Guidance and Information
Guidance on Covert Video Surveillance in the Private Sector
Introduction and scope
The Office of the Privacy Commissioner considers covert video surveillance to be an extremely privacy-invasive form of technology. The very nature of the medium entails the collection of a great deal of personal information that may be extraneous, or may lead to judgments about the subject that have nothing to do with the purpose for collecting the information in the first place. In the Office's view, covert video surveillance must be considered only in the most limited cases.
This guidance is based on the federal private sector privacy law The Personal Information Protection and Electronic Documents Act (PIPEDA), and is intended to outline the privacy obligations and responsibilities of private sector organizations contemplating and engaging in covert video surveillance. We consider video surveillance to be covert when the individual is not made aware of being watched.
This document serves as a companion piece to the following guidelines for video surveillance issued by this office: Guidelines for Overt Video Surveillance in the Private Sector (prepared in collaboration with Alberta and British Columbia) and Guidelines for surveillance of public places by police and law enforcement authorities.
Please note that the following is guidance only. We consider each complaint brought before us on a case-by-case basis.
PIPEDA requirements governing covert video surveillance
PIPEDA governs the collection, use and disclosure of personal information in the course of a commercial activity and in the employment context of federally regulated employers1. The capturing of images of identifiable individuals through covert video surveillance is considered to be a collection of personal information. Organizations that are contemplating the use of covert video surveillance should be aware of the criteria they must satisfy in order to collect, use and disclose video surveillance images in compliance with PIPEDA. These criteria are outlined below and address the purpose of the covert video surveillance, consent issues, and the limits placed on collecting personal information through covert video surveillance.
A common misconception is that organizations are released from their privacy obligations if covert video surveillance is conducted in a public place. In fact, under PIPEDA, any collection of personal information taking place in the course of a commercial activity or by an employer subject to PIPEDA, regardless of the location, must conform to the requirements described below.
The starting point for an organization that is contemplating putting an individual under surveillance without their knowledge is to establish what purpose it aims to achieve. What is the reason for collecting the individual’s personal information through covert video surveillance? Under PIPEDA, an organization may collect, use or disclose personal information only for purposes that a reasonable person would consider appropriate in the circumstances (subsection 5(3)).
In deciding whether to use covert video surveillance as a means of collecting personal information, an organization should closely examine the particular circumstances of why, when and where it would collect personal information and what personal information would be collected. There are a number of considerations that factor into determining whether an organization is justified in undertaking covert video surveillance. Given the different contexts in which covert video surveillance may be used, the ways in which the factors apply and are analyzed vary depending on the circumstances.
Demonstrable, evidentiary need
In order for the organization’s purpose to be considered appropriate under PIPEDA, there must be a demonstrable, evidentiary need for the collection. In other words, it would not be enough for the organization to be acting on a mere suspicion. The organization must have a strong basis to support the use of covert video surveillance as a means of collecting personal information.
Information collected by surveillance achieves the purpose
The personal information being collected by the organization must be clearly related to a legitimate business purpose and objective. There should also be a strong likelihood that collecting the personal information will help the organization achieve its stated objective. The organization should evaluate the degree to which the personal information being collected through covert video surveillance will be effective in achieving the stated purpose.
Loss of privacy proportional to benefit gained
Another factor to be considered is the balance between the individual’s right to privacy and the organization’s need to collect, use and disclose personal information. An organization should ask itself if the loss of privacy is proportional to the benefit gained. It may decide that covert video surveillance is the most appropriate method of collecting personal information because it offers the most benefits to the organization. However, these advantages must be weighed against any resulting encroachment on an individual’s right to privacy in order for a reasonable person to consider the use of covert surveillance to be appropriate in the circumstances.
Less privacy-invasive measures taken first
Finally, any organization contemplating the use of covert video surveillance should consider other means of collecting the personal information given the inherent intrusiveness of covert video surveillance. The organization needs to examine whether a reasonable person would consider covert video surveillance to be the most appropriate method of collecting personal information under the circumstances, when compared to less privacy-invasive methods.
As a general rule, PIPEDA requires the individual’s consent to the collection, use and disclosure of personal information (Principle 4.3). It is possible for covert video surveillance to take place with consent. For example, an individual can be considered to have implicitly consented to the collection of their personal information through video surveillance if that individual has initiated formal legal action against the organization and the organization is collecting the information for the purpose of defending itself against the legal action. It is important to note that implied consent does not authorize unlimited collection of an individual’s personal information but limits collection to what is relevant to the merits of the case and the conduct of the defence.
In most cases, however, covert video surveillance takes place without consent. PIPEDA recognizes that there are limited and specific situations where consent is not required (paragraph 7(1)(b)). In order to collect information through video surveillance without the consent of the individual, organizations must be reasonably satisfied that:
- collection with the knowledge and consent of the individual would compromise the availability or accuracy of the information; and
- the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province.
The exception to the requirement for knowledge and consent could, in certain circumstances, provide for the collection of a third party’s personal information.
In the employment context, an organization should have evidence that the relationship of trust has been broken before conducting covert video surveillance. Organizations cannot simply rely on mere suspicion but must in fact have evidentiary justification.
Regardless of whether or not consent is obtained, organizations must have a reasonable purpose for collecting the information.
C. Limiting collection
When collecting personal information, organizations must take care to limit both the type and amount of information to that which is necessary to fulfill the identified purposes (Principle 4.4). Organizations should be very specific about what kind of personal information they are looking to collect and they should limit the duration and scope of the surveillance to what would be reasonable to meet their purpose. Moreover, the collection must be conducted in a fair and lawful manner.
As well, organizations must limit the collection of images of parties who are not the subject of an investigation. There may be situations in which the collection of personal information of a third party2 via covert video surveillance could be considered acceptable provided the organization has reason to believe that the collection of information about the third party is relevant to the purpose for the collection of information about the subject. However, in determining what is reasonable, the organization must distinguish between persons who it believes are relevant to the purposes of the surveillance of the subject and persons who are merely found in the company of the subject. In our view, PIPEDA does not allow for the collection of the personal information of the latter group without their knowledge or consent.
Organizations can avoid capturing individuals who are not linked to the purpose of the investigation by being more selective during video surveillance. If such personal information is captured, it should be deleted or depersonalized as soon as is practicable. This refers not only to images of the individuals themselves, but also to any information that could serve to identify them, such as street numbers and licence plates. We advocate the use of blurring technology when required. Though we acknowledge its cost to organizations, we view the expenditure as necessary given that, pursuant to PIPEDA, the personal information of any individual can only be collected, used and disclosed without consent in very limited and specific situations.
The need to document
Proper documentation by organizations is essential to ensuring that privacy obligations are respected and to protect the organization in the event of a privacy complaint. Organizations should have in place a general policy that guides them in the decision-making process and in carrying out covert video surveillance in the most privacy-sensitive way possible. There should also be a documented record of every decision to undertake video surveillance as well as a record of its progress and outcome.
- Policy on covert video surveillance
Organizations using covert video surveillance should implement a policy that:
- sets out privacy-specific criteria that must be met before covert video surveillance is undertaken;
- requires that the decision be documented, including rationale and purpose;
- requires that authorization for undertaking video surveillance be given at an appropriate level of the organization;
- limits the collection of personal information to that which is necessary to achieve the stated purpose;
- limits the use of the surveillance to its stated purpose;
- requires that the surveillance be stored in a secure manner;
- designates the persons in the organization authorized to view the surveillance;
- sets out procedures for dealing with third party information;
- sets out a retention period for the surveillance; and
- sets out procedures for the secure disposal of images.
- Documenting specific instances of video surveillance
There should be a detailed account of how the requirements of the organization’s policy on video surveillance have been satisfied, including:
- a description of alternative measures undertaken and their result;
- a description of the kind of information collected through the surveillance;
- the duration of surveillance;
- names of individuals who viewed the surveillance;
- what the surveillance was used for;
- when and how images were disposed of; and
- a service agreement with any third party hired to conduct the surveillance, if applicable.
Best practices for using private investigation firms
Many organizations hire private investigation firms to conduct covert video surveillance on their behalf. It is the responsibility of both the hiring organization and the private investigation firm to ensure that all collection, use and disclosure of personal information is done in accordance with privacy legislation. We strongly encourage the parties to enter into a service agreement that incorporates the following:
- confirmation that the private investigation firm constitutes an “investigative body” as described in PIPEDA “Regulations Specifying Investigative Bodies”;
- an acknowledgement by the hiring organization that it has authority under PIPEDA to collect from and disclose to the private investigation firm the personal information of the individual under investigation;
- a clear description of the purpose of the surveillance and the type of personal information the hiring organization is requesting;
- the requirement that the collection of personal information be limited to the purpose of the surveillance;
- the requirement that the collection of third party information be avoided unless the collection of information about the third party is relevant to the purpose for collecting information about the subject;
- a statement that any unnecessary personal information of third parties collected during the surveillance should not be used or disclosed and that it should be deleted or depersonalized as soon as is practicable;
- confirmation by the private investigation firm that it will collect personal information in a manner consistent with all applicable legislation, including PIPEDA;
- confirmation that the private investigation firm provides adequate training to its investigators on the obligation to protect individuals’ privacy rights and the appropriate use of the technical equipment used in surveillance;
- the requirement that the personal information collected through surveillance is appropriately safeguarded by both the hiring organization and the private investigation firm;
- the requirement that all instructions from the hiring company be documented;
- a provision prohibiting the use of a subcontractor unless previously agreed to in writing, and unless the subcontractor agrees to all service agreement requirements;
- a designated retention period and secure destruction instructions for the personal information;
- a provision allowing the hiring company to conduct an audit.