Pennsylvania Video Surveillance Laws

Security teams should manage Pennsylvania video surveillance compliance as a governance issue that includes privacy expectations, operational purpose, documented controls, and camera-placement decisions before cameras are deployed or modified.

How Pennsylvania Regulates Surveillance

Two statutes carry most of the weight for enterprise security teams. The first is the Wiretapping and Electronic Surveillance Control Act, codified at 18 Pa.C.S. Chapter 57. The second is the invasion of privacy statute at 18 Pa.C.S. § 7507.1, which criminalizes certain recording in private spaces; Pennsylvania publishes that provision in Chapter 75.

Pennsylvania analyzes surveillance through reasonable privacy expectations. Under the Wiretap Act, oral communications are protected only where a speaker holds a reasonable expectation that the conversation will stay private. For video programs, the same privacy-expectation analysis helps determine which spaces are appropriate for routine camera coverage and which require legal review.

Where Surveillance Is Allowed and Where It Is Prohibited

Security teams generally treat many workplace and commercial spaces as appropriate for silent video when no privacy expectation is present. Entrances, lobbies, retail floors, warehouses, corridors, and parking lots usually present lower privacy expectations, and video-only coverage in these areas is generally permitted.

The prohibited zones are defined by privacy expectation. Section 7507.1 criminalizes recording a person in nudity, or capturing intimate parts, in a place where that person could reasonably expect to disrobe in privacy. As written, the statute is scoped to conduct done for sexual gratification, but that intent element defines the criminal-law boundary for § 7507.1. Privacy risk should drive camera-placement decisions in private spaces. A camera in a restroom, locker room, or changing area can create substantial privacy risk even when a team has a security purpose. Security teams should treat these locations as off-limits absent specific legal review.

Break rooms and private offices used for confidential meetings can sit in a high-risk middle ground because they may present privacy expectations. A conservative internal policy is to require specific legal review before cameras are placed in those areas. Workplace camera review should begin with placement, purpose, and capture settings.

Healthcare and residential operators face an additional layer. Pennsylvania House Bill 1428 prohibits electronic monitoring devices in bathrooms within residential facilities and allows nonconsenting residents to condition consent on cameras being pointed away from private areas.

Video Versus Audio Under the Wiretap Act

Pennsylvania treats silent video and audio-enabled surveillance differently.

Audio Settings Before Deployment

Pennsylvania imposes strict audio-consent requirements, so security teams should verify microphone settings before deploying or modifying a camera program. Microphones create interception issues. Cameras in spaces used for confidential meetings may raise privacy expectations.

Interception Risks Under Section 5703

§ 5703 criminalizes intercepting a communication, disclosing the contents of an illegally intercepted communication, and using one. Each covered act is a felony of the third degree. The Act applies to wire communications, such as telephone calls, and oral communications, meaning spoken communications made with a justified expectation that they are not subject to interception.

For camera programs, the practical concern is audio capture of conversations in which the speakers have a reasonable expectation of privacy. Security teams should treat illegally intercepted recordings as legally compromised evidence.

Consent and Federal Comparison

The primary enterprise exception is § 5704(4), which permits interception where all parties have given prior consent. Pennsylvania requires all-party consent for audio recording. Federal law permits one-party consent in some circumstances, and that disparity is the source of many avoidable surveillance violations in the state.

Federal Definitions and Prohibitions

The federal Wiretap Act, amended by the Electronic Communications Privacy Act, uses definitions focused on aural acquisition, which separates audio interception from silent video, and its core prohibition appears at 18 U.S.C. § 2511. Its one-party-consent allowance falls away where a recording is made to commit a criminal or tortious act under state law, so Pennsylvania's stricter all-party standard governs audio-enabled deployments.

Consent Documentation and Signage

Consent must be genuine. Written policies and signed acknowledgments can help document consent, while statutory prior consent from all parties remains required. A video-only posted sign documents video notice only. Audio capture depends on prior consent from all parties before the conversation occurs.

For video-only coverage in areas without a privacy expectation, signage is a best practice for notice. Compliant video-only signage should state that video recording is in use and avoid any implication that audio is captured, since audio still requires every party's consent.

Exterior Deployments and Civil Exposure

Exterior deployments create exposure when parking-lot and property-line cameras capture audio from non-employees and neighboring businesses. Some deployments may include microphones that must be disabled unless a lawful consent basis exists, so a video-only program can become an audio-recording program without the operator intending it. Beyond criminal liability, anyone whose communication is unlawfully intercepted has a civil cause of action under § 5725 for actual damages, punitive damages, and attorney's fees.

Data Privacy, Storage, and Retention

Pennsylvania's breach-notification law is a data-breach framework, while CCTV-specific retention schedules require separate surveillance-program policy decisions. The data law most likely to apply is the Breach of Personal Information Notification Act (73 P.S. §§ 2301–2329), which was recently amended.

BPINA covers computerized personal information of Pennsylvania residents, meaning a resident's name combined with a defined sensitive identifier. Raw video footage and biometric data are outside the items listed in BPINA's definition. Where BPINA does apply, encryption provides a safe harbor. A breach triggers notification to affected residents, and notification to the Pennsylvania Attorney General is required only when more than 500 Pennsylvania residents must be notified or when a state agency experiences a breach.

Building a Defensible Surveillance Program

Teams that choose camera locations based on privacy expectations, disable camera audio by default, and document consent under a Section 5704 exception keep their programs on the right side of the state's surveillance rules.

The strongest programs build these checks into procurement so a microphone never goes live without a documented consent basis. Retention, vendor storage, signage, access controls, and legal review for high-risk spaces should be handled as part of the surveillance program before cameras are installed or modified.

Frequently Asked Questions

What are the penalties for violating Pennsylvania's all-party consent requirement for audio recording under the Wiretap Act?

Violating Section 5703 constitutes a third-degree felony under Pennsylvania law, carrying potential imprisonment of up to seven years and fines reaching fifteen thousand dollars, plus civil liability for actual damages, punitive damages, and attorney's fees under Section 5725.

How should security teams document employee consent for audio-enabled surveillance in Pennsylvania workplaces?

Use written acknowledgment forms signed before deployment, incorporated into employee handbooks or standalone consent documents. Include clear language stating audio recording occurs, specific locations covered, and recording purpose. Retain signed forms centrally and update consent when coverage areas expand.

Does Pennsylvania's Breach of Personal Information Notification Act (BPINA) cover biometric data or video footage collected by security cameras?

No. BPINA applies only to a resident's name combined with specific sensitive identifiers like Social Security numbers or financial account credentials. Raw video footage and biometric identifiers fall outside BPINA's statutory definition of personal information.