You Can’t Govern What You Can’t See: The Hidden Risk of Untracked Visual Assets
Ask yourself: Can you confidently track all of your company’s visual assets? Where are they? Are they even safe to use?
Marketing downloads stock images, Creative develops graphics, even HR holds onto staff photos – your organization gathers and creates visual media every day.
And without a system to track them, those assets are quickly lost – scattered across shared drives, cloud folders, email threads, and other platforms.
Even worse, they can surface outside your organization, reused or modified in ways you don’t want.
When a visual asset isn’t tracked, you don’t just lose the file, you lose control of how it’s used and the consent that governs it.
Bottom line: untracked assets are incredibly risky.
What are untracked visual assets?
An untracked visual is any asset you can’t immediately find or lack the necessary info to use. They might be stored in multiple places or managed informally. Over time, it becomes difficult to identify which of these assets can be safely re-used and shared.
Organizations lose control of their assets in two main ways:
Inside the organization: Assets can get buried outside of acceptable storage systems. Teams may forget what already exists, create unnecessary duplicates, or use content without checking for valid consent.
Outside usage: Even the assets your organization knows about can escape. When files are shared or downloaded externally, they may be reused, modified, or published without your knowledge. Your assets may appear in places and contexts you don’t want them to.
When assets aren’t tracked and linked to consent, confusion grows, and risk follows.
So what kind of risk are we talking about?
Legal and regulatory risks of untracked assets
First and foremost are the legal and regulatory risks.
Breach of licensing agreements
Many visual assets come with specific rules written into their contracts. For instance, stock libraries, freelance photographers, or content providers often lay out exactly how and where assets can be used. Untracked assets can easily end up being used outside those terms, triggering breach-of-contract claims.
One example comes from a U.S. copyright case involving photographer Jonathan Mannion. He had licensed an image for limited use, but Coors Brewing Co and its advertising agency created a very similar photo for a billboard. Mannion argued it was too close to his original, and he was awarded $30,000 against Coors and $20,000 against the agency. Proper tracking of licensed assets would have prevented this kind of legal exposure.
Regulatory and compliance risks
Consent is required for any image featuring people, property, or sensitive information. Without linking each asset to a signed release or agreement, you risk violating privacy laws – especially if consent is later revoked. Within regulated industries missing or unclear consent can lead to significant legal and compliance consequences. The same is true for any organization operating within the European Union, which adheres to General Data Protection Regulation (GDPR).
European Union
GDPR requires that any organization processing the personal data of EU residents must ensure proper consent, secure storage, and careful handling of that data. Non-compliance is subject to fines of up to 4% of your global revenue. As such, all relevant assets must be tracked and linked to the appropriate consent documentation.
Take what happened to Clearview AI. This facial‑recognition technology company collected billions of images of people from the web (including social media and other public sources) without obtaining the required consent.
When European Union data authorities discovered their violations, Clearview was fined €30.5 million.
Healthcare
In both the United States and the EU, personal health information is highly protected. In the U.S. patient information is governed by The Health Insurance Portability and Accountability Act of 1996 (HIPAA). In the EU, the equivalent is GDPR. Untracked images or videos containing patient information can lead to serious legal and compliance issues – repeated violations of the same HIPAA rule can cost up to $2,190,294 per year. Under GDPR fines are even more severe, costing up to €20 million or 4% of annual global turnover.
In 2025, Cadia Healthcare Facilities paid out $182,000 to the U.S. Department of Health and Human Services, Office for Civil Rights for HIPAA violations related to image use. On top of that, the organization had to agree to a multi-year corrective plan to ensure no further violations occurred. This kind of penalty could have been avoided if patient release forms and consent documents had been properly linked to the corresponding assets.
Finance
After healthcare, the most heavily regulated industry is finance. Financial institutions must follow detailed rules surrounding advertising, reporting, and disclosures. Using visual content incorrectly can trigger regulatory scrutiny or fines. These can include anything from misleading claims to showing customer information or sharing unapproved marketing materials.
That makes it critical to track assets, stop leaks, and maintain embargos. Failing to do so is not just an intellectual property risk, but a legal one as well.
For instance, untracked (or missing) assets can result in fines in the U.S. under Security and Exchange Commission (SEC) Recordkeeping regulations.
In 2024, the SEC charged 26 firms (broker‑dealers and investment advisers) for widespread and longstanding failures to maintain and preserve electronic communications required under SEC recordkeeping provisions (including images shared via email). The firms agreed to pay more than $390 million in combined civil penalties and improve their compliance procedures.
Education
Students receive special privacy protections in both the U.S. and the EU. In the United States, schools and universities are governed by the Family Educational Rights and Privacy Act (FERPA). Even routine use of student images without proper consent can lead to administrative actions, corrective plans, or threats to federal funding.
In the EU, both GDPR and local laws regulate how student data can be used. For example, the Italian Data Protection Authority fined a nursery school €10,000 for sharing student photos on its website.
In both the U.S. and the EU, visuals including students and staff must be handled with proper consent and data protection practices – which can’t be done if you don’t know where every asset is and which consents to attach.
Lack of governance around visual assets isn’t just an operational problem – it’s a legal and compliance risk. Without control, organizations can face fines and lawsuits, often for content they believed was safe to use.
Brand reputation
Aside from the regulations, there’s the fundamental matter of your reputation. Those misused assets can have a negative effect on your brand. Being accused of misusing protected content can spill into the public’s perception of your organization. While the public may not notice if you do a good job of tracking all your assets, they will definitely know if those images get misused. This is especially true if it gets reported by a news organization or a regulatory agency.
Without visibility and tracking, assets move beyond your control, while you’re still held responsible for the misuse.
Consequences of unauthorized redistribution
When assets aren’t monitored, external parties can download, modify, or republish your images in ways that violate licensing agreements or misrepresent your brand. For instance, several brands, including Gucci and Puma, sued Alibaba over misuse of brand images to sell counterfeits that injured their reputation and sales.
The risk doesn’t stop there. AI tools increasingly scrape publicly available visual content to train models or generate derivative works. If your images are ingested without your knowledge, they can reappear in new contexts, separated from their original licensing terms and governance controls. In one prominent lawsuit, Stability AI was accused of using millions of Getty’s copyrighted photos, scraped without consent, to train its model.
Eliminating the risks
Reducing the legal and operational risk of untracked visual assets requires tracking assets and linking to consent. Here’s how you do it:
Audit what you already have
Managing visual assets isn’t just about storing files—it’s about knowing what you have, where it is, and whether it’s safe to use. Start by auditing your existing assets. Even if files are spread out, it’s important to identify everything your organization owns, from images and videos to logos and graphics. Document basic details such as file names, formats, and creation dates to understand your current library.
If assets have left your control, tools like Verify can help you locate them. Computer vision–based AI scans the web to find where your visuals appear online. This way, you’ll know how your assets are being used externally and detect unauthorized use.
Watermark your assets
Watermarking has gone beyond large, distracting marks over images. Today you can add digital watermarks that can be embedded directly into the pixels of an image, allowing you to track leaks and enforce embargos.
For instance, Verify offers digital watermarks that allow you to trace your assets, even if a file is resized, cropped, edited, or even processed by AI tools. That means you can identify your assets if they surface elsewhere online, strengthening oversight and reducing the risk of unauthorized use.
Track consent
Juggling consent forms in emails, shared folders, or spreadsheets is just asking for trouble. Instead, centralize your consent tracking so that every asset is connected to the proper release forms. You can also set up alerts for expiration dates or usage restrictions to ensure assets are used appropriately.
Tools like Verify’s Consent Manager make this process easier by creating a single record of permissions and automatically restricting use if consent changes. Other approaches include maintaining structured databases, setting reminders for time-bound releases, or adding consent tracking to asset management workflows. These practices reduce confusion, ensure compliance, and create an audit trail across the asset lifecycle.
Unlock the untapped value of your visual assets
Getting a handle on your untracked visual assets isn’t just about reducing risk. When every asset is accounted for and linked to consent forms, teams can locate and reuse content faster – and feel confident they have the authorization they need to post.
Tracking your assets also helps teams make smarter decisions. With a clear view of which visuals are being used and which are overlooked, you can plan more effectively for future content needs. In that way, your assets become powerful resources that streamline workflows and drive growth.
Make the digital world a place you can trust, with Verify. Track, monitor, and protect your visual assets and the consent that governs their use.