Should your image be private?

I have been involved in a project  to provide  ID cards across the 7,000ish staff we have. This is a whole saga in itself and at first glance nothing to do with the web, but a very significant part of the project has come up with web related  issues – or at least Intranet related issues.

Because our new ways of working projects provide ‘touchdown points’ across the county where people can go into work , there is a need to prove who you are when you turn up at an office you have never been to before. ID cards with pictures, micro-print, Braille and other security devices cover this fairly successfully but what happens if someone turns up without a card or with one that looks a bit dodgy?

GEORGE, our intranet, has a people finder which is being populated with staff data and part of that data is the use of the card pictures. That way the receptionists in our buildings can check on people finder to decide whether to let the non card holder or the dodgy card holder in or not.

GEORGE is only available as an internal tool but there has been  a very small number, not much more than a handful, who have taken exception to their “Copyright Image” – their words – appearing on these pages. (I’m not at all sure ones image is ones copyright?) They are suggesting colleagues might copy them and do nefarious things with their image.

Of course we can disable the right mouse click with a piece of JavaScript – over 99% of our machines run JavaScript and all new machines are thus enabled,  so that prevents the simple ‘right mouse click and copy’ issue raised by some of this group. Even with that disabled there are other ways of copying the picture with the ability to do much the same as if you had right mouse clicked. So that’s a pretty pointless activity really.

The issue therefore is that as it is impossible to totally prevent these pictures from being copied – unless of course somebody out there knows different – should we allow folks to not have their picture on the intranet?

My vote would be to disallow opt out as I feel employees should partake in a security system designed to protect themselves as well as others.

The ‘protection of  privacy’ issue on an internal only system is, in my opinion, a ‘code of conduct’ issue, where the copying of images, and any misuse of those copied pictures,  should have some repercussions on the perpetrator. In my view to opt out because others may copy etc etc  shows an unhealthy  level of distrust in colleagues.

So the questions are …

  • Does anybody have staff pictures viewable on their internal systems?
  • If so, is it mandatory?
  • What do you do about dissenters?
  • Is your image your copyright?

Your views would be appreciated.


17 thoughts on “Should your image be private?

  1. At Plymouth we don’t show images on our Intranet – but then we don’t have a people directory either. If we did I think the general opinion would be that we should have images and the positives would outweigh the negatives. I personally would suggest that those people who have a good reason for not having their images shown can choose to ‘opt out’ (for example, staff working in covert or sensitive roles). I guess time will tell whether I am right…

  2. One reason for not going into the directory and having your picture published could be somebody may have a problem past and they would prefer, for that reason, to be private. Their fears of another member of staff publishing their image to the outside world are, in my opinion, real and reasonable; though I would argue the chances of that happening would be slight.

  3. I would agree with an opt-out approach, or perhaps the facility to your employees to manage their “profiles”. Presumably at the moment they are asked to keep their contact details up to date? Selecting or removing their picture as part of this process may resolve the issue, however, there would need to a caviat that “removing your image may restrict your entry to external buildings… etc”.

    I would think also that publication of the people directory data to a location outside of the organisations network would be against an information security and governance policy and so would most likely need to be managed in that context.

  4. We have a staff directory. Staff have their photograph taken when (or soon after) they are appointed. Photo is added with name, work location, work hours, email, phone extension, Service Unit etc. The same photo is used for the ID badge.

    In systems such as Sharepoint (we don’t have it yet), this goes a lot further with mini-bios, skill sets, interests and so on.

    On copyright, once a Council has taken a photo (presumably with permission and with the subject knowing its intent) then copyright in the image is vested in the Council. The staff member does not own the copyright.

    • Our people finder does all of what you say and has skill sets, bios, interests etc. If for example you are looking for 4X4 owners/drivers for emergency situations then searching for these amongst the staff is simple.

      People finder is moving towards more of an internal social network where the picture, details, etc will be part of peoples profile sort of Facebook like.

      Our working title for this social network interactive project is GEORGE-talk as it’s all about collaboration and sharing.

  5. Hmmm – my first reaction is to suggest that those so concerned about their picture need to grow up – there are bigger things to worry about.

    However, given that I know individuals who argue about whose desk is best positioned for the window I guess “grow up” won’t suffice.

    If an individual choosing not to have their photo in the system, then a blank screen or ID badge immediately draws attention to the fact and may actually serve to heighten interest in them rather than reduce it.

    I can see no reason for an opt out, and would argue that security ought to be the overriding issue.

    With regard to copyright, my understanding (not having consulted a lawyer) is that you can only claim copyright over items that have some artistic value, therefore a photo of your face can be subject to a copyright claim, but your face itself cannot.

  6. We had the same problem when I worked on our staff directory. We integrated it with the ID card system and found that we got a fair amount of people that weren’t happy with their images being displayed on an internal, secured intranet. I dismissed any attempts at protecting the image using code because it can easily be circumvented with a simple tap of the Print Screen button and then pasting the screen grab into Photoshop, Ms Paint or an email. Instead we opted for a very basic level of protection that will stop most users from copying the image, but not anyone with basic computer skills.

    The majority of our complaints came from education, arguing that their images could be used for nefarious means. I think some teachers even went as far as complaining to their union, however a decision was made at a high level to not allow opt-outs for many of the reasons you have already put forward. I’m not denying that there are grounds for having an opt-out but it is my opinion that we should trust our (already authenticated) intranet users to act responsibly rather than expecting them to do the wrong thing. It is 2010, and we are surrounded by cameras every minute of every day from CCTV to camera phones.

    If I remember correctly our DPA officer said something along the line of: in our case they have already consented to us using their image by having an ID card so unless they could successfully argue that using their image would pose a serious risk to their health and wellbeing it is up to the data controller (we, the council) to decide how to use the information as it isn’t considered sensitive.

    We’ve had our directory in place a few years now and we hardly get any complaints now, and when we do its usually somebody complaining about a bad photo, wanting a new one. Unfortunately we’ll likely have to revisit this all over again when the intranet is redesigned in the near future.

    • We have disabled the right mouse click to stop the simple right mouse click and paste option. And of course there are other options that can do this but disabling the right mouse click seems to have placated some people – or perhaps getting us to do something was all they wanted in the first place.

      We are not including education in this yet. That joy is to come.
      The rest of your points are really useful too . Thanks.

  7. This feels like an extension of the name badge argument i.e. staff in council offices objecting to surnames appearing on badges as they allow the public to identify them. I know that you don’t have copyright on your appearance – a photo of me once appeared in a public exhibition and I failed to get it removed. The photographer will have copyright on the image. We do have photos of staff on our intranet but not all staff, in context of information about service areas, not in a directory and not mandatory.
    I think your proposal is a very efficient extension of the ‘George’ functionality and agree that any mis-use of images should be a disciplinary/code of conduct matter and no opt-out should be allowed.

  8. Disabling right click only really works on IE based machines so that is not a real solution.
    People should have the ability to opt-in, positive action as opposed to a negative action.
    I can only assume that not everyone will be able to move freely around the county so not everyone needs to have their picture on George. Maybe it is a condition of this privilege that a photo stored on George is a requirement.

    If people are really worried about their image, just do the typical headshot, passport, picture then put a visible water mark on the image. Most people won’t take the time to try and fill in the watermark. This will at least allow you to know where people are getting the picture from if they mean harm and you can remove the pictures if it becomes an issue.

    There are many other ways to try and stop people from getting the image but last time I checked you can’t stop people doing a print screen and getting the image that way.

    I agree thought that your face, body, image is your property and you have the right to choose how it used.

    • As it happens over 99% of our machines are ie. There are a handful of MACs in the design area.
      We have given the watermark some thought too though still not certain.
      We are thinking that there will have to be a really good reason for not having the picture on People Finder, so good a reason in fact it may reduce the numbers who don’t down to less than a handful and those unhappy few would then stand out. I have a view that if their reason is strong then perhaps they would be best being “Off the Grid” anyway so perhaps we would not show them at all; but as I say this would have to be for a very strong reason.

  9. I was the developer who enabled the visibility of staff id photo’s on our internal directory intranet application. I recall at the time being compared to Nazi’s for following orders!

    I’m very sensitive to data protection issues, and I still find no justification for NOT having my photo on the internal directory. The principles of the Data Protection Act apply – the image must only be used for the purpose it was gathered – to identify the member of staff.

    Once available to staff, they will be bound by the same principles, so anyone taking copies to use for any other purpose must be reminded or even disciplined. And it must be made clear to all staff that misuse of the photo’s will not be tolerated. I think that if the authority are seen to be this protective, then it will demonstrate a responsible attitude.

    And again, the principles are quite clear, the record must be kept up to date, so when a member of staff leaves, the image, if not the entire record, should be removed.

    Incidentally, I noted that the most vociferous of complainants were also the busiest trawling through the directory!

    • Thanks for your comment Doug. The points you make about DPA compliance are well made. Particularly removing the picture when the person has left. Thanks for your input.

  10. Final Comments.
    Thanks for all your comments on this.
    Here’s where we are…

    The Management board have decided:-
    a. Taking of a photograph is mandatory for all our staff except schools and Fire and Rescue ( F & R already have them) This means some 6000 -ish staff.
    b. The insertion of the pictures onto our Intranet people finder is mandatory.
    c. Wearing of the pass in Council offices is mandatory.


Where a member of staff requires to keep a low profile as a result of a problem in their past then we are to take them off the grid completely. Afterall if Mrs Josephine Bloggs was to have a profile but no picture that in itself would draw attention. Best not to exist at all in our people finder. We would provide them with a temporary card. Our temporary cards have no picture.

    We have put a piece on the relevant page on our Intranet about DPA covering the image and the legal responsibilities of the staff in that respect. (thanks for the reminder Doug)

    So far of the 6000-ish ID cards we have to produce we have sent out about 500, a mammoth task in itself. Photographs of our staff are being taken across the County over the next couple of months – yes it does take that long.

    There is a buzz and general interest around the place as people are asking when theirs is coming.

    Our suppliers for this work are…
    John Thompson Photography, a Lincoln based photographer (ex police) and a long time supplier to the council.

    Payne security of Banbury who are carrying out the card production who produce the F&R cards.

    Forms* are constructed on the Firmstep platform.

    A few notes.
    *We produced a series of interactive forms for people to book into the photographic events across the County. These forms allowed them to book, cancel and register all their details. Without these forms this task would have been impossible. The web team produced the forms using the Firmstep platform.

    Our legal team have provided us with an opinion regarding any breach of Human Right legislation we may have been committing. It is their advice we are not.

    Don’t underestimate the task if you wish to carry it out yourselves. I have taken hundreds of calls and e-mails from staff in order to resolve issues and handle the questions.

    The distribution of the cards themselves ( a huge and very boring task) has fallen to the web team who are working out of normal hours to carry out the task. You see what happens when you say yes.

    At a stroke the physical security of our organisation has become very high profile. We intend to keep this up with ‘challenge days’ where members of staff are encouraged to challenge – without fear or favour – anyone seen around the premises without a pass.

    Even with this relatively small amount delivered so far people are wearing them and I can see who are County Council staff.

    Thanks again for your comments. If you wish to carry out a similar project and want any help then feel free to ask. We have learned many a lesson along the way.

  11. Pingback: Internal Social Networking for Local Government. It’s here. « Local Government Web Managers

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s