How to deal with illegal images appearing on IT systems

IT managers may be required to handle suspected illegal images or illicit and inappropriate photographs that have appeared on the organisation's computer systems or networks.

Without a proper understanding of the law, you can incriminate yourself despite having the best intentions. Child porn, for example, is a very sensitive area and has led to some high-profile arrests. Any investigations must be handled correctly by properly authorised members of staff...

The event may have happened because of a breach of security, or the behaviour of a worker. Innocent people may have been exposed to possible illegal or inappropriate images by accident whilst Internet browsing or opening email attachments. It is essential that adequate steps are taken to ensure that the organisation’s business reputation, worker integrity and general stakeholder (e.g. investors and customers) confidence remains adequately protected. Whilst all illegal images need urgent attention, workers can also find themselves on the wrong side of the law if they handle child abuse images simply by copying them with good intentions to a line manager.

illegal images

Otherwise, illegal images are just that - illegal images, but defining what are ‘inappropriate images’ is usually left to corporate culture, leadership, and staff policies and procedures.

What images are illegal?

Child sexual abuse (Protection of Children Act 1978, as amended, and the Sexual Offences Act 2003); Images are illegal which depict the following:

  • Criminally obscene adult content, including extreme sexual activity such as bestiality, necrophilia, rape and

What images are inappropriate?

With any organisational governance and compliance strategy, an understanding of business requirements and the markets in which an enterprise operates is essential. Inappropriate images are not necessarily illegal, but may be immoral or indecent. Some respected organisations (especially in heavily regulated sectors, including financial services) that allow access to inappropriate images could risk serious damage to reputation if the practice was to become public.

Report illegal images - reducing your liability

Step 1: Know the law

Child sexual abuse is governed by the Protection of Children Act 1978, as amended, and the Sexual Offences Act 2003. You also need to look at the Criminal Justice Act 1988 regarding indecent photographs of children

It is illegal to:

  • possess, distribute, show and make indecent images of children, and
  • Make indecent images of children, and includes viewing them on the Internet or downloading them.

A child is anyone under 18 years old.


The Sexual Offences Act 2003 (England & Wales) provides a defence to a person in an organisation who makes such a photograph or pseudo-photograph for the purposes of preventing, detecting or investigating crime, or for criminal proceedings. This will allow people with a legitimate role in knowingly investigating suspect images to report these to the Police without fear of prosecution.

Memorandum of Understanding

A Memorandum of Understanding between the Crown Prosecution Service (CPS) and the Association of Chief Police Officers (ACPO) helps to clarify the position of ICT professionals so that they will be re-assured of legal protection where they are acting to combat the creation and distribution of images of child abuse.


The law will not allow for vigilantism. Anyone taking it upon themselves to seek out or investigate this kind of material where there is no legitimate duty to do so will be liable to prosecution.


You can monitor your systems for lawful business purposes (e.g. training, security, quality assurance) so long as you inform stakeholders that monitoring takes place (Lawful Business Practice Regulations 2000).

The Information Commissioner considers covert monitoring as rarely justified. His Employment Practice Codes provide step-by-step guidance on when and how to undertake covert surveillance of a specific worker.

Right to privacy

A person also has a right to privacy and autonomy, even at work! Remember also that any personal information captured when monitoring is subject to data protection.

Step 2: Introduce an organisation-wide policy

The organisation must have a clear policy on how to deal with illegal and inappropriate images, and must specifically state:

  • Who is responsible for managing the policy;
  • What is acceptable use of all electronic devices that the organisation provides;
  • How the human resources / personnel team should deal with employees / workers found in possession of potentially illegal images at work;
  • What the whole company should do if a potentially illegal image is discovered and who within the organisation will deal with such matters

Step 3: Raise worker awareness

Policies and procedures are only effective if they are easily accessible and every worker is made aware of its contents. Some organisations may insist that a worker is sent a copy of the policy, acknowledges receipt, and confirms that it has been read.

Step 4: Dealing with incidents

a. Discovering a worker has been exposed to illegal images when Internet browsing

  • Report the suspect images to the Internet Watch Foundation (IWF) – the UK’s official Internet hotline for the public and IT professionals to report criminal online content in a secure and confidential way. This is best done by the company’s nominated officer;
  • Inform the IWF the location of the images, e.g. website URL;
  • DO NOT send image copies to the IWF;
  • Delete any image copies, e.g. in an email;
  • Always act promptly

b. Discovering illegal images on the company’s electronic devices

  • Designate a person or small team to deal solely with such matters on the company’s behalf;
  • Be strict in follow the company’s policy;
  • Report the images to the IWF for status confirmation, and, wherever possible, provide them with their Internet location. If this is not possible, the IWF will advise you on the best method for providing image copies which may include a discussion with the relevant Police force;
  • Where the relevant police force has requested you to store image copies, make sure that they are stored securely and with restricted access;
  • All other image copies must be deleted;
  • Always act promptly

c. Finding a worker in possession of illegal images on their company-provided electronic device

  • The person discovering the images must report the matter immediately to the company’s designated officer. This could be done under a company-wide whistle-blowing policy which also protects the innocent from any false allegations made against them;
  • The designated officer must take charge, taking into account his obligations and defence for copying illegal images. A copy should be made by the designated office as part of the swift preservation of evidence;
  • Contact the Police or Crimestoppers (not the IWF) immediately as soon as the copy images are made to discuss because the swift preservation of evidence is essential. If you are in doubt about whether the images are illegal, then discuss with the police the best way for them to receive copies to determine whether they are illegal or not. Discuss with the police what to do about the device that the images are on;
  • Quarantine the device in question and discuss with the police about checking for any other images on that machine;
  • Depending on your HR policy and initial discussion with the police consider temporary suspension of the worker pending investigation;
  • Be aware of your obligations under the Data Protection Act regarding the disclosure of your worker’s personal details (for example their home address);
  • Foreign workers who are discovered with images on their electronic device in a UK workplace should be reported to the UK police. Those working in their own country must be reported to their local police. UK legislation will not apply, but international agreements are in place which broadly deals with illegal images in the same way. This situation may arise, for example, where an organisation’s global systems and networks are controlled by IT managers based in the UK.

5. Prevention

You can take a number of measures to help prevent accidental access to potentially illegal images:

  • Anti-Spam software will help cut down on any emails promoting sites hosting potentially illegal images that may arrive as “spam”;
  • Firewalls will help prevent unauthorised access to your computer systems, and prevent someone from using them to store potentially illegal images;
  • Web filtering can help prevent accidental access to such images by workers.


Updated May 2014