Redaction of AGAR Signatures
Since our round robin on Friday 11th May 2018 we have had further correspondence from PFK Littlejohn on the issue of the redaction of signatures on published AGAR forms. The issue is due to be discussed further by PFK Littlejohn in the light of GDPR implementation.
See below for a copy of the correspondence.
Thank you for your email. Our expectation is that signatures are not redacted. This was raised by the audit firms with the NAO for legal advice 2 years ago and the expectations were clarified amongst audit firms at that point. The conclusion being that smaller authorities do not have general discretion under the Regulations to decide whether to redact the signatures or not.
Since that clarification, the presumption has been that the annual return will be published in its completed form once it has passed through the requisite preceding steps, and therefore including the unredacted signatures. Regulation 12(1) and (2)(c) require the statement of accounts to be signed by the RFO and the chair of the approval meeting, and regulation 13(1) requires that statement to be published. There is nothing in the Regulations which implies that the annual return may be altered in the interim, for example, by redacting the RFO's or Chair's signature.
We have received a number of queries this year and have repeated the fact that the legislation does not allow for redaction of signatures. We have been made aware that some chairs/clerks are using a different signature to sign off documents that must be published (much in the way that my 'audit sign off' signature has always been different to my 'cheque signing' signature.) However, as external auditors, we obviously cannot give advice on this point.
Two years ago, we also considered the data protection aspect of the issue and whether there may be circumstances where the publication of signatures would be unlawful under the existing DP laws. The conclusion reached was that evidence of a specific threat to the individual of fraudulent use of their signature would need to be demonstrated, in order to argue that an 'unjustified adverse effect' would be caused by publication of their signature; a generalised concern about simply having a signature in the public domain would be very unlikely by itself to establish that publication would cause them an unjustified adverse effect.
In view of the GDPR and the number of recent queries regarding this point, I have already asked for this to be revisited at our next technical network meeting (next Tuesday). [We] will let you know what transpires.
Posted: Mon, 14 May 2018 20:08 by Jake Atkinson