Although as a parent (or more generally, a person who tries to think things through) I think I would push back on cameras in bedrooms/bathrooms regardless.
And yes, the key thing about systems is that the owner should be notified when new accounts are added, maybe get a monthly report of users on the system, and more. Full audit trails of every configuration option too. I don't know if ADT have centralised access to accounts or if they're managed within the home only - but duplicate email addresses on multiple home installs could be flagged and investigated as well. I.e., basic business reports could have found this issue far earlier, but nobody thought that an employee would actually be tempted by the thought of some sneaky voyeurism?