Personal (handwritten) signature - GDPR?
Discussion
Getting mixed answers from Googling so wondering if anyone has personal experience..
Recently worked on a report on behalf of a local authority (the client) that will be published publicly. At the start of the report are the names of the people that worked on it, including myself, along with our handwritten signatures.
I was just wondering if a handwritten signature, particularly when combined with a full written name, is covered by GDPR? There has been no mention of whether they will be removed / redacted prior to public issue, but I would personally prefer that it were, so would just like clarity on where it sits under the regulations before requesting / enquiring..
Recently worked on a report on behalf of a local authority (the client) that will be published publicly. At the start of the report are the names of the people that worked on it, including myself, along with our handwritten signatures.
I was just wondering if a handwritten signature, particularly when combined with a full written name, is covered by GDPR? There has been no mention of whether they will be removed / redacted prior to public issue, but I would personally prefer that it were, so would just like clarity on where it sits under the regulations before requesting / enquiring..
smithyithy said:
Getting mixed answers from Googling so wondering if anyone has personal experience..
Recently worked on a report on behalf of a local authority (the client) that will be published publicly. At the start of the report are the names of the people that worked on it, including myself, along with our handwritten signatures.
I was just wondering if a handwritten signature, particularly when combined with a full written name, is covered by GDPR? There has been no mention of whether they will be removed / redacted prior to public issue, but I would personally prefer that it were, so would just like clarity on where it sits under the regulations before requesting / enquiring..
My personal view - not necessarily my professional view as GDPR / Data is not my sphere of detailed knowledge - is that a personal signature would come under GDPR as it is an identifying personal feature but I wouldn’t bet the farm on my being correct. I know from looking at planning applications online my local authority redact all signatures so I’d be having a look at them so see if your local authority do the same. Recently worked on a report on behalf of a local authority (the client) that will be published publicly. At the start of the report are the names of the people that worked on it, including myself, along with our handwritten signatures.
I was just wondering if a handwritten signature, particularly when combined with a full written name, is covered by GDPR? There has been no mention of whether they will be removed / redacted prior to public issue, but I would personally prefer that it were, so would just like clarity on where it sits under the regulations before requesting / enquiring..
Reason for my posting here - I sign a lot of legal documents which go into the public domain almost instantly and I have two signatures - one my ‘work’ signature and the second being my ‘real’ signature although I was introduced to this concept more from a fraud perspective.
smithyithy said:
Recently worked on a report on behalf of a local authority (the client) that will be published publicly. At the start of the report are the names of the people that worked on it, including myself, along with our handwritten signatures.
Whose idea was it to put personal signatures on? I can't think that a report is any better off for having signatures on it.I don't know the law on it but think it's a rather too personal to have in the public domain; if anyone wants to steal your ID it can only make their task easier.
Ask the other people who have their signatures on it - what do they think?
Simpo Two said:
smithyithy said:
Recently worked on a report on behalf of a local authority (the client) that will be published publicly. At the start of the report are the names of the people that worked on it, including myself, along with our handwritten signatures.
Whose idea was it to put personal signatures on? I can't think that a report is any better off for having signatures on it.I don't know the law on it but think it's a rather too personal to have in the public domain; if anyone wants to steal your ID it can only make their task easier.
Ask the other people who have their signatures on it - what do they think?
smithyithy said:
Getting mixed answers from Googling so wondering if anyone has personal experience..
Recently worked on a report on behalf of a local authority (the client) that will be published publicly. At the start of the report are the names of the people that worked on it, including myself, along with our handwritten signatures.
I was just wondering if a handwritten signature, particularly when combined with a full written name, is covered by GDPR? There has been no mention of whether they will be removed / redacted prior to public issue, but I would personally prefer that it were, so would just like clarity on where it sits under the regulations before requesting / enquiring..
If it is important to you, and possible subject of a claim, I'd go to the ICO website and put a question. I've asked three over the years and received full, and itemised replies. One time too much so, but I did ask.Recently worked on a report on behalf of a local authority (the client) that will be published publicly. At the start of the report are the names of the people that worked on it, including myself, along with our handwritten signatures.
I was just wondering if a handwritten signature, particularly when combined with a full written name, is covered by GDPR? There has been no mention of whether they will be removed / redacted prior to public issue, but I would personally prefer that it were, so would just like clarity on where it sits under the regulations before requesting / enquiring..
lancslad58 said:
There are few reasons to submit accounts with signatures these days, most accounts are submitted electronically without signatures or with electronic signatures.As noted by others, I would use a different public signature where it can't be avoided.
I believe your signature is covered under GDPR, so publishing your signature is potentially a breach. Contact them to remind them not to include it - https://ico.org.uk/for-organisations/uk-gdpr-guida...
Given the point of a signature is to authenticate a persons identity, by definition it's a form of information that could identify a person, so I would be shocked if it was not covered by GDPR regulations.
But, I'm not sure why you're worried.
Surely there isn't an institution dealing with any matters of real importance still accepting a signature as a form of authentication?
But, I'm not sure why you're worried.
Surely there isn't an institution dealing with any matters of real importance still accepting a signature as a form of authentication?
Maybe another thing to consider is whether including your name (personal data), signature and possibly other identifying information like an email address in this class of document is normal and expected, possibly generally accepted as a sort of advertisement for your professional services
An analogy in my world is author details (usually name, institution and lab, email address) attached to academic papers. I’ve never heard of a researcher asking for those details to be withheld, redacted or removed from databases because GDPR
An analogy in my world is author details (usually name, institution and lab, email address) attached to academic papers. I’ve never heard of a researcher asking for those details to be withheld, redacted or removed from databases because GDPR
smithyithy said:
Getting mixed answers from Googling so wondering if anyone has personal experience..
Recently worked on a report on behalf of a local authority (the client) that will be published publicly. At the start of the report are the names of the people that worked on it, including myself, along with our handwritten signatures.
I was just wondering if a handwritten signature, particularly when combined with a full written name, is covered by GDPR? There has been no mention of whether they will be removed / redacted prior to public issue, but I would personally prefer that it were, so would just like clarity on where it sits under the regulations before requesting / enquiring..
The purpose of appending your name and signature to this sort of document is so you can be identified.Recently worked on a report on behalf of a local authority (the client) that will be published publicly. At the start of the report are the names of the people that worked on it, including myself, along with our handwritten signatures.
I was just wondering if a handwritten signature, particularly when combined with a full written name, is covered by GDPR? There has been no mention of whether they will be removed / redacted prior to public issue, but I would personally prefer that it were, so would just like clarity on where it sits under the regulations before requesting / enquiring..
Sign it, put your name in capitals underneath and get on with your next report.
Biometric data is a specific category of personal data under GDPR. A handwritten signature is considered biometric data because of its unique and intrinsic physical nature. Using a handwritten signature requires strong justification and explicit consent. It's covered in the ICO guidance.
For context I work for a private consultancy that would typically produce reports like this, or similar documents when acting as the Principal Designer for construction projects, so the engineer / senior engineer / principal engineer would sign the documents as reviewed and approved.
In this case, we've carried out an independent study and subsequent report on behalf on a local authority. The final copy of the report issued to them, using a version of our own internal template, will be published by the LA and made available for the general public, as it pertains to a road safety study in the local area (where I live) following some isolated accidents on a few sections of road.
I'd simply rather not have my name, let alone personal signature, attached to a document that will no doubt be read, scrutinised, and more than likely criticised by - for lack of more appropriate terminology - the local busy-bodies.
In this case, we've carried out an independent study and subsequent report on behalf on a local authority. The final copy of the report issued to them, using a version of our own internal template, will be published by the LA and made available for the general public, as it pertains to a road safety study in the local area (where I live) following some isolated accidents on a few sections of road.
I'd simply rather not have my name, let alone personal signature, attached to a document that will no doubt be read, scrutinised, and more than likely criticised by - for lack of more appropriate terminology - the local busy-bodies.
smithyithy said:
For context I work for a private consultancy that would typically produce reports like this, or similar documents when acting as the Principal Designer for construction projects, so the engineer / senior engineer / principal engineer would sign the documents as reviewed and approved.
In this case, we've carried out an independent study and subsequent report on behalf on a local authority. The final copy of the report issued to them, using a version of our own internal template, will be published by the LA and made available for the general public, as it pertains to a road safety study in the local area (where I live) following some isolated accidents on a few sections of road.
I'd simply rather not have my name, let alone personal signature, attached to a document that will no doubt be read, scrutinised, and more than likely criticised by - for lack of more appropriate terminology - the local busy-bodies.
In this case your name and signature can be on the copy they receive as they are the customer. On the copy they publish both should be redacted to comply with the legislation.In this case, we've carried out an independent study and subsequent report on behalf on a local authority. The final copy of the report issued to them, using a version of our own internal template, will be published by the LA and made available for the general public, as it pertains to a road safety study in the local area (where I live) following some isolated accidents on a few sections of road.
I'd simply rather not have my name, let alone personal signature, attached to a document that will no doubt be read, scrutinised, and more than likely criticised by - for lack of more appropriate terminology - the local busy-bodies.
If you look at contracts published by central government under their transparency rules (see https://www.contractsfinder.service.gov.uk/ and select the "awarded contract" checkbox, the details of the signatories and their signatures are redacted.
Your signature is personal data. NB: a lot of responses in this thread are a little confused - personal data is *any* data relating to you that is held in a context that permits you to be identified, it's not merely the identifying information.
However, something being personal data does not mean that it cannot or won't be published. The question to ask is whether that publication is lawful and proportionate to the specific circumstances. Depending on the specific report in question, identifying those who prepared or approved it may well be a legal requirement or considered to be in the public interest (this latter would in principle need to be identified in Schedule 1 of the UK DPA 2018). It may be that the signature, as well as the name, is necessary for the report to have legal force or in some other way to comply with applicable legislation - in which case, you will have to accept that your signature will be published and might, as has been suggested, consider having a version for this purpose and another for signing cheques. Although a signature on its own is of little value in the world of modern KYC.
If publication of the signature is not legally required and the proposal is to publish the report including it, ask the local authority what their basis is for that decision. Note that LAs can't cite their legitimate interest, as that basis is not available to the public sector, so would have to show public interest and be able to identify their specific basis for so doing.
However, something being personal data does not mean that it cannot or won't be published. The question to ask is whether that publication is lawful and proportionate to the specific circumstances. Depending on the specific report in question, identifying those who prepared or approved it may well be a legal requirement or considered to be in the public interest (this latter would in principle need to be identified in Schedule 1 of the UK DPA 2018). It may be that the signature, as well as the name, is necessary for the report to have legal force or in some other way to comply with applicable legislation - in which case, you will have to accept that your signature will be published and might, as has been suggested, consider having a version for this purpose and another for signing cheques. Although a signature on its own is of little value in the world of modern KYC.
If publication of the signature is not legally required and the proposal is to publish the report including it, ask the local authority what their basis is for that decision. Note that LAs can't cite their legitimate interest, as that basis is not available to the public sector, so would have to show public interest and be able to identify their specific basis for so doing.
Gassing Station | Speed, Plod & the Law | Top of Page | What's New | My Stuff