Erased from the Web: The Fight Over a Child's Moment

What if your child's school stripped every identifiable pupil photo from its website and social media? Not because the school suddenly hated joy. Not because someone in leadership had declared war on sports day, jazz hands and smiling children holding laminated certificates. But because the safeguarding lead looked at the public internet and said, no, this is no longer safe enough. Then a parent complains. Their child won a sporting award. The photo was online. Now it has gone. The parent says the achievement has been erased. And that parent is not being ridiculous. Their child worked hard. They want the school to celebrate that. They want pride, not silence. Meanwhile, the marketing lead is looking at the website and thinking it now has the emotional warmth of a procurement portal. And the safeguarding lead is looking at the same website and thinking, yes, good, at least the children are not searchable by strangers with broadband and bad intentions. So who is right? Annoyingly, everyone. Which is exactly why this is worth 20 minutes. Welcome back to the Small Business Cybersecurity Guy. I'm Noel Bradford. With me today is Morvan MacLeod. Hello. And Graham Faulkner. Afternoon. And Lucy Harper. Hello. We take a messy scenario, the kind that lands on a desk at 9.15 with no clear answer, and we pull it apart. Today's scenario is simple. A school removes every identifiable pupil photo from its website and social media. A parent complains that their child's sporting achievement has been erased. The safeguarding lead and the marketing lead disagree about what to do next. And somewhere in the middle, probably with a cooling mug of tea, sits the headteacher. This is not a fake problem. Schools are under pressure to show community, success, inclusion and identity. Photos do that very well. But photos of children on the open web now carry risks that did not look the same five years ago. That matters because people do not experience this as a policy issue. They experience it as pride, fear, trust, anger and sometimes grief. A child wins something. A school removes the public record. A parent feels the child has been pushed out of the story. And the practical problem is that nobody can fix this with a single consent form. Consent helps. Policy helps. But neither of them turns the internet into a controlled environment. Exactly. The public internet is not the school notice board with nicer fonts. Noel, you told us you found a photo of yourself in a primary school play a while back. I did. And before anyone starts, yes, it was a real photograph. Was it in colour? Did schools have cameras then? Or did someone have to carve it into slate? This is the respect I get. Four decades in technology. And my own panel thinks I attended school with a sundial. But that is the point. That photo was private. Family box private, memory private, not searchable, scrapable, downloadable, and reusable by anyone with Wi-Fi and poor morals. Exactly. It is searchable. It is scrapable. It is copied. It is archived. It is fed into tools by people who do not care what your consent form said in 2022. So let's get into the mess. First, let's be fair to schools. Because this is not one of those episodes where we pretend everyone was stupid. Schools published pupil photos because it made sense. Parents liked seeing them prospective parents liked seeing happy children governors liked seeing evidence of a thriving school marketing teams liked proving the place was not just damp corridors and budget spreadsheets Photos are powerful because they show life a school can write five paragraphs about community or it can show one picture of a team celebrating after a match the picture wins it always wins. And there are legitimate school purposes here education community celebration recruitment, newsletters, events, trips, music, drama, sport. None of that is strange. None of that is sinister. But normal use does not remove duty of care. And this is where the Tammy Buchanan episodes matter. When we covered the Kido nursery breach with Tammy, it was not abstract compliance chat. It was children's data. It was photos. It was school and nursery systems holding intimate material that no criminal should ever get near. Tammy made the education reality very clear. Schools and early years settings hold far more than names and email addresses. They hold learning journeys, observations, photos, family context, medical details, and safeguarding clues. And they often use several platforms to do that. Some are mainstream school systems. Some are nursery platforms. Some are custom integrations built because someone needed two systems to talk to each other before Thursday. The second Tammy episode landed an even bigger point. Cyber security is now part of safeguarding thinking. not separate from it, not next to it, inside it. Which means this is not, can Dave from IT look at the website when he has finished arguing with the printer? It is a child protection decision with data protection wrapped around it. And once you see it that way, the question changes. It is not, will this photo make the website look warmer? It is, does this public image create an avoidable risk for a child? The problem is that most schools built their image practice for an older web, A web where publishing a photo meant putting it on a page and hoping parents saw it. Now, publishing a photo can also mean feeding a permanent data trail. Face, uniform, badge, team, location, date, peers, achievement, routine. That is not just a picture. It is context. And context is the bit people forget. A head and shoulders picture is one thing. A child in uniform, named in a match report, linked to a school, tagged on a platform, and archived forever is another. At that point, you have not published joy. You have published a small dossier with bunting around it. That is where the parent complaint gets complicated, because the parent is reacting to the removal of pride. The school is reacting to the exposure of identity. Both are emotional. Both are valid. The mistake is treating one as caring and the other as cold. Safeguarding is not an attack on celebration. It is the frame that lets celebration happen without creating avoidable harm. Which sounds very grown up. So let me translate. The answer is not to hide every child in a cupboard. The answer is to stop behaving like public social media is a harmless scrapbook. We need to talk about consent, because this is where schools often feel safer than they are. The logic goes like this. We had parental consent, therefore the image is fine. That is too thin. Consent is not a magic cloak. It does not make the dementors go away. And it does not remove the technical reality. Once an image is public, the school loses meaningful control. It can be copied. It can be cached. It can be scraped. It can be downloaded. It can be reposted. It can be used in a context nobody agreed to. There is also the child. A parent can give permission when a child is six. That child may feel very differently when they are 12, or 16, or applying for something later. Children grow into their own privacy expectations. UK data protection rules do not say schools can never use pupil photos. That is not the point. The point is that schools need a lawful basis. They need transparency. They need a purpose. They need retention rules. They need a way to manage objections and withdrawal where that applies. And they need to consider risk. Which means the form at the start of term is not the end of the job. It is the start of the paperwork. Different beast. The school also needs to know where the images are. Website pages, news posts, PDF newsletters, Prospect Disease, Facebook, Instagram. X if anyone has not yet prized the login details from 2019 out of a departed staff member. Every school has one of those accounts. It was set up by someone enthusiastic. They left. The password is probably still the mascot name and the year of the summer fair. This is why parents get frustrated too. They often hear a blunt rule. No photos, no names, no exceptions. But nobody explains the risk. Nobody says, we are still proud of your child. We are changing how we show it. That sentence matters. We are still proud of your child. We are changing how we show it. That may be the whole episode in two lines. Now let's deal with the awkward bit. Some people will say this is paranoia. They will say we have always put school photos online. They will say nothing bad has happened, which is the classic security argument used five minutes before something bad happens. The risk has changed. Not because children changed. Not because schools changed. Because the tools around the images changed. Scraping is easier. Image search is better. Facial matching is stronger. Generative AI tools can alter images at scale And criminals do not need a sophisticated operation to misuse public material The emotional impact is the part people should not minimise If a child's ordinary school photo is misused, the damage is not ordinary It can become fear, shame, bullying, blackmail and trauma Even when the original image was innocent. This is where the phrase public image starts to sound too gentle Public means anyone, not parents, not the local community. Anyone, including the absolute pond life, who should not be allowed near a keyboard, never mind a child. There is also a safeguarding layer that has nothing to do with AI. Some children must not be identifiable online for family, legal or safety reasons. Some families have complex circumstances. Some risks are not visible to the marketing team. A single missed image can matter. Remember, that was also the human thread in the TAMI conversations. The breach story matters because it was not just data leaving a database. It was children becoming exposed through systems adults were trusted to manage. And that is why I get twitchy when someone says, it is only a photo. It is never only a photo when the subject is a child. And then there is metadata. Modern phones and cameras can store details inside image files, dates, device information, sometimes location data. Good platforms often strip some of it, but relying on often is not a control. Never build policy on the word probably. Probably is where risk goes to buy a small hat and pretend it is governance. The school also needs to think about cumulative exposure. One image might look harmless. Ten years of posts are different. Sports teams, trips, names, awards, dates. A child can become very visible without anyone making a single dramatic mistake. This is why the argument should not be, are photos safe or unsafe? That question is too crude. The better question is, what is the minimum image exposure needed to achieve the school purpose? And can we meet that purpose in a safer way? Exactly. Because if the answer to showing school community is always publish the faces of children on the open web, then the problem is not safeguarding. The problem is lazy marketing. So here is the decision point. The parent is not wrong to want celebration. The marketing lead is not wrong to want warmth. The safeguarding lead is not wrong to reduce public exposure. The school is wrong only if it turns this into a fight between caring and hiding. The answer is not silence. The answer is safer celebration. And that means explaining the decision to parents in human language. Then backing it with real process. Which sadly means fewer vibes and more grown-up controls. I know. Appalling. Let's start with the parent, because this can go wrong very quickly. A defensive response will sound like the school is saying, your complaint is inconvenient, or worse, your child's achievement is less important than our policy. Which is how you get a furious email chain, three WhatsApp groups, and a governor asking why everyone is shouting. The school should acknowledge the feeling first. Something like this. We understand why you are upset. Your child's achievement matters. We are proud of them. We have not removed the achievement. We have changed how we share it publicly. That keeps the door open. It does not apologise for the safeguarding decision. It explains the intent. Then offer alternatives. A named achievement without a face. A team photo from behind. A cropped image of the trophy. A school crest and match result. A private parent portal post. A printed display inside school. A newsletter with controlled circulation. And before someone says, but that is not the same, yes, correct. It is not the same. That is the point. Safer often means less convenient, less shiny and less instantly gratifying. But it should not mean invisible. The school must avoid making children feel that safety means silence. It can still celebrate them. It just needs to stop assuming the whole planet needs access to the celebration. A good response should also make the boundary clear. We will not republish identifiable pupil images on open platforms unless the image has gone through our review process. That review must consider consent, safeguarding, purpose, age of the child, context, naming, retention and platform risk. In other words, no, Dave, we are not sticking it back on Facebook because you used capital letters. Also, do not make this a one-parent exception. Exceptions are where policy goes to die. If the school makes one emotional exception, it creates pressure for the next one. Then the policy becomes theatre. And compliance theatre is my least favourite theatre. Worse than Panto. And at least Panto knows it is ridiculous. Now, marketing. Because if the safeguarding lead simply says no photos ever, the marketing lead will quite reasonably ask what the hell they are supposed to use. Schools cannot communicate like an insurance renewal letter. Parents need to feel the school. Prospective families need to understand the culture. Staff recruitment also depends on atmosphere. You cannot replace all human stories with clip art and a paragraph about values. But identifiable pupil faces are not the only way to show life. Use hands working on a project. Bye. Use a trophy on a bench. Use pupils from behind. Use wide shots where faces are not identifiable. Use artwork. Use empty classrooms after a project. Use staff voices. Use parent quotes with permission. Use animation. Use audio. Use good writing, which I appreciate is a radical concept. Thank you, Graham. Thoughts and prayers for all brochures currently saying nurturing environment on page one. The marketing lead should sit in the policy design, not receive the policy as a stone tablet. Safeguarding, data protection, IT, communications and senior leadership all need to agree the operating model. That avoids a culture of last-minute argument. The best schools will use this as a storytelling challenge. Tell the story of the achievement. Name the team if that is safe. Describe the moment. Use a quote from the coach. Photograph the muddy boots, the scoreboard, the medal, the empty pitch. That can be more interesting than another line of children holding certificates like hostages. Yes. Also, can we retire the certificate line-up? Every school has one. Children in a row. Adults at the side. Everyone looks like the photo happened during a small power cut. The other practical point is platform choice. Open website and open social channels are the highest exposure. A private parent portal has different risks. Printed internal displays have different risks again. The policy should separate public, controlled and internal Use And retention Old images should not sit online forever just because nobody has audited the news archive. A photo that was reasonable in 2018 may not be reasonable in 2026 The phrase we have always done it this way should trigger a small alarm, preferably one that plays the sound of a governance committee sighing Right, Monday morning, what does the school actually do? First, audit what is already public. Website, social media, PDF newsletters, prospect justice, old blogs, event pages, video channels. Assume forgotten content exists. Because forgotten content always exists, usually in a folder called final final new actual final. Second, classify images, public safe, public only after review. Controlled audience only, internal only. Remove. That gives staff usable choices. Third, define the review questions. Is the child identifiable? Is the child named? Does the image reveal school, location, team, routine or sensitive context? Do we have a lawful basis? Is consent being relied on? Can consent be withdrawn? Are there safeguarding restrictions? Is there a safer way to tell this story? Fourth, update parent communication. Make the policy readable. Do not bury it in six pages of legal fog. Explain what the school will still celebrate. Explain what it will no longer publish openly. Explain how parents can ask questions. Explain how children are heard as they get older. Fifth, fix the workflow. Who takes photos? Who approves them? Who posts them? Who removes them? Who removes them? Who checks metadata? Who reviews old content? Who owns the social media logins? And please, for the love of all that is mildly competent, put those logins in a proper password manager. Not a spreadsheet called social passwords. Not a sticky note. Not in the head of the one person who left in 2021 to become a yoga instructor. Sixth, train staff. Not with a terrifying one-hour lecture. Use simple examples. Show what is safe. Show what is not safe. Give staff a route to ask before posting. Seventh, review every year. Technology changes. Guidance changes. Children move through the school. Family circumstances change. A policy that never gets reviewed becomes wallpaper. And finally, keep celebration alive. If children experience this only as removal, the school has failed the communication. The message should be, we are proud of you and we are protecting you. Not congratulations, your achievement has been securely deleted for compliance reasons, because that would be bleak. Even by British school admin standards, The leadership decision is cultural. The school needs to decide what it believes public celebration should look like now. Not what it looked like when social media felt new. Not what the neighbouring school does. Not what gets the most likes. And leaders need to give staff cover. If a safeguarding lead removes images, the head should not leave them exposed as the fun police. If a marketing lead asks for workable alternatives, the head should not treat them as reckless. Both are doing their jobs. The worst model is informal negotiation after every event. Can we post this one? What about this child? What about the team photo? What about the county final that drains time and creates inconsistency? Also known as the British governance model of arguing beside the photocopier until someone gives up. A policy should make normal decisions boring. Boring is good. Boring means staff know what to do. Boring means parents get a consistent answer. Boring means children are not protected by luck. Security people love boring. Boring backups. Boring patching. Boring access control. Boring image policy. Boring is underrated. But the story cannot be boring. The way the school explains it needs care. Parents need to know this is not about hiding children. It is not about shame. It is not about making the school look empty. It is about protecting children while still recognising them. The school should publish a simple statement. We celebrate pupils. We use images carefully. We avoid identifiable public images, where safer alternatives work. We use controlled channels for more personal sharing. We review images before publication. We remove old content when it no longer meets our standard. That is clear. It is humane. And it is a damn sight better than pretending this is just a consent checkbox with a school logo at the top. So, back to the question. What should the school do next? It should not republish the identifiable photo just to calm the complaint. It should not tell the parent to go away and read the policy. It should not let safeguarding and marketing fight in a cupboard until someone resigns. It should hold the safeguarding line. It should explain it properly. It should offer a safer way to celebrate the achievement. It should review the image policy with marketing, data protection, IT and leadership in the room. It should say to the parent, your child has not been erased. Their achievement still matters. We are changing the public record because the online risk has changed. Let us work with you on a safe way to celebrate them. Then it should do the boring practical work. Audit images, review platform, strip metadata, control logins, Define approval. Train staff. Review annually. Here is the line I would put on the wall. A school can celebrate children without turning children into marketing assets. That is the bit. Because this is not about hiding community. It is about understanding that community does not need to be handed to the whole internet with a search box attached. The question for leaders is simple. Do we need this image to be public? Does the child need to be identifiable? Does the name need to be included? Is there a safer way? And the question for parents is just as important. What do you want the school to protect as well as celebrate? Because those two things belong together. If your policy cannot answer that, it is not finished. And if your only marketing plan is to publish children's faces on the open web, your marketing plan needs a bloody word with itself. That is it for this What If Wednesday. I have been Noel Bradford. I have been Moven McLeod. Dwayne Faulkner. Lucy Harper. Ask the awkward question before the internet answers it for you. See you next time. Right, before we let you go completely, let's have a quick chat about the boring but necessary legal bits. Don't worry, I'll make this as painless as possible. First up, and this is important, everything we've said today represents our own personal opinions and experiences. These views are ours alone and don't represent any organisation we work for, any employers, advertisers, sponsors, or anyone else who might be connected to the show. When we're giving you advice or sharing our thoughts, that's coming from us as individuals, not speaking on behalf of anyone else. Everything we've talked about today is for general guidance. It's meant to point you in the right direction, but it absolutely shouldn't be treated as professional advice tailored specifically to your business. Your situation is unique. What works brilliantly for a Birmingham bakery might be completely useless for a Manchester marketing agency. We do our very best to keep everything accurate and current, but let's be honest here. The cyber security world moves faster than a caffeinated squirrel being chased up a tree by Marvin's Jack Russell. Things can change between when we record and when you're listening, so always double-check critical technical details with qualified professionals before you go making major changes to your systems. If we've mentioned any websites, products or services, we're giving you information, not necessarily giving them our seal of approval. We can't be responsible for what happens on their end or if things go sideways when you use them. Some things we recommend might involve affiliate partnerships. We'll always flag those when they come up because transparency matters. Now, if you're dealing with serious cybersecurity incidents, actual data breaches, or gnarly legal compliance issues, please talk to proper professionals, rather than just relying on podcast advice. We're here to educate and help you understand the landscape, not to replace your security consultant, solicitor, or IT team. This has been a Small Business Cybersecurity Guy production. Copyright 2025. All rights reserved. We'll, be right back. and join the.