Video cameras can reduce theft, support investigations, and help people feel safer at work, at home, and in shared spaces. They also record people. That makes CCTV a privacy program issue, not only a security purchase.
In Canada, the privacy rules that most often come up for private-sector video surveillance are found in PIPEDA (the Personal Information Protection and Electronic Documents Act) and the Office of the Privacy Commissioner of Canada (OPC) guidance. If your organization operates in British Columbia, you may also have obligations under BC’s private-sector law (PIPA), plus sector rules and contractual requirements. Still, PIPEDA-style expectations are widely used as a practical benchmark for privacy-safe CCTV.
Under PIPEDA, personal information is information about an identifiable individual. Video footage usually qualifies because a person may be identifiable by their face, body, clothing, gait, vehicle, or context.
That means your camera system needs the same care you would give to customer records or employee files: clear purpose, limited collection, controlled access, retention limits, and a way to answer questions or requests.
If your first draft of the plan is “we’ll record everything, everywhere, just in case,” you are already offside the core idea behind PIPEDA: collect only what you need for a legitimate purpose, and be open about it.
A common compliance gap is installing cameras first, then trying to justify them later. PIPEDA expects the reverse: define the problem you are solving, confirm video is a reasonable response, then design the system to match that purpose.
Write down the security or safety goal in plain language. “Reduce break-ins at rear loading bay between 10 pm and 6 am” is a better starting point than “general security.”
Before committing to cameras, document the less intrusive options you considered and why they are not enough on their own:
That short record becomes part of your privacy file. It also helps you defend the system if someone complains that surveillance is excessive.
PIPEDA does not require a formal Privacy Impact Assessment (PIA) for every private business camera, yet a structured privacy review is strongly recommended, and a PIA is a smart move for higher-risk sites (large multi-tenant properties, workplaces with sensitive operations, or systems that connect to cloud storage and remote viewing).
A practical privacy review for CCTV should cover:
Assign ownership, too. Under PIPEDA’s accountability principle, someone needs to be responsible for the program (often called a privacy officer), even if day-to-day tasks are shared with operations, IT, or a security provider.
Placement is where privacy and security meet. Your goal is coverage of high-risk areas without sweeping up unrelated activity.
Avoid areas with a high expectation of privacy (washrooms, change rooms, staff break rooms, private offices). For mixed-use buildings, be careful with sightlines that could peer into suites, balconies, or through windows.
Even in public-facing areas, you should limit “spillover” beyond your site. A camera pointed at your entrance can still be adjusted to reduce capture of a neighbour’s doorway or a public sidewalk that is not relevant to your purpose.
A few design techniques that help with PIPEDA-style collection limits:
In many retail, lobby, and parking contexts, consent is often handled through clear notice and the obvious nature of the surveillance. That is sometimes called implied consent. The condition is that people are told in advance, in a way they can actually see and understand.
Your signage should be placed at or before the point people enter the monitored area, and again where it helps reinforce awareness (lobbies, elevators, parkade entries). Signs should identify the organization operating the cameras, the purpose, and how to contact someone with questions.
If employees are in view, signage alone is not enough. Provide written notice through a workplace policy, handbook, onboarding materials, or a separate surveillance memo that explains where cameras are, why they exist, and what they will not be used for (example: not used for routine performance management).
The table below shows how the most relevant PIPEDA ideas translate into day-to-day CCTV requirements.
| PIPEDA principle (plain language) | What it means for CCTV | Practical evidence to keep |
|---|---|---|
| Accountability | Someone owns the CCTV privacy program | Named role, vendor list, access list |
| Identify purposes | You can explain why cameras exist | Written purpose statement, incident history |
| Limit collection | Cameras only capture what is needed | Placement plan, masking settings |
| Limit use and disclosure | Footage is used only for the stated purpose | SOP for review, disclosure log |
| Safeguards | Footage is protected against misuse | Password policy, encryption, audit logs |
| Openness | People can learn about the system | Signage, written policy, contact info |
| Individual access | People can request their personal info | Request process, redaction method |
| Retention and disposal | Keep footage only as long as needed | Retention schedule, wipe procedure |
Video can reveal habits, relationships, and timelines. Even when the scene seems ordinary, it can still be sensitive when tied to a person’s location.
Build safeguards into both the technology and the routine process. This is also where many organizations get caught by surprise, since modern IP camera systems behave like networked computers and can be targeted like any other system.
Good safeguard controls usually include:
Also consider how footage is handled during incidents. Copies created for investigation should be tracked. If clips are exported, label them, store them securely, and delete them when no longer needed.
PIPEDA does not set a universal retention period for CCTV. Your organization must choose one that fits the purpose and then apply it consistently.
Routine footage is often most useful in the first few days after an incident. Past that point, keeping everything “just because storage is cheap” creates privacy risk and increases what you must search if a request comes in.
A practical approach is:
Secure disposal needs to match the medium. Deleting a file is not always destruction. For many systems, the safest option is automatic overwrite on encrypted drives combined with controlled destruction of retired drives through a verified process.
People have a right to request access to their personal information, and that can include CCTV footage where they are identifiable. The practical challenge is that footage may also contain other people.
A workable process usually looks like this:
If you cannot provide footage without revealing third-party personal information, you may need to provide an alternative (example: allowing viewing under controlled conditions, or providing a still image with others masked), depending on the circumstances and legal advice.
Organizations often want to be helpful during an investigation. You still need a process.
Footage should be disclosed only when there is lawful authority or a clear basis under privacy law, and the scope should be limited to what is relevant. Keep a disclosure log that records the date, who requested it, what was disclosed, and the legal basis or rationale.
If you share video externally, avoid sending more than needed. Provide the shortest time window that captures the incident, not an entire day of recordings.
The “right” CCTV setup in a warehouse is not the same as the “right” setup in an apartment lobby.
In workplaces, employees may accept cameras for safety and loss prevention, yet continuous monitoring of desks, break areas, or time-on-task is likely to be viewed as intrusive unless there is a strong, well-documented need. Clear internal policy matters here, and managers should be trained not to use cameras casually to resolve everyday disagreements.
In residential and multi-tenant properties, residents may accept cameras at entrances, parking areas, and shared hallways, while objecting to cameras that capture inside units or track comings and goings in a way that feels like surveillance of private life. Aim for access points and high-risk assets, then reduce the view everywhere else.
Many organizations use a security company to help plan, staff, or respond to incidents supported by CCTV. That can improve outcomes, but it does not transfer your privacy obligations away from your organization.
A professional provider can help by building privacy requirements into site assessments, post orders, guard training, and incident handling routines. On Guard Security, for example, provides trained, ministry-licensed guards and rapid-response support across the Lower Mainland and broader BC, which can reduce pressure to rely on cameras alone.
When you bring in outside support, keep your governance tight:
Once the system is in place, ongoing compliance comes down to repeatable habits, not one-time paperwork.
Periodic reviews matter. Cameras get bumped, lenses get changed, and spaces get renovated. A short quarterly walk-through to verify camera views and signage can prevent months of over-collection you did not intend.
Copyright © 2019. - All Rights Reserved