Surveillance systems for your business involve more than knowing what camera system to use. Business owners need to know what their responsibilities may be, and what the legal pitfalls may be.

We reached out to Cam Shilling of McLane Middleton’s Information Privacy and Security Practice Group to learn more.

1. What obligations do I have as an employer to notify employees and customers that my premises are under surveillance, and how do I ensure I am legally protected?

Shilling: “In New Hampshire, our statute (RSA 644:9) is broader than the laws of some other states. New Hampshire prohibits non-consensual video surveillance in any ‘private place,’ as well as in public places if the recording captures oral, visual or other content that would normally not be perceived, such as through magnification. The types of places covered by New Hampshire’s law certainly include locations such as bathrooms, locker rooms, changing rooms, nursing rooms, sleeping rooms, hotel rooms, rental residences, tanning booths, private residences, bedrooms, etc., and also can include private offices, conference rooms, and other spaces where employees or customers reasonably expect a measure of privacy.”

2. In what ways do New Hampshire’s wiretap laws dictate my surveillance plan?

Shilling: “New Hampshire’s wiretap statute (RSA 570-A:2) prohibits the non-consensual recording of any oral communication. Thus, the law certainly governs telecommunications and other electronic communications, such as by phone, wave and audio files, video conference, etc., as well as other oral communications meant to be private, including conversations in spaces like reception areas, offices, conference rooms, shop floors, parking areas, etc.

“Like video surveillance laws, wiretap statutes prohibit only non-consensual surveillance. While some state and federal laws permit recording if only one party to the communication consents, New Hampshire and many other states require all parties to consent. Consent for purposes of wiretap laws generally can be either express or implied. Thus, employers that conduct audio surveillance can obtain consent in a variety of ways, ranging from signed consent, to distribution of a written statement concerning surveillance, to prominently posted signage.”

3. What are some employee rights when it comes to workplace surveillance? What are some important employer rights?

Shilling: “While video and audio surveillance laws provide overarching protections, employees may also have additional, contextspecific protections. For example, emerging privacy laws require notice and consent, and limit the collection and use of geolocation and biometric information of employees. Similarly, employees may be subject to a collective bargaining or other agreement that prohibits certain surveillance.”

4. What are some of the legal benefits of a cloud-based surveillance system?

Shilling: “Surveillance often captures information that is sensitive and/or legally protected, such as health and personally identifiable information. Data security laws require businesses that collect and use such information through surveillance to ensure that reasonable safeguards are in place to prevent the information from being lost or stolen. An appropriate cloud-based surveillance system may contain such safeguards. However, employers must conduct due diligence to ensure that any such cloud-based (system) they use actually affords those protections, and should enter into an appropriate information security agreement with the vendor.”

5. What is your No. 1 piece of advice for business owners putting together a surveillance plan?

Shilling: “Principles of information privacy and security law apply to video and audio surveillance. Those principles are as follows: (1) Conduct surveillance only if and to the extent doing so is necessary to protect your legitimate business interests. (2) Understand the different information privacy and security laws that apply to the surveillance being conducted. (3) Ensure that legally compliant notice is given and consent is obtained before conducting surveillance. (4) Ensure that the information collected and used is properly protected in compliance with data security laws.”

Cam Shilling founded and chairs McLane Middleton’s Information Privacy and Security Practice Group. He can be reached at cameron.shilling@mclane.com.