You may reserve the right to access the system in the course of making improvements. This is a big thing that cloud service providers like Google do and is of tremendous value to them--if you're okay with knowing they could look at your stuff at any time.
Basically you should treat the system/video like you would any other customer data for which you believe the customer has an expectation of privacy. Just be clear about the conditions under which you'd access it and make sure they sign off on that.
You can create your own policy, or have a lawyer do so if you really want to CYA.
We have a written privacy and data policy.
IPVMU Certified | 09/15/15 12:09am
We also have a written policy but beyond civil penalties, our state classifies such access, following separation of employment as a crime. The law covers everything from burg panel codes to access credentials to surveillance systems, including the attached networks or physical premises. It ranges anywhere from a Class A misdemeanor to a Class 4 felony. Thankfully, we have never needed to have this enforced, but know of some competitors who had ex-employees charged.