Georgia security and surveillance regulations: what businesses must know

Georgia is a one-party consent state for audio recording under O.C.G.A. Section 16-11-62. Data breach notification is governed by O.C.G.A. Section 10-1-911 et seq. The state has no enacted biometric privacy statute equivalent to Illinois BIPA. Workplace video monitoring follows posted-notice norms. Hidden cameras in spaces where privacy is reasonably expected are off-limits under O.C.G.A. Section 16-11-62 and the related invasion-of-privacy provisions.

Camera-related state law

The governing statute is O.C.G.A. Section 16-11-62, which addresses unlawful eavesdropping, surveillance, and the use of devices to observe or record activities of another in a private place without consent. Georgia is a one-party consent state for audio: a participant in a conversation can lawfully record it. The statute also has criminal provisions for the use of hidden or covert surveillance devices in places where privacy is reasonably expected.

Video-only surveillance is treated more permissively. Recording video in places where a person has no reasonable expectation of privacy is generally lawful, with two practical caveats. First, posted notice is the standard for any commercial property and many lease agreements require it. Second, hidden cameras in places where privacy is expected (restrooms, locker rooms, fitting rooms, hotel guest rooms) are off-limits under O.C.G.A. sec. 16-11-62 and create criminal exposure.

Practical translation for a GA commercial install. Cameras with audio capture should be deployed only where the operator can document one-party consent or post unambiguous notice that audio is being captured. Most multi-site retailers, manufacturers, and logistics operators in GA default to video-only on the cameras.

Biometric data law

Georgia does not have an enacted biometric information privacy law as of 2026. Bills modeled in part on the Illinois BIPA framework have been introduced in recent GA legislative sessions, but none have passed into law. Operators should track GA legislative activity quarterly because the legislative posture has been moving toward more biometric-specific regulation.

That doesn't mean biometric capture is unregulated in GA today. The federal FTC Act and the FTC Safeguards Rule (16 CFR Part 314) reach biometric data handling for many businesses. O.C.G.A. sec. 10-1-911 governs disclosure of personal information in some contexts. GA businesses using facial recognition or fingerprint access control should still document consent, retention, and access controls so they can answer to either state-level enactment or a federal investigation.

Privacy in the workplace

Georgia does not have a single workplace electronic-monitoring statute. Pure video surveillance of common work areas with posted notice is the routine pattern. There is no single state-level requirement that the notice be in writing, but a documented workplace surveillance policy in the employee handbook is the standard practice.

Most GA employers issue a single workplace surveillance notice covering cameras, badge access, computer monitoring, and call recording together. Cameras in restrooms, locker rooms, lactation rooms, and other employee privacy areas are off-limits under O.C.G.A. sec. 16-11-62. Cameras in production lines, retail floor, loading dock, and warehouse aisles are routine when paired with notice.

Audio capture by an employer is regulated by the one-party consent rule under O.C.G.A. sec. 16-11-62. Continuously running camera audio without any participant consent creates exposure that's easier to avoid than to litigate. Most GA employers route audio capture through a separate documented intercom or call-recording workflow.

Public-place and common-area cameras

For commercial real estate, multi-tenant residential, retail, and hospitality, the practical rule set is consistent. Cameras in lobbies, hallways, exterior, parking, retail floor, and other non-private common areas are lawful with posted notice. Cameras in bathrooms, fitting rooms, hotel guest rooms, and any other space where privacy is expected are off-limits under O.C.G.A. sec. 16-11-62.

GA multi-tenant residential operators should also review the bylaws and lease covenants. Hotel operators handle guest-room signage at the door and at the front desk and document any guest-area camera coverage in the property security plan. Municipal ordinances in Atlanta, Savannah, and other GA cities can add notice or alarm-permit requirements for certain license categories.

Video retention requirements

Georgia has no single statewide video retention statute that applies to all commercial cameras. Retention is set by the regime that governs the industry.

Healthcare. HIPAA Security Rule (45 CFR Part 164) governs PHI-touching footage. Retention is typically 30 to 90 days at the facility, longer when an investigation is open.
Retail and hospitality with card data. PCI-DSS Requirement 9 specifies camera coverage of the cardholder data environment with 90-day retention.
Banking and finance. Federal banking regulators and the Georgia Department of Banking and Finance set surveillance and retention expectations through bank examination.
Schools. FERPA applies to K-12 districts and higher education. Georgia DOE guidance and district policy add detail.
Logistics, ports, and federal-touching freight. CTPAT, TSA, and federal contract terms can impose surveillance and retention obligations on warehousing and freight operators.
Federal contractors and grantees. NDAA Section 889 controls vendor selection. Retention is contractor-driven through the SSP or grant award terms.

Default retention for GA commercial systems with no specific industry rule is 30 days. Operators in higher-risk industries set longer retention with explicit written retention policies in the WISP, facility security plan, or SOP.

Notable enforcement examples

Georgia enforcement against businesses for surveillance, data security, and privacy issues runs through several channels. The Georgia Attorney General has brought consumer protection cases under the Fair Business Practices Act against businesses with documented data security failures. Cases under O.C.G.A. sec. 16-11-62 have addressed hidden cameras in private spaces and unlawful eavesdropping in commercial settings.

Federal HIPAA settlements have reached GA-based defendants where physical safeguards (facility access control, camera coverage of PHI areas) were a documented part of the breach. PCI assessor findings have triggered card brand penalties at GA retailers where camera coverage of the cardholder data environment was inadequate or retention was below 90 days. Real settlements are searchable on the GA AG and HHS OCR enforcement pages.

What Tec-Tel does to comply with Georgia regulations

Tec-Tel installs across Georgia for retail, manufacturing, healthcare, multi-tenant residential, financial, hospitality, and logistics customers. The default install pattern for a GA commercial site:

Video-only on cameras unless audio is documented with one-party consent under O.C.G.A. sec. 16-11-62.
Posted surveillance notice at every public entrance.
No cameras in restrooms, locker rooms, fitting rooms, hotel guest rooms, or other spaces where privacy is reasonably expected.
Retention configured to the regime that governs the industry (HIPAA, PCI, NDAA, CTPAT), with the facility's written retention policy attached to the install package.
Breach-notification readiness coordinated with the customer's privacy team for any system that captures personal information of GA residents under O.C.G.A. sec. 10-1-911 et seq.
NDAA Section 889-compliant vendor selection on any federal-touching install. No Hikvision, Dahua, Hytera, Huawei, ZTE, or covered OEM relabels.
Multi-vendor architecture so the customer is not locked into one camera or VMS line as state and federal rules evolve.

This is a buyer-facing reference, not legal advice. For a specific Georgia regulatory question, work with your privacy counsel.

Security service in Georgia

Tec-Tel deploys AI-era security across Georgia with one accountable project manager owning design, install, and service to one standard. The cities below have local service detail, deal sizing, and a free consultation. Don't see yours? We cover the whole state.

Or browse the full city directory and nationwide coverage map.

Frequent buyer questions

Is Georgia a one-party or two-party consent state for audio recording?

Georgia is a one-party consent state under O.C.G.A. Section 16-11-62. A participant in a conversation can lawfully record it without telling the other party. The statute also addresses unlawful eavesdropping and surveillance, including the use of devices in private places without consent. Most GA commercial camera installs default to video-only on the cameras and skip audio entirely, because audio rules get more complicated when recording happens automatically without an active human participant in the room.

What does O.C.G.A. sec. 16-11-62 prohibit?

O.C.G.A. Section 16-11-62 covers unlawful eavesdropping, surveillance, and the use of devices to observe, photograph, or record activities of another in a private place without consent. The statute also addresses the use of pinhole or hidden cameras and similar covert surveillance devices in spaces where privacy is reasonably expected, with criminal penalties. The one-party consent rule for audio recording is built into the statutory framework as an exception to the broader eavesdropping prohibition.

Do I have to tell Georgia employees they're being monitored on camera?

Georgia does not have a single statute requiring written notice for general workplace video surveillance. Posted notice at the property is the standard practice for any GA commercial site, and most GA employers issue a single workplace surveillance notice in the employee handbook covering cameras, badge access, computer monitoring, and call recording. Cameras in restrooms, locker rooms, and other employee privacy areas are off-limits under O.C.G.A. sec. 16-11-62 and create criminal exposure.

What's the data breach notification rule in Georgia?

O.C.G.A. Section 10-1-911 et seq. requires information brokers and data collectors to notify Georgia residents whose personal information was acquired by an unauthorized person. The personal-information definition covers name plus a Social Security number, driver's license, financial account number, or account password. Notice is required without unreasonable delay. The Georgia Attorney General receives related consumer-protection complaints. The statute is narrower in scope than some other state breach-notification laws, particularly with respect to biometric records.

Can I put cameras in GA apartment building common areas?

Yes, in non-private common areas like lobbies, hallways, parking, mailrooms, gyms, and laundry rooms. Bathrooms, locker rooms, dressing rooms, and any other space where a person has a reasonable expectation of privacy are off-limits under O.C.G.A. sec. 16-11-62. Posted notice at the building entrance is the standard practice. Co-op and condo boards often have additional bylaw requirements that go beyond state law, so check the governing documents before installation.

Does Georgia have a biometric privacy law like Illinois BIPA?

Not as enacted state law. Georgia has had biometric privacy bills introduced in recent legislative sessions, but none have passed into law as of 2026. GA businesses that operate in Illinois, Texas, or Washington still need to comply with those state biometric statutes. GA-only operators using facial recognition or fingerprint access control should still document consent, retention, and access controls because the federal FTC Act and Safeguards Rule reach biometric data handling for many businesses.

Are there special rules for cameras in Georgia schools?

GA public schools follow federal FERPA (20 U.S.C. 1232g) for identifiable student footage, which can qualify as an education record. The Georgia Department of Education publishes guidance on school security and many districts have a board-adopted camera policy with retention and access rules. SVPP and NSGP grant-funded camera projects at GA schools carry NDAA Section 889 procurement requirements. Higher-education campuses follow FERPA plus University System of Georgia policy.

Are there notable GA enforcement actions against businesses for surveillance or privacy issues?

The Georgia Attorney General has brought consumer protection cases under the Fair Business Practices Act against businesses with documented data security and privacy failures. O.C.G.A. sec. 16-11-62 has produced criminal cases involving hidden cameras in private spaces and unlawful eavesdropping. Federal HIPAA settlements have reached GA-based defendants where physical safeguards were a documented part of the breach. Real settlements are searchable on the GA AG and HHS OCR enforcement pages.

Start with a free consultation.

Tell us what you're protecting and what's already in place. The Tec-Tel team reviews it and comes back with a written plan.

Tell us how many sites you run and what's already in place. We'll show you what a build or upgrade looks like.

Straight answers from the team that does the work. We're platform-agnostic, so you get the system that fits your sites, not one brand's catalog.

Since 2010 · 1,000+ deployments nationwide · ISN-accredited

Book a free consultation 855-577-0400

Georgia security and surveillance regulations: what businesses must know

Camera-related state law

Biometric data law

Privacy in the workplace

Public-place and common-area cameras

Video retention requirements

Notable enforcement examples

What Tec-Tel does to comply with Georgia regulations

Security service in Georgia

Frequent buyer questions

Compliance reference

NDAA Section 889

Florida regulations

Texas regulations

Retail security

Start with a free consultation.

How can we help?