Security and other video camera usage has become nearly ubiquitous these days. Nonprofits regularly install and often use cameras around entryways for security purposes and for monitoring children’s programs, as well as for now similarly commonplace videoconferences. Depending on the context, such camera usage may deter crime, promote safety, and provide peace of mind to staff, volunteers, and guests. Focusing here on camera usage for security and programming purposes, such practices can be very beneficial for nonprofit organizations. As a key resulting question: How long should a nonprofit retain such data? Additionally, what else should responsible nonprofits consider and do in connection with their capacity to record video footage and possibly use it later?
Applicable Legal Standard for Video Footage Retention
How long are nonprofits legally required to retain video footage? Short answer: there is no such legal requirement, absent a “litigation hold” (as addressed below). Nor does any currently specific “industry standard” apply for nonprofits, such as for churches, childcare facilities, youth programs, or other social services. Recommendations can vary widely, and this technological area continues to evolve rapidly.
Given this background, it likely may be best for nonprofits to do the following: (1) establish their own requirements, in light of relevant operational, desired risk management goals, and additional cost-related factors: (2) remain consistent with the adopted requirements; and (3) understand the circumstances that may warrant departures. Additionally, nonprofits should stay attuned to “best practices” trends, such as may be directed from childcare licensing regulators or other authoritative sources.
Data Retention Policy Components
Nonprofits may handle such matters on an ad hoc basis or through an established policy. Generally speaking, a written policy is highly recommended. Using a written policy should promote consistency as well as clarity, provided that nonprofit leaders and other personnel are aware of such policy and follow through on its usage. A written policy should specifically address video footage, including underlying reasons for using cameras, goals to be achieved (e.g., security), applicable retention periods, and deletion of such data.
Such parameters could form part of a nonprofit’s existing (or newly adopted) broader records retention policy, or it could be a standalone policy. Such policy dimensions are addressed in further detail in our law firm’s related blogs on recording meetings, best practices for record retention policies, and data privacy legal compliance too. Particularly with respect to record retention, such protocols should address what types of data must be retained (and for how long), how various forms of data are to be stored, when and how they are to be deleted or destroyed, and who is responsible for implementing these procedures.
With respect to deletion, the policy should further address whether data will be automatically overwritten by ongoing camera recording, automatically deleted by the cloud storage provider, or via manual deletion. Automated deletion may be a best approach, since it promotes consistency and avoids the need for affirmative measures to be taken. However, caution should be exercised in light of occasional reasons to override automatic deletion and to preserve certain data (as addressed further below), and the written policy should provide for such potential variances. Additional considerations specific to video footage apply too, as follows.
Consider Applicable Legal Requirements – and Privacy Too
A video recording policy and any related protocols should squarely reflect compliance with applicable laws governing surreptitious recordings. Many states have “one-party consent,” while other states have “two-party consent” laws – indicating whether only one party’s consent is required (e.g., the nonprofit with the security camera), or both (including those on camera). Notably, such laws typically apply to audio recordings, but not necessarily video only. Additionally, they are often criminal laws, with accompanying criminal penalties. Some safeguards include the following: (1) check applicable state law; (2) for videoconferences, remember to check the state law for all participants’ locations; (3) indicate at the beginning of any videoconference that it will be recorded and, optimally, get all participants’ affirmative consent; and (4) post clear signage by video cameras (e.g., “You are being recorded,” or “Camera recording in process.”)
Beyond specific state laws, evaluate related privacy aspects too. Whether a certain law applies or not to video recordings, people have additional “tort”-related rights (i.e., providing private rights of action) such as to protect against invasion of privacy. Consequently, and particularly with respect to any potential disclosure to others of video footage, nonprofit leaders should determine whether to decline such disclosure, to blur (or otherwise obfuscate) some people’s faces or other distinguishing characteristics, or further address privacy issues such as by seeking advance or later express consent.
With these considerations in mind, only authorized individuals should be able to access any video footage. Nonprofit staff, volunteers, guests, and others each hold a reasonable expectation of privacy that is legally protected, especially when children are involved. Improper access to these videos could result in significant liability.
Consider Costs
For many nonprofits, video recording equipment and storage options may raise significant cost issues. It may be financially feasible to only have a few cameras in place, and to retain resulting data for 30 days (or less). As part of such financial aspects a nonprofit’s ability to manage and retrieve resulting data may be relevant too. As technology continues to advance, such considerations may change – particularly as equipment and data storage options become cheaper. A good policy should keep up with such trends – with periodic updates as warranted (e.g., from 30 days’ retention to 60 days).
Using Video Footage
When would a nonprofit use its video footage? In addition to desired deterrent effects, video footage may capture a crime being committed. A police investigation may involve a subpoena or other request for recorded video footage. A nonprofit thus should be ready to cooperate with any such investigation, preferably with assistance of legal counsel to navigate through potential ancillary issues as may arise.
Video footage may be beneficial as well for a variety of other contexts, such as to address allegations of non-criminal wrongdoing within employment situations, childcare programming, or other nonprofit activities. Keep in mind that video footage could clear someone of wrongdoing – or the opposite, by showing that someone engaged in misconduct. To the extent any such misconduct could be attributable to a nonprofit, such as through legal theories of “respondeat superior” or agency law, the nonprofit could face resulting organizational liability.
What should responsible nonprofits do? It is certainly impossible to predict the future, though not necessarily wise to refrain from using video cameras solely because of potential nonprofit liability. On balance, nonprofit leaders may prefer to use video cameras, even with such risk. Consequently, keep the following pointers in mind:
1. Maintain the video footage for the prescribed period, per above (e.g., 30 days), and stay consistent;
2. Allow only authorized access, as a general rule (e.g., supervisors);
3. When others ask for access, pause to evaluate all related circumstances, consult with legal counsel as warranted, and potentially decline to grant such request;
4. Consider too whether it may be helpful, on balance, to grant access to others – such as to clarify that any alleged wrongdoing did not actually occur;
5. Remember privacy interests at stake, per above;
6. Determine whether to provide requested access only pursuant to legal action, such as a subpoena or other formal request via litigation; and
7. Delete (or otherwise destroy) video footage according to a consistent schedule per a record retention (or video recording policy), preferably via automated processes except as follows.
Retaining Video Footage for Incidents and “Litigation Holds”
When an incident arises that has been captured on video, it may be beneficial to check the footage and then store it for longer than otherwise normally kept. To do so, authorized users may need to override an automated feature of the data storage system. Careful and prompt follow-through may be warranted. For example, consider a child who falls on a nonprofit’s playground, is injured, and taken to the emergency room for medical care. If such fall is captured on video, authorized individuals should access the video footage and identify relevant information – typically as quickly as possible, depending on the circumstances. Such video footage should be retained for longer than the prescribed time period, as part of a written incident report and otherwise in case of any later inquiry or potential civil lawsuit for personal injuries.
Sometimes an attorney, government agency, or other party will issue a letter known as a “litigation hold” notice, instructing an organization or person to not destroy documents or other data – pending a potential lawsuit or other inquiry. Recipients of such “litigation hold” letters should take them seriously, override any automatic deletion of identified data, refrain from any other document or data destruction or deletion, and consult with legal counsel as warranted.
Failure to comply with such measures may result in potential liability or other attribution of culpability, depending on how the matters at issue proceed. It therefore may be vitally important for nonprofit leaders to inform their board, staff, volunteers, and others to refrain from any deletion or destruction of affected data.
One school learned that lesson the hard way in the 2021 reported case of J.K. v. Bellevue School District No. 405 (500 P.3d 138). The school learned of alleged bullying, received a litigation hold letter from the victim child’s attorney, and had security cameras that could have provided relevant evidence. The camera footage was nevertheless deleted, however, because the responsible school personnel did not follow through with the litigation hold directives. As a result, the court assessed $500,000 in liability against the school for “spoliation of evidence.”
Keep in mind too that a video retention policy requiring 30 days retention (or shorter) may not sufficiently provide for later-asserted claims. Adverse claims sometimes are not asserted for several months or even years, depending on applicable statutes of limitations. For example, a statute of limitation for personal injuries is often two years, depending on state law. But when injuries involve a child (e.g., sexual abuse), the statute of limitations may be “tolled’ (i.e., extended) under various circumstances, and a new trend has emerged for no statute of limitations period (e.g., Colorado). It may well be impractical (from a cost standpoint), and otherwise inadvisable (such as for protecting individuals’ privacy) to retain video footage indefinitely. Responsible leaders thus should be mindful of all relevant considerations, follow through consistently via written policy and related protocols, and remain attentive to special circumstances warranting longer data retention.
