Do You Have A Code Of Conduct For Technician Remote Access To Customer Systems?

You need a privacy policy statement that says under what conditions you'll access the customer's system and what you'll do with the information. For example, you might say that you'll only access the system in the course of troubleshooting activity, that you will not retain any video or if you do for how long and what purpose, that you will not share the video with anybody, that you may request the customer give you explicit permission before accessing their system, etc.

You may reserve the right to access the system in the course of making improvements. This is a big thing that cloud service providers like Google do and is of tremendous value to them--if you're okay with knowing they could look at your stuff at any time.

Basically you should treat the system/video like you would any other customer data for which you believe the customer has an expectation of privacy. Just be clear about the conditions under which you'd access it and make sure they sign off on that.

You can create your own policy, or have a lawyer do so if you really want to CYA.

We have a written privacy and data policy.

We have a privacy policy written into our employee handbook that gets signed by the employee. Remote access can also only be done from company equipment as well.

We also have a written policy but beyond civil penalties, our state classifies such access, following separation of employment as a crime. The law covers everything from burg panel codes to access credentials to surveillance systems, including the attached networks or physical premises. It ranges anywhere from a Class A misdemeanor to a Class 4 felony. Thankfully, we have never needed to have this enforced, but know of some competitors who had ex-employees charged.