IWF News:  
Fri, 29th August, 2008
 
Homepage > Public Area > IT & HR Professionals > FAQ's
 

Frequently Asked Questions

We have tried to anticpate any questions you may have about this issues raised in this campaign.  However, if you are unable to find the answer to your question either within these FAQ's or elsewhere on our web-site, please do not hesitate to contact us at wipeitout@iwf.org.uk

  1. Should our company have an Internet Use Policy?

  2. What should an Internet Use Policy include?

  3. Why should we have a specific section within our Internet Use Policy or a separate policy entirely, relating to indecent images of children?

  4. When should we report to the IWF and when should we report to the police?

  5. I’m not sure I understand what the ‘conditional defence’ referred to in the Sexual Offences Act legislation means to me?

  6. My IT team do not wish to view potentially distressing images in order to ascertain whether they are indecent images of children or other types of potentially illegal content, can we report them to the IWF for consideration?

  7. If our IT teams decide they are willing to assess internet content on company servers and PC’s, should they undergo any type of training in order to deal with potentially indecent images of children they may be exposed to, accidentally or deliberately?

  8. It has been noticed that an employee has been downloading a significant amount of images, are we legally entitled to look at those images to see if they are breaching company misuse policies?

  9. If we review suspects images and they breach company misuse policy but are clearly not illegal, what is the appropriate course of action?

  10. If we review suspect images and they are not indecent images of children but could still be potentially illegal, what is the appropriate course of action?

  11. If we do review suspect images and they do appear to be indecent images of children, what is the appropriate course of action?

  12. An employee has complained of receiving an email through the work email system that we believe advertises a website containing indecent images of children, what should we do?

  13. An employee has complained of receiving an email through their personal web based email system (i.e. hotmail), that we believe advertises a website containing indecent images of children, what should we do?

  14. We have discovered potentially indecent images of children on our servers, but we are unsure as to who has been downloading them. What should we do?

  15. We have found images of what we believe to be indecent images of children on an employees PC, What should we do? Should we email these images to the IWF and if so to whom? The web reporting page does not seem to allow us to do this.

  16. I have found indecent images of children on our company servers and they have been deliberately saved onto an employees electronic device, what is the appropriate course of action?

  17. An employee has been reported to management by a colleague who suspects them of downloading indecent images of children. What should we do now to confirm or deny this allegation?

  18. We have found pornographic text stories that contain descriptions of child abuse on an employees PC, is this illegal and what is the appropriate course of action?

  19. An employee has been surfing sex sites on work PC’s, but out of hours. We don’t know if they contain illegal images, but we are unsure what to do next.

  20. Is it illegal for our employees to view “glamour” shots on-line? Many of our staff regularly visit FHM, the Sun and similar web-sites which contain such glamour shots.

  21. If a person reports that they have pop-ups of potentially indecent images of children occurring on their PC, will they have been visiting that type of site, which has then delivered the pop-ups, or are there other explanations?

  22. An employee with a wireless lap-top claims that that they were unaware of images found on their machine. Is it possible that the lap-top could have been “hijacked”?

  23. Are any other management or personnel liable if they discover indecent images of children on a company PC or discover an employee has been viewing indecent images of children on a company PC and take no action?

  24. If I report instances of indecent images of children to the IWF, how do I know they won’t report me to the police?

  25. We provide our employees with machines to use at home and they can connect into the company intranet. If they are use those machines for viewing indecent images of children or other illegal content,  what is the company’s liability?

  26. An employee has been using the company systems to send out SPAM emails, should we report this to the IWF?

 
Should our company have an Internet Use Policy?
 
Yes.
 
For the benefit of both employer and employee you should have a written policy in place which clearly explains and defines acceptable terms of use of the internet and of corporate equipment; PC’s, laptops & handheld devices both in and out of office hours.
 
There are various legal issues and risks which arise from allowing employee’s use of internet and email including; type of internet content which maybe accessed, internet copyright law and other intellectual property issues, defamation and confidentiality, use of emails & disclaimers.
 
By having a policy in place everyone is aware of and understands what is acceptable and the implications for transgression. It allows organisations to protect themselves should an employee contravene any aspect of the policy and it ensures employee’s are aware of the proper conduct expected of them, when their rights of privacy apply and when, how and why their PC use might be monitored.
 
The policy should be explained to all staff, existing and new, on a regular basis.
Senior Management personnel who may ultimately be held liable if a breach in the policy occurs, should also be aware of and fully understand the company’s Internet Use Policy.
Back to top
 
What should an Internet Use Policy include?
 
The IWF cannot advise you on specific policy inclusions and we recommend that you seek appropriate legal and HR advice.
Back to top
 
Why should we have a specific section within our Internet Use Policy or a separate policy entirely, relating to indecent images of children?
 
Indecent images of children under the age of 18 are illegal.
 
Section 160 of The Criminal Justice Act of 1988 made the simple possession of indecent photographs of children an offence. This is an Arrestable Offence carrying a maximum sentence of 5 years imprisonment.
 
Making an indecent image of a child is a Serious Arrestable Offence carrying a maximum sentence of 10 years imprisonment.
Note: The term "make" includes downloading images from the Internet and storing or printing them out.  R v Bowden (J) 1999.
 
Click here for more information on the law.
 
You should have a clause within your Internet Use Policy or a separate policy which relates to the relevant legislation. The new Sexual Offences Act 2003 allows you to implement procedures specifically for dealing with these types of criminal images in the workplace, so there is no viable justification not to adopt an appropriate procedure.
 
Such a policy should:
 
Indecent images of this nature reflects hands on abuse of real children.
 
Dealing with these images in the appropriate manner protects your company & your employees. It sends a message of zero tolerance of child abuse & exploitation and promotes company Corporate Social Responsibility.
Back to top
 
When should we report to the IWF and when should we report to the police?
 
It is important to be aware that the IWF deals specifically with content and not suspects.
 
It is the role of the police to deal with suspect individuals.
 
This means that if an employee is downloading indecent images of children from the internet, then you should report the URL's to the IWF and the police should be informed of the employees activities.
 
If an employee has saved indecent images of children, downloaded from the internet to a folder on their electronic device, then you should inform the police immediately, taking care to preserve the evidence that you have discovered.
 
If any internet location information such as a URL or newsgroup name is available you should report that to the IWF.
 

Back to top

I’m not sure I understand what the ‘conditional defence’ referred to in the Sexual Offences Act legislation means to me?
 
If, in your professional role, through monitoring internet use or company servers, you are at risk from accidental or deliberate exposure to potentially indecent images of children, you are now protected if you view those images which may be illegal, in order to report them to a relevant authority (the police or IWF) in order for them to be assessed and potentially used in a criminal investigation.
 
Prior to the Sexual Offences Act 2003, if you viewed these images accidentally or on purpose, for the purpose of work, you would have been in breach of the law.
 
This piece of legislation has been designed to afford you some protection to report these criminal images. The MoU outlines this in more detail.
Back to top
 
My IT team do not wish to view potentially distressing images in order to ascertain whether they are indecent images of children or other types of potentially illegal content, can we report them to the IWF for consideration?
 
We fully understand the reluctance of your team to view these images.
 
If the suspect images are contained within a website, newsgroup or similar please report them to the IWF.
 
If the suspect images are saved to an electronic device, please do not send them as email attachments. Contact the IWF who can advise the best course of action.
Back to top
 
If our IT teams decide they are willing to assess internet content on company servers and PC’s, should they undergo any type of training in order to deal with potentially indecent images of children they may be exposed to, accidentally or deliberately?
 
It is not necessary for anyone in your IT team to make such judgements if they do not wish to. The IWF and the police will do this. If you do wish to implement some training on this, then you should contact your local high tech police department and discuss it with them. You should also consider putting in place appropriate counselling services for your team, should such images be found.
Back to top
 
It has been noticed that an employee has been downloading a significant amount of images, are we legally entitled to look at those images to see if they are breaching company misuse policies?
 
Under Section 46 of the Sexual Offences Act 2003, you are legally allowed to view images to make a decision as to whether you believe they could be indecent images of children. However, if you discover such images, you must inform the police or a “relevant authority” such as the IWF, within a reasonable time frame.
 
You should also consider company policies regarding:
 
These should be clarified and explained to all existing and new staff who have internet access.
Back to top
 
If we review suspect images and they breach company misuse policy but are clearly not illegal, what is the appropriate course of action?
 
If the images are clearly not illegal, it will be up to your own disciplinary regulations as to what course of action you follow. The police and the IWF will not get involved.
Back to top
 
If we review suspect images and they are not indecent images of children but could still be potentially illegal, what is the appropriate course of action?
 
If you suspect the images or content are not indecent images of children but could potentially be criminally obscene or criminally racist, you should forward the URL’s where the content was found, to the IWF for action.
 
If the content was illegal under UK law, then the IWF will make a report to the police concerning the web-site. The IWF can provide you with a report as to whether the content was illegal under UK laws. Following that report you can decide under your disciplinary regulations as to what course of action you follow. It is not illegal in the UK to “possess” or “make” images of a criminally obscene nature, nor is it illegal to possess content that is criminally racist, however it is illegal to distribute these types of content.
Back to top
 
If we do review suspect images and they do appear to be indecent images of children, what is the appropriate course of action?
 
It is important to be aware that the IWF deals specifically with content and not suspects.
 
It is the role of the police to deal with suspect individuals.
 
This means that if an employee is downloading indecent images of children from the internet, then you should report the URL's to the IWF and the police should be informed of the employees activities.
 
If an employee has saved indecent images of children, downloaded from the internet to a folder on their electronic device, then you should inform the police immediately, taking care to preserve the evidence that you have discovered.
 
If any internet location information such as a URL or newsgroup name is available you should report that to the IWF.
 
Back to top
 
An employee has complained of receiving an email through the work email system that we believe advertises a website containing indecent images of children, what should we do?
 
If the email has come from a SPAM (unsolicited email), then you should delete any copies of the email and quarantine a single copy, this can then be passed to the IWF through their reporting page at www.iwf.org.uk/reporting.htm. Once this has been done, delete the quarantined email. You should also review your SPAM filters to ensure that they are up-to-date and are aware of the latest SPAM messages. If the email has not come from a SPAM, but from an individual, then you should report this to the police immediately.
Back to top
 
An employee has complained of receiving an email through their personal web based email system (i.e. hotmail), that we believe advertises a website containing indecent images of children, what should we do?
 
If the email has come from a SPAM (unsolicited email), then you should delete any copies of the email and quarantine a single copy, this can then be passed to the IWF through their reporting page at www.iwf.org.uk/reporting.htm. Once this has been done, delete the quarantined email. If the email has not come from a SPAM, but from an individual, then you should report this to the police immediately. You should consider your company policy as to the use of personal web-based email systems on corporate machines.
Back to top
 
We have discovered potentially indecent images of children on our servers, but we are unsure as to who has been downloading them. What should we do?
 
You should quarantine the images immediately in a secure location, delete any copies you find and then contact the police immediately.
Back to top
 
We have found images of what we believe to be indecent images of children on an employees PC, What should we do? Should we email these images to the IWF and if so to whom? The web reporting page does not seem to allow us to do this.
 
Please do not email any images to the IWF.
 
If you are concerned about images which are found to be saved onto a PC, contact the police.
 
The IWF reporting page only allows you to report URL’s, newsgroups and other online areas you suspect contain indecent images of children as we deal solely with internet content. You are not able to send individual images or attachments through this service for this reason.
Back to top
 
I have found indecent images of children on our company servers and they have been deliberately saved onto an employees electronic device, what is the appropriate course of action?
 
You must be careful to ensure that you do not tamper with the evidential chain.
Make sure that copies of the images are quarantined and then contact the police, who will advise you on how best to proceed.
Back to top
 
An employee has been reported to management by a colleague who suspects them of downloading indecent images of children. What should we do now to confirm or deny this allegation?
 
Do not jump to conclusions. It is possible that images that may have been seen by a colleague could have got onto a PC inadvertently, through email or SPAM.
 
If you can, you should check your logs of internet use. If this is inconclusive, you should ask permission to view the contents of the PC in question.
 
You should try to avoid taking immediate punitive action, such as suspension or dismissal.
 
If you find URLs that you suspect may contain indecent images of children, you can report them to the IWF.
 
If you find indecent images of children saved onto the PC, you should impound the PC immediately and quarantine it and then alert the police. Do not try to look for more evidence as you may contaminate the machine.
Back to top
 
We have found pornographic text stories that contain descriptions of child abuse on an employees PC, is this illegal and what is the appropriate course of action?
 
It is not currently illegal in the UK to possess stories that depict child abuse. However, it should be a cause for concern, you may wish to provide such information to the police and consider this within your company policy on internet use.
Back to top
 
An employee has been surfing sex sites on work PC’s, but out of hours. We don’t know if they contain illegal images, but we are unsure what to do next.
 
You should refer to your company Internet Use policy regarding use of corporate equipment.
 
If you believe the sites may contain indecent images of children or other illegal content you should report the URL’s to the IWF for assessment.
Back to top
 
Is it illegal for our employees to view “glamour” shots on-line? Many of our staff regularly visit FHM, the Sun and similar web-sites which contain such glamour shots.
 
It is not illegal for UK citizens to view “glamour” shots of models over 18 years of age. FHM, The Sun and similar online publications adhere strictly to the law and as such, content on these sites will not be illegal.
 
You may want to consider whether it is appropriate for employees to view such sites in the workplace and as such, whether they should be included as part of your Internet Use Policy.
Back to top
 
If a person reports that they have pop-ups of potentially indecent images of children occurring on their PC, will they have been visiting that type of site, which has then delivered the pop-ups, or are there other explanations?
 
SPAM emails can carry scripts that write directly to your users PC that can deliver pop-up web-pages of pornography sites and in some cases websites containing indecent images of children. Additionally, PC’s that are not on a secure network can be hijacked and such pop-ups can occur.
 
Please report URL’s you suspect to contain indecent images of children to the IWF.
Back to top
 
An employee with a wireless lap-top claims that that they were unaware of images found on their machine. Is it possible that the lap-top could have been “hijacked”?
 
This will depend on the type of connectivity you allow the user to make. If you have open access to the internet, then such “hijacking” is possible. However, if you use a secure internet service or use appropriate encryption and firewall technology, then such hijacking is highly unlikely. Your technical support personnel or department should be able to advise accordingly.
 
Are any other management or personnel liable if they discover indecent images of children on a company PC or discover an employee has been viewing indecent images of children on a company PC and take no action?
 
Potentially, yes.
Through inaction the company could be considered culpable if such a crime is committed under Section 3 of the Protection of Children Act 1978 and a court ruled that this was attributed to neglect on part of the organisation.
 
The central point to remember is that indecent images of this nature reflects hands on abuse of real children.
 
Dealing with these images in the appropriate manner protects your company & your employees. It sends a message of zero tolerance of child abuse & exploitation and promotes company Corporate Social Responsibility.
 
Not reporting these images condones criminal offences of a paedophilic nature.
 
If I report instances of indecent images of children to the IWF, how do I know they won’t report me to the police?
 
The Sexual Offence Act 2003 provides a conditional defence if you have been viewing indecent images of children because of the nature of your job as an IT professional or similar and if you have reported the images to the IWF or the police within a “timely” manner (see the MoU for further clarification).
 
Additionally, you may report all such instances anonymously if you wish.
 
There is also a disclaimer on the reporting form:
 
“We will keep your contact details strictly confidential. If you prefer to remain completely anonymous you can do so, but we will not then be able to give you feedback about the reported material and what happened about it. For that we need some contact details, including an email address.
 
If you submit your details they will be recorded on the IWF database for 3 months to allow us to contact you with an update.

They will then be deleted in accordance with the Data Protection Act. Your details will not be disclosed to 3rd parties without your permission.”
 
We provide our employees with machines to use at home and they can connect into the company intranet. If they are using those machines for viewing indecent images of children or other illegal content,  what is the company’s liability?
 
The company should have a suitable policy in place to cover out of office working. However, if the company does not provide the internet connectivity, nor the security arrangements for that PC, then whilst liability is severely reduced it could still be an issue.
 
An employee has been using the company systems to send out SPAM emails, should we report this to the IWF?
 
The distribution of SPAM emails in the UK is an offence under the EU Directive 2002/58/EC on Privacy and Electronic communications, which was enacted into UK law in December 2003. If the content of the emails directs users to potentially illegal web-sites, then the IWF can consider the url’s and act accordingly. The police should always be informed of any such activity by an individual or group of individuals.
 
 
Why are the IWF authorised to give information on this subject?
 
The IWF is the only recognised “authority” other than the UK police that is allowed to consider indecent images of children for breaches of the law. Having been established since 1996, the IWF has built up a reputation of trust, cooperation and expertise that is recognised throughout industry, Law Enforcement and Government, which ensures that the IWF’s integrity and analysis is considered to be of the highest order.
 
The IWF has created a wealth of specialist knowledge which it provides to its various stakeholders in ensuring the safety of UK citizens. Through the work of the IWF and its stakeholder, the amount of UK hosted child abuse content has dropped from 18% in 1997 to less than 1% in 2004.
 
Glossary of Terms
 
‘Indecent image of a child’
This refers to any images of children, apparently under 18 years of age, involved in sexual activity or posed to be sexually provocative.
Other terms commonly used to describe these images are: ‘child abuse images’, ‘illegal images of children’, ‘child pornography’ or ‘child porn’ and ‘kiddie porn’.
 
‘Make a report to the IWF’
This refers to completing the step-by-step reporting form which is accessed via the IWF website www.iwf.org.uk  Reports can only be submitted this way.

Page Created: Fri, April 22nd, 2005
Page Modified: Wed, September 6th, 2006

Back to Top