Trust Hub

Privacy is part of our product DNA. From our founding, we have strived to design and build our products and services with privacy in mind. We do this so that our platforms can provide our customers with the security and functionality they want – and in a way that respects the privacy of the people who interact with their organization. Our ongoing commitment to privacy begins with these principles:

• Ownership and Control
  Customer data – the data generated by using our products (such as camera footage) – is owned and controlled by our customers. Because of this, our customers can:

  • • choose how long camera footage is processed and stored on their devices
    • decide which video clips are archived and with whom they are shared
    • decide when authorized Verkada employees can view their footage solely for the purposes of troubleshooting and software development

  . . . and a whole lot more. We want our customers to fully own their data.

  Customers also control when and how their data is accessed or shared. For example:

  • • an organization’s admins decide who has access to their system — and what they can do with that access, using Command’s role-based access control
    • admins see the usage of their systems for compliance, internal controls or chain of custody purposes via audit logs maintained at both the device and organization level
    • we don’t commingle or aggregate customer data such as camera footage with other customers’ data without first express authorization
    • we don’t use customer data to improve our products and services without first asking for and getting consent from our customers
  • Verkada does not sell the data customers generate using our products — we don’t need to and we don’t want to.
• Privacy by Default
  We build our products and services with privacy in mind so that our platform gives our customers the security and functionality they want, in ways that respect the privacy of the people who interact with their organization. Verkada’s products are shipped without sensitive settings enabled by default . This way, customers don’t have to worry about settings out of the box and can enable these features when and if they want to. For example:

  • • by default, camera footage is stored on device, under control and ownership of our customer
    • our products only monitor people’s movements where cameras are installed
    • the People Analytics feature is disabled by default, giving the customer the control to decide if and when to enable it
• Transparency
  We’re committed to providing our customers with visibility into their system and settings so that they can take steps to comply with their own standards and provide visitors with visibility into their practices. For example:

  • • many of our features that touch on privacy issues are disabled by default, and when a user enables them, we provide in-product notifications to ensure users are informed and aware
    • customers can see what actions have been taken in Verkada’s Command platform, who has accessed data (including access by Verkada Support), and who else is actively accessing footage via Audit Logs
    • customers can share links to live feeds, and with the Active Viewers feature, administrators can see who is viewing feeds both inside and outside of their organization
    • if Verkada receives a law enforcement request for customer-generated data, we will inform the customer (unless we legally aren’t allowed to) so they have an opportunity to be heard before we turn over any of their data
    • customers can show those who interact with their system a list of the specific types of devices installed and which features are enabled on those devices at a specific site with Verkada’s Public Security and Privacy Disclosures

  We’re also committed to providing transparency into what data we collect, what we do with it, and how our products work. This information is provided in our Help Center and Datasheets and written into our Privacy Statement and End User Agreement.
• Data Minimization
  Verkada’s mission is to build products that protect people and places with privacy in mind. To do that we offer features that collect, present, or maintain data in amounts proportional to the particular use case. For instance,

  • • the Privacy Regions setting enables customers to prevent specific areas within a camera’s view from being recorded
    • features that may capture more sensitive data, such as People Analytics, are turned off by default, enabling our customers to be deliberate about their use of these features and what data they collect in the process
    • the Face Blur feature gives customers the option to blur faces when sharing archived footage with third parties
• Canadian Privacy Compliance FAQs
  Verkada’s products and solutions –cameras, access controls, intercoms and sensors– are designed to help customers collect and process personal information in a privacy-sensitive way. This Canadian FAQ provides a general overview of Canadian privacy law requirements and is designed to help our Canadian customers comply with their privacy obligations when using Verkada’s products and services.

  What Canadian privacy laws apply?

  In Canada, there are federal, provincial, public, private and health sector privacy laws that regulate the collection, use, disclosure and other processing of “personal information”, which is generally defined in Canada as information about an identifiable individual. This includes such things as names, contact information, geolocation, biometric information, still images, audio and video recordings , access logs or other records of site visits. While not expressly defined under Canadian privacy legislation, certain information such as biometric information is considered sensitive information and requires a higher degree of protection (more below).

  Canada’s federal private sector privacy law, the Personal Information Protection and Electronic Documents Act (“PIPEDA”), applies to organizations throughout the country that collect personal information in the course of commercial activity. Certain provinces, such as Alberta, Quebec and British Columbia, have enacted provincial legislation that may apply instead of PIPEDA when personal information is collected, used, or disclosed within the relevant province, however, these laws are broadly consistent with it.

  What should I know about PIPEDA ?

  PIPEDA is based on 10 fair information principles that regulate the manner in which organizations may collect, use, or disclose personal information. Key features of PIPEDA include:

  • • a broad concept of “personal information”, including not simply factual information such as contact information, personal ID numbers, ethnic origin, or blood type, but also subjective information such as opinions, evaluations, and comments, or information about social status

    • consent is generally required prior to the collection, use or disclosure of personal information, but it can be implied through the use of signage in the case of overt video surveillance in the private sector (more below)

    • sensitive data, like biometric data, however, may require express consent under certain circumstances and in some places, such as Quebec

    • an organization may collect, use or disclose personal information only for purposes that a reasonable person would consider are appropriate in the circumstances

    • personal information must be protected by appropriate security relative to the sensitivity of the information. Enhanced security safeguards will be expected by Canadian regulatory authorities when processing sensitive information, such as biometric information

  Does PIPEDA prevent the transfer of personal data outside of Canada?

  NO. Canadian privacy legislation does not prohibit organizations from processing personal information outside of Canada, including the United States, but organizations need to ensure that any personal information accessed, transferred or stored outside of the country is adequately protected.

  When using video surveillance in Canada, what are some key considerations?

  The following practices should be considered when deploying a Verkada product that enables video surveillance:

  • • Reasonableness: Video surveillance technologies should generally be implemented in a manner that is reasonable and appropriate under the circumstances, taking into account:

      • a proven need (e.g., history of theft, vandalism, drug use, assault)
      • establishing how cameras will help meet that need
      • balancing any loss of privacy relative to the benefit gained
      • whether there are less privacy-invasive ways to meet the need

    • Notice: Provide notice to individuals prior to the collection of personal information through video surveillance, which includes contact information in case the individual has questions or requests access to their images (e.g., signage before individuals enter the store/premises).

    • Transparency and openness: Include appropriate references to video surveillance (including the purposes for its use) in relevant internal and external privacy policies (posting them using Verkada’s Privacy and Security Disclosure feature can help).

    • Data minimization: Where possible, limit the collection of video surveillance to what’s truly necessary to meet your needs (e.g., consider the viewing range of cameras and/or the amount of time that cameras are recording).

    • Limitation on use: Only use the video surveillance you collect for the reasons you include in your notices/policies or as otherwise permitted by law (Verkada’s audit log and video share functions can help).

    • Safeguards: Store any recorded surveillance images or recordings in a secure location with limited access, and securely destroy video surveillance images or recordings when they are no longer required for the purposes for which they were obtained (Verkada’s security features provide these important safeguards, see more below).

    • Policies/Practices: Implement internal policies, practices and procedures related to the video surveillance tool(s).

    • Data Subject Access Requests (DSAR): Provide individuals with access to their video surveillance images or recording where permitted by Canadian privacy law (Verkada audit logs and video share mechanisms can help).

  How can Verkada help Canadian customers comply with their privacy obligations?

  Verkada’s products and solutions include the following privacy and security features:

  • • Data segregation: Customer instances are logically segregated on the Command platform (Limitations on use; Safeguards).

    • User access can be managed at scale: Customers grant access using role-based controls, and can further limit access to specific users on an as-needed basis (Limitations on use).

    • Access is monitored: Detailed audit logs are generated for both physical devices and user accounts (Safeguards).

    • Encryption: Data and other information generated through Verkada’s products and solutions is encrypted at rest and in transit (Safeguards).

    • Strong authentication: Multi-factor and single sign-on authentication methods are supported to gain access to Command (Safeguards).

    • Automatic system updates: System updates are automatically released on devices and the Command platform, ensuring that patches and updates are promptly deployed without user intervention (Safeguards).

    • Regular assessments: Verkada’s cloud security practices are regularly assessed by independent third parties, including through the use of penetration testing. Verkada maintains SOC2 Type2, ISO 27001/27017/and 27018 certifications. Audits reports are available to customers upon request (Safeguards).

    • Vendor management: Verkada conducts assessments of its third-party vendors to help ensure that they maintain the appropriate information security controls (Safeguards).

  For more information about Verkada’s information security practices and procedures, please see here.

  • • Locations: Verkada customers can choose from several cloud locations where their data can be stored, including the United States, Canada, Australia and Ireland. In addition, Verkada has EU, Australian and US cloud data centers where both data processing and storage are available.

    • Retention: Customers configure retention periods to suit their legal or business needs from as short as 30 to 365 days (or more) in the cloud.

  What about Privacy Impact Assessments in Quebec – how does Verkada help?

  In the Province of Quebec (and elsewhere in Canada where privacy-sensitive technologies, such as biometrics, are used or for public sector organizations in certain jurisdictions) customers may have to first complete a privacy impact assessment (PIA) before deploying video surveillance or other privacy-impacting technologies. Customers are responsible for completing their PIAs, which typically include questions about such things as choice of camera location, supporting internal policies, balancing privacy interests against business needs, etc. Those kinds of questions can only be answered by our customers, but information about Verkada’s security practices and procedures found here can help.

  More Information

  For more information about the use of video surveillance tools or the collection of biometric information in Canada, please see the following resources issued by Canadian privacy regulatory authorities:

  • Video Surveillance

    • Guidelines for Overt Video Surveillance in the Private Sector (Office of the Privacy Commissioner of Canada, March 2008)

    • Guide to Using Overt Video Surveillance (Office of the Information and Privacy Commissioner of British Columbia, October 2017)

    • Video Surveillance Guidelines for Public Bodies (Office of the Saskatchewan Information and Privacy Commissioner, January 2018)

    • Guidelines for the Use of Video Surveillance (Office of the Information and Privacy Commissioner of Ontario, October 2015)

    • Video Surveillance - Fact Sheet (Office of the Information and Privacy Commissioner of Ontario, November 2016)

    • Video Surveillance Guidelines (Office of the Information and Privacy Commissioner for Nova Scotia, December 2019)

    • Guidelines for the Use of Video Surveillance Systems in Schools (Office of the Information and Privacy Commissioner of Newfoundland and Labrador, February 2013)

    • Guidelines for Video Surveillance by Public Bodies in Newfoundland and Labrador (Office of the Information and Privacy Commissioner of Newfoundland and Labrador, June 2015)

    Biometrics

    • Data at Your Fingertips Biometrics and the Challenges to Privacy (Office of the Privacy Commissioner of Canada, February 2011)

    • Guidelines for identification and authentication (Office of the Privacy Commissioner of Canada, June 2016)

    • Draft Guidance for processing biometrics – for organizations (Office of the Privacy Commissioner of Canada, 2023)

    • Draft Guidance for processing biometrics – for public institutions (Office of the Privacy Commissioner of Canada, 2023)

    • Biométrie (French only) (Commission d’accès à l’information du Québec, September 2022)

    • Biométrie : principes à respecter et obligations légales des organisations (French only) (Commission d’accès à l’information du Québec, September 2022)

• EU Camera/Biometrics Laws and Regulatory Guidance (by Country)
  While the GDPR is broadly applicable across the EU, various countries have additional camera and/or biometric laws that apply to the use of video surveillance with or without biometrics. Likewise, local privacy regulators have differing views across the EU on how camera surveillance may be conducted under the GDPR. We examine some key country specific laws and regulatory guidance below to help our customers comply with their EU privacy obligations.
• Belgium

  Cameras

  The Camera Surveillance Act regulates camera use in Belgium. It applies to companies (public or private) that install cameras for the purpose of securing a premises. Other laws may also apply, such as labor laws, when posting cameras in the workplace. Customers subject to the Act must:

  • register cameras with the police before the service starts and annually thereafter
  • keep a register of the image processing as required by GDPR (with some additions for cameras)
  • post signs and stickers to the camera that include required notices
  • communicate a video surveillance camera policy

  There are limitations that may apply to private sector use of cameras in open spaces (any space not enclosed and freely accessible to the public, including public roads). Surveillance in open spaces is generally permitted by public authorities.

  Biometrics

  The processing of biometric data must satisfy the “necessary” and “proportionality” conditions of the GDPR. For example, where an employee is entering a highly sensitive area and badge access alone without a second factor ID would be inadequate. In addition, Belgian regulators may also require the explicit consent of individuals whose biometric information is collected and processed–a challenge in the private workplace given the imbalance of power between the employer and employee. Where an employer allows employees to choose from an array of authentication methods (physical badge, PassApp or PassApp with biometric integration) and the employee self-selects a biometric method, it may be easier to meet the standard.

  Technical requirements to consider – carefully position the camera so that it is not directed at a location for which you do not process the data (e.g. public highway)

  • restricting access those under a duty of confidentiality and only as needed
  • restrictions on sharing with third-parties, other than by policy or legal requirement
  • deletion of images after 1 month unless required as evidence of an crime / damage
• Finland

  Finland has two laws that regulate camera surveillance: the Act on the Protection of Privacy in Working Life (2004/79) and the Criminal Code of Finland (1889/39). The former allows the use of surveillance cameras for the purpose of:

  • protecting employees and other persons in the workplace
  • surveilling the proper operation of production processes, or
  • preventing/investigating situations that may endanger them

  Limitations on camera surveillance may apply to the surveillance of a particular employee(s) in the workplace or where privacy is expected - bathrooms, changing rooms or other similar places.

  Generally, employers may use surveillance in the workplace where it is essential for:

  • preventing a clear threat of harm or danger to an employee
  • preventing or investigating property crimes if the employee’s work is to handle money, securities or valuables, or
  • safeguarding an employee who is to be the subject of the surveillance

  The Finnish Criminal Code prohibits illicit observation, meaning unlawful watching or filming a person using a camera, in a private place (e.g., bathroom, dressing room or other similar place that is protected by domestic privacy) or that is closed to the public. The protection does not extend to public places to which the public has free access. Areas protected by the domestic privacy include a residential apartment and a hotel room where a person is staying, private events, other meetings closed to the public and a stay in a hospital.

• France

  There are no specific French camera laws, but there is regulatory guidance on biometrics. French regulators may consider whether there are less intrusive solutions for data subjects, such as a physical badge or an entry key, as a first step in determining whether biometric data collection is appropriate.

  In the employment context, restrictions on (or requirements for) camera use may apply, such as:

  • recording or transmitting an image in a private place without consent
  • filming is generally not permitted at:
    • workstations except where employees are handling money or valuables
    • employee break / rest areas
    • bathrooms
    • union / personnel representative offices
  • notice must be provided prior to use of video surveillance (e.g., via an HR privacy policy)
  • where cameras are used to control employee activity, consultation with works council may be required If the cameras are intended to film a place open to the public (public entrance and exit areas, shopping areas) provisions from the French Internal Security Code may also apply, notably that their use is subject to prior authorization.
• Germany

  In Germany, in addition to privacy laws, other local laws may also be relevant such as Artistic Copyright law, Criminal Law, Police Law and Assembly Law. These laws restrict:

  • public distribution or display of images without the consent of the person pictured, except in cases of public interest (e.g., images of a criminal act)
  • filming private areas (e.g., bedrooms and bathrooms), vulnerable people (victims of violence), or in such a way as to damage a reputation (absent an overriding public interest (e.g., the arts, science, research or teaching)
  • police use of video recordings to detect behavioral patterns (to be deleted after 72 hours), and surveillance of protests and assembly
• Netherlands
  The processing of biometric data must satisfy the “necessary” and “proportionality” conditions of the GDPR. For example, where an employee is entering a highly sensitive area and badge access alone without a second factor ID would be inadequate. In addition, Dutch regulators may also require the explicit consent of individuals whose biometric information is collected and processed–a challenge in the private workplace given the imbalance of power between the employer and employee. Where an employer allows employees to choose from an array of authentication methods (physical badge, PassApp or PassApp with biometric integration) and the employee self-selects a biometric method, it may be easier to meet the standard.
• Sweden

  In addition to the GDPR, the Swedish Camera Surveillance Act (Sw. Kamerabevakningslagen) imposes additional obligations and requires authorizations to be obtained by customers in some circumstances. It applies to cameras set up in Sweden (whether the company operating the cameras is in Sweden or not and regardless of whether biometric data is used). Prior authorization is required if the surveillance will take place in the performance of public interest tasks and will depend upon the location of cameras. For example, surveillance of a schoolyard and entrances may require prior authorization, but surveillance of classrooms or corridors typically would not.

  If an authorization is required, a designated form must be completed by the company (Verkada customer). The form is available in Swedish (only) here. The form must include:

  • identity of company that will carry out the surveillance or indicate if it will be managed by a third party (determined by customer)
  • purpose of the surveillance (determined by customer)
  • description of the surveillance, in particular equipment, location, area and time (determined by customer)
  • assessment of the need for the surveillance and the proportionality of the surveillance in relation to its purpose (determined by customer)
  • assessment of the risks to privacy and a description of mitigations measures (some of Verkada’s practices will help customers evidence how privacy risks are mitigated, for example, deletion of video recordings)
  • if not done by a public authority, which law or other statute, collective agreement or decision provides a legal basis for the camera surveillance
  • if applied in the employment context, an opinion from a safety representative, a safety committee or an organization representing the workers at the workplace must be submitted at the same time
  • customers may benefit from initiating a dialogue with the authority prior to applying for authorization and keep in regular communication throughout the process
• United Kingdom

  Cameras and biometrics

  The UK privacy regulator, the ICO, has issued specific guidance for organizations using video surveillance including CCTV, Automatic Number Plate Recognition (ANPR), Facial Recognition Technology and Biometric Data. The guidance is comprehensive and provides, for example:

  • Data Protection Impact Assessment (DPIA) will likely always be needed, even if not using biometrics, due to the inherent privacy risks involved with surveillance systems
  • processing of sensitive data, such as biometric data, requires a separate “appropriate policy document” explaining the procedures for complying with GDPR principles and the retention and erasure policy (to be regularly updated until six months after the processing ends)
  • records of processing documents be kept (documentation requirement of GDPR)
  • in the workplace:
    • consultation with employees may be needed, especially during the DPIA process
    • cameras should be targeted at particular areas of risk
    • continuous monitoring should be justified
    • alternatives to biometric recognition should be offered
  • use of CCTV for crime prevention also requires a data protection fee to the ICO
  • registration and payment can be done online (see here for more information)

  Technical requirements to consider

  • audio should be switched off by default; only used in exceptional circumstances
  • security measures should include:
    • restricted access and ability to make copies
    • sufficient safeguards when the systems are connected to a network
    • controls around disclosures to third parties
    • employee training
    • notice that misuse of surveillance systems could amount to a criminal offense
  • when using ANPR, databases must be kept up-to-date, accurate and of sufficient quality to prevent mismatches
  • cameras (and any algorithms used) must be of sufficient quality to prevent misidentification of a Vehicle Registration Mark
  • DPIA related to facial recognition must explain anti-bias measures
  • when using facial recognition technologies or other uses of biometric data, customers must be able to provide:
    • a “lawful basis” explanation as to why the use is necessary or in the public interest
    • why less intrusive options have been ruled out
    • an assessment of the likelihood that the objectives of using facial recognition technologies will be met and
    • an explanation as to how its effectiveness will be measured