Childcare CCTV Policy Pack (Victoria): Camera Use, Mobile Device Ban & Parent Access Templates

Introduction to Childcare CCTV and Mobile Device Policies in Victoria

Victoria’s early childhood education sector has introduced 2025 updates under the National Quality Framework (NQF) and new safety mandates. They prioritise integrated CCTV, mobile-device restrictions, and structured parent access—balancing safety with privacy. Services must adopt practical, compliant workflows to show due diligence and reassure families.

Key compliance requirements for Victorian early childhood centres (effective Sept 2025):
  • CCTV purpose & coverage: Define purpose (safety, incident review), where cameras are/are not (no bathrooms/change areas). State retention, encryption, and secure export.
  • Parent/guardian access: Written request flow with ID check, clear timeframes, privacy-first redaction, and a register of all requests/disclosures.
  • Mobile device restrictions: Ban personal phones around children; allow photos only on service-owned devices; maintain device sign-in/out; include visitor rules.
  • Storage, access & auditing: Role-based permissions, MFA for admins, automatic logs of views/exports; extend retention when an incident occurs.
  • Incident response & reporting: Escalate medical/safety events, bookmark/lock footage, and define cooperation with regulators/police—aligned to your risk register.
  • Privacy, consent & training: Run a privacy impact check, capture staff consent at induction, give annual refreshers, and review after incidents/tech changes.
  • Signage & notifications: Prominent entry/room signage noting CCTV, purpose, and contact details; provide translations or pictograms.
Generic policies rarely cover these obligations. A modern, integrated toolkit is essential for real compliance and child safety.

Schedule your free site visit now!

Call +61 406 432 691 or complete the form and we will contact you.

2025 Compliance Update · VIC & AU

Childcare & Education CCTV — what changed and how we make you compliant

National pilot: CCTV trial in ~300 childcare centres (2025) — higher expectations for coverage, storage and access controls.
Victoria: personal mobile device restrictions apply in early learning settings from 26 Sep 2025 — update your centre policies.
Privacy & surveillance laws: align with APPs (Privacy Act) and Surveillance Devices Act (VIC); exclude private areas and control access to footage.
Compliance Guide Secure Design Policy Pack
Last updated: 22 Aug 2025 • By Sipko Security (Melbourne)

Implementation checklist

  • Zone audit: entrances, corridors, play areas — exclude toilets/changerooms/sleep rooms.
  • NVR hardening: VLAN, MFA, no open ports, encrypted storage, audit logs.
  • Retention & access: 14–30 days baseline, parent access workflow, incident export.
  • Policy refresh: CCTV use + personal device restrictions; staff training & notices.
Sipko Security - CCTV System Management Policy in Melbourne

CCTV System Management Policy

CCTV Policy — Childcare Centres (Victoria)

A comprehensive CCTV policy is essential for childcare centres to ensure safety and compliance with Victorian regulations. The policy defines the purpose of surveillance and establishes clear rules for camera placement, access, storage, reporting, and staff training.

  • Purpose & legal basis: Surveillance supports child protection and incident prevention while complying with the Education and Care Services National Law and related regulations.
  • Camera placement: Cameras are permitted in common areas (playgrounds, entrances, hallways) and prohibited in private spaces (e.g., restrooms/change areas) to meet privacy standards.
  • Access controls: Viewing or sharing footage is restricted to authorised personnel (centre managers or regulators) using documented approval protocols.
  • Data retention & security: Footage is retained for 30–90 days with secure deletion thereafter, aligned to the Australian Privacy Principles (APPs). Use encryption, role-based access, and audit logs.
  • Incident reporting: Serious incidents trigger notifications to the Department of Education within 24 hours; processes cover bookmarking, preserving, and lawfully sharing footage.
  • Staff training & ethics: Induction and regular refreshers ensure ethical use of CCTV, privacy awareness, and correct handling of requests.
Tip: Keep a site plan of camera locations, a request log for all footage access, and an annual policy review record.

 📱 Mobile Device Restriction Policy

Personal Device Ban — Early Learning (Victoria)

Effective 26 September 2025, Victoria mandates a ban on personal mobile devices in early learning centres to enhance child safety. Staff must not use phones, smartwatches, or similar devices during work hours—except in designated areas or genuine emergencies. Service-issued devices may be used for defined tasks (e.g., documenting learning) under strict oversight, supported by secure storage lockers, periodic checks, and staff training on purpose, exceptions, and penalties. The policy aligns with national child-safety reforms and reduces risks of unauthorised recording and distraction.

At a glance
  • Who: All staff, students, contractors, and volunteers.
  • Where: Learning rooms, playgrounds, sleep areas, hallways (no personal devices).
  • Exceptions: Emergencies and designated break areas only.
Compliance anchors
  • Clear purpose & definitions.
  • Role-based permissions for service devices.
  • Audit, training, and enforcement pathway.

Scope & Prohibitions

  • No personal phones, smartwatches, tablets, earbuds or wearables in children’s areas during shifts.
  • Silent/airplane mode does not qualify as compliance; devices must be stored.
  • Visitors/contractors follow the same rule unless expressly exempted by the Approved Provider.

Service-Issued Devices

  • Permitted for documentation, incident logging, and family communication.
  • Mobile-device management (MDM), whitelisted apps, and cloud storage owned by the service.
  • Watermarked photos/video, auto-upload, and no local downloads to personal accounts.

Exceptions & Emergencies

  • Emergency calls (e.g., 000), critical health needs, or directed use by leadership.
  • Use occurs in a designated area where practicable; log the reason and time.
  • All exceptions are reviewable by the Nominated Supervisor.

Storage & Compliance Checks

  • Secure lockers at entry; store on arrival and retrieve at breaks/end of shift.
  • Random spot checks and sign-in/out register for device storage.
  • Non-compliance recorded; patterns trigger corrective action.

Training, Communication & Penalties

  • Induction + annual refreshers cover purpose, scenarios, exceptions, and reporting.
  • Visible signage for staff/visitors; family handbook update.
  • Penalties: warnings → formal discipline → termination; unlawful recording may require regulator/police notification.

Alignment & Rationale

  • Supports National Quality Framework and national child-safety reforms.
  • Reduces risk of unauthorised recordings, data leakage, and distraction.
  • Reinforces professional boundaries and consistent supervision of children.

Implementation Checklist

  • Publish policy + designate storage/phone-free zones.
  • Configure MDM for service devices; whitelist apps; enable audit logs.
  • Train staff; capture acknowledgements; schedule quarterly audits.
Note: Keep a register of exceptions, storage checks, and training completion. Review this policy annually or after any incident/technology change.
Contact Us

👪 Parent Access to Surveillance Footage Procedure

Managing parent requests for CCTV footage requires a balance between transparency and privacy under the Australian Privacy Principles (APPs). The procedure below ensures only authorised parents/guardians access footage of their child, satisfies NQF transparency expectations, and protects the privacy of other children and staff. Standard response time is within 30 days.

Parent Access to CCTV Footage — Standard Procedure
  • Verify identity: Sight and record details from photo ID (e.g., licence, passport) and match against enrolment records/court orders. Confirm parental responsibility and any restrictions.
  • Define scope: Narrow by child’s name, date, time window, and location to minimise exposure of others. Note the incident reference if applicable.
  • Register the request: Log date received, requester details, scope, due date (30 days), responsible officer, and status updates in the Access Register.
  • Assess lawful basis & risk: Apply APPs and service policy; consider child-safety risks, investigations, or legal holds that may limit disclosure.
  • Privacy & redaction: Where possible, provide supervised on-site viewing or a redacted copy (blur/crop/mute) to protect other children and staff.
  • Mode of access: Supervised viewing at the centre, or secure, time-limited download of a watermarked/redacted file. Avoid email attachments; use encrypted links. Record who viewed/collected.
  • Decision & communication: Issue an outcome letter (approve/partial/deny) with reasons—e.g., safety risk or legal constraint—and instructions on viewing/collection and review/complaint pathways.
  • Retention & audit: Preserve working copies while the request is active; maintain an audit trail of access/exports. Delete securely once no longer required, per retention policy.
  • Escalation: Refer complex cases (e.g., court orders, police matters) to the Approved Provider and legal/regulatory contacts promptly.
This structured, documented process meets transparency requirements while safeguarding privacy and centre operations. Clear, logged steps protect children’s privacy and build family trust.
Included templates: Parent CCTV Footage Request Form • Identity Verification Checklist • Decision Letters (approve/partial/deny) • Access Register & Chain of Custody • Redaction SOP & Viewing Protocol.
Sipko Security - Parent Access to Surveillance Footage Procedure in Melbourne

📊 Data Retention and Access Roles Framework

CCTV Data Retention & Access Roles Framework

A clear, role-based framework improves accountability and privacy compliance. Use the table below to define who can access what footage and who is responsible for retention and deletion aligned with the NQF and Australian Privacy Principles (APPs).
Role Access Scope Retention Duties
Centre Manager Full incident access; export/redaction approval; regulator liaison. Manage 30–90 day storage window; place legal holds; oversee secure deletion and audit logs.
Staff Supervised, view-only access for operational needs. Report issues/incidents; no storage configuration or deletion rights.
Regulators Full access on lawful request (e.g., notice, investigation). Audit compliance; direct extensions to retention for investigations.
Parents/Guardians Request-based, limited to their child; supervised viewing or redacted copies. No retention duties; centre preserves copies only while request is active.
Footage is stored on encrypted systems with role-based access and automatic deletion after the defined retention period. Use watermarked exports, maintain an access/decision register, and review settings annually to meet NQF governance standards.
Get your Victorian childcare CCTV compliance-ready
Be audit-ready for the NQF updates (from 1 Sept 2025) and the 2025 CCTV pilot. We help centres align with the APPs, Surveillance Devices Act (VIC), and Child Safe Standards—from camera placement plans and signage to retention policies, access workflows, and breach prevention training.
APPs — Privacy Act 1988 Surveillance Devices Act (VIC) Child Safe Standards NQF digital tech policies
Contact Us

We Help People In Solving House Security

Our works

What Our Clients Say

Frequently Asked Questions (FAQ)
1. On-prem NVR, hybrid, or cloud—what’s best for a small centre?
Hybrid is a practical default: keep recent, high-priority footage on a local NVR for low-latency access, and archive older video to encrypted cloud storage for redundancy and off-site safety.
2. How many channels and how much storage do we need?
For small centres, start with 8–16 channels. Use scalable disks (e.g., 4–8 TB) and H.265 compression. Plan headroom for growth and 4K streams.
3. Where should cameras be placed—and where are they prohibited?
Cover entries/exits, corridors, learning rooms and outdoor play. Do not place cameras in bathrooms, change/nappy rooms, sleep rooms, or private staff areas. Use 90–120° lenses to avoid blind spots.
4. What’s the right mounting height and lighting setup?
Mount at ~2.5–3 m to deter tampering and get a clear view. Assess lighting; deploy IR-capable cameras in shaded/low-light corridors and yards.
5. How do we secure the CCTV network against hacking?
Isolate CCTV on a dedicated VLAN; use PoE switches with VLANs and firewall rules. Enforce MFA, strong passwords, and VPN-only remote access. Disable Telnet/unused ports; patch firmware regularly.
6. What encryption and logging are recommended?
Encrypt NVR disks (AES-256), prefer encrypted streams, and enable immutable audit logs for access and configuration changes. Consider SIEM/IDS for alerts.
7. How long should we retain footage?
Adopt 14–30 days by default with secure overwrite. For higher-risk contexts, keep ≥31 days. Place an immediate legal hold for incidents until resolved (with auditable chain-of-custody).
8. Who can access footage and how are parent requests handled?
Limit access to authorised managers (RBAC + MFA). Under the APPs, parents may request footage of their child; respond promptly, applying redaction or supervised viewing to protect others’ privacy.
9. Can we record audio?
Avoid audio by default. Enable only with a lawful, documented purpose and clear notice—otherwise keep microphones disabled to avoid Surveillance Devices Act (VIC) issues.
10. What signage and commissioning checks are required?
Provide clear entrance signage (purpose, operator, contact) and keep documented policies. At handover, verify coverage/no blind spots, PoE power budget, error-free boot, sample exports with watermarks, and staff training completed.
Contact Us