Guidance to support school pupil/student image security

Appropriately managing images and videos on a school website is essential to maintain a professional and secure online presence whilst mitigating opportunities for misuse. Ensuring that media is carefully selected, appropriately captioned and compliant with local policies helps to protect pupils, students and staff against unauthorised sharing or manipulation.

Clear expectations, consent procedures and thoughtful content curation are vital in promoting your organisation’s values, celebrating success and engendering trust within the community. By managing content responsibly, schools, colleges and other organisations can effectively showcase achievements whilst mitigating potential risks.

Developed by the Professionals Online Safety Helpline (POSH) and colleagues from the UKCIS Early Warning Working Group, the guidance below is intended to reflect best practice when considering how to manage image and video content on your organisation’s online platforms such as the school/college website and/or social media presence.

Evidence (1) tells us that Schools and Colleges are typically strong in their approach to managing images and videos.  However, whilst new and emerging technologies bring a wealth of benefits for education, the potential misuse of these means it is clear that we must remain vigilant to a range of threats.

To support colleagues with their approach, the following guidance has been developed to provide some useful considerations that will help to mitigate potential risks and support best practice.  Whilst some actions such as website changes will understandably require the support of technical expertise, there are also a number of practical actions that can be taken.

Whilst the above steps are not exhaustive, they will help to guide you in your approach.  By adopting these measures, schools can continue to celebrate student achievements whilst prioritising their safety and privacy in an increasingly digital world.

EXIF (Exchangeable Image File Format) is a format used to store information (8) (metadata) about something.  In relation to images, metadata includes information such as the date and time of when an image was taken, where it was taken and information about the device used. 

When uploading such images to public platforms, it is important to ensure that this metadata is removed – whilst some platforms may automatically do this, the following steps are provided as a means to check and remove EXIF data as part of your approach to data security.

Whilst these steps do not prevent someone from harvesting images on public platforms, it is a useful step in ensuring associated metadata (9) is kept to a necessary minimum. 

(1) 360 Safe School Self-Review, Policy & Practice Assessment 2024: https://swgfl.org.uk/research/england-schools-online-safety-policy-and-practice-assessment-2024
(2) SWGfL Social Media Checklists: https://swgfl.org.uk/resources/checklists
(3) HwB: Practices and principles for schools’ use of social media: https://hwb.gov.wales/keeping-safe-online/welsh-government-guidance/practices-and-principles-for-schools-use-of-social-media
(4) UKCIS How to Respond to an Incident (Overview): https://www.gov.uk/government/publications/sharing-nudes-and-semi-nudes-advice-for-education-settings-working-with-children-and-young-people  
(5) SWGfL Online Safety Policy Template: https://swgfl.org.uk/resources/online-safety-policy-templates
(6) Internet Watch Foundation: https://www.iwf.org.uk/en/uk-report/
(7) Professionals Online Safety Helpline: Online Safety support for professionals working with children and young people https://saferinternet.org.uk/professionals-online-safety-helpline
(8) Also consider whether any Alt-text (brief descriptions of an image often used to support accessibility) may contain identifiable information.
(9) Third-party tools may offer additional options to further remove EXIF data