection, use, disclosure, access and storage of personal information by public sector agencies in New South Wales. Public sector agencies collecting personal information must take reasonable steps to ensure that:


  • individuals are aware that their information is being collected and the purpose of the collection;
  • the information is relevant to the purpose, accurate, up to date, complete and not excessive;
  • the information is secured against loss and unauthorised access, use or disclosure; and
  • individuals can ascertain whether their personal information is held by the public sector agency and gain access to the information.

The Applicant claimed the collection of his personal information was not relevant to the Council’s purpose of crime prevention because the CCTV program had not been successful in preventing crime, less than one per cent of the personal information gathered related to crime prevention and the footage was of such poor quality that offenders were unlikely to be identified.

The decision

The Tribunal ruled that the Council’s use of CCTV cameras was lawful as it was directly related to the Council’s crime prevention functions or activities.


However, the Council was not exempt from complying with the IPPs because the information was not collected for a “law enforcement purpose” .

The Tribunal found that the Council contravened IPPs 10, 11 and 12(c). The signs alerting people to the presence of the CCTV cameras provided insufficient details about the collection of their personal information, the collection was excessive, inaccurate and incomplete and the information was not adequately secured against loss, unauthorised access and misuse.

Implications for other councils

In other Australian jurisdictions, public sector agencies must comply with legislated information privacy principles that cover similar ground to the NSW IPPs.

In response to concerns by NSW councils following the Tribunal’s decision, the NSW Government amended the PPIP Regulations to specifically exempt council CCTV programs, in certain circumstances, from IPPs 11 and 18. These IPPs limit the disclosure of collected information and ensure it is relevant to the purpose of collection, not excessive, accurate, up-to-date, complete and not unreasonably intrusive.

These changes will not deter privacy advocates who argue that CCTV programs installed by councils for crime prevention purposes should prevent crime, be fit for the purpose of crime prevention and comply with existing privacy laws.

Councils using CCTV cameras for the purpose of crime prevention should ensure:


  • any personal information recorded is relevant to the purpose of crime prevention;
  • the signage alerting people to the presence of CCTV cameras is sufficient to meet their privacy obligations;
  • the footage is of sufficient quality to be useful in preventing crimes (for example, faces and numberplates can be identified); and
  • personal information is secured against loss, unauthorised access and misuse.



Ashurst Logo


For further information, please contact:


Amanda Ludlow, Partner, Ashurst

Sophie Hollier, Ashurst

Ffion Whaley, Ashurst


Ashurst TMT Practice Profile in Australia


Comments are closed.