Sharing Consignment Agreements and Condition Reports Securely

Every consignment begins with paperwork. Before a painting hangs in a gallery or a lot reaches the rostrum, a stream of documents passes between the consignor, the gallery or auction house, and ultimately the buyer. A consignment agreement sets out the terms: the reserve, the commission, the duration, and who carries the risk while the work is in the gallery’s care. A condition report records every craquelure, retouch and frame abrasion. A valuation puts a number on the object for insurance, sale or probate.

Taken together, these documents form a precise picture of who owns what high-value item, and exactly what it is worth. That is commercially valuable information and, where it identifies an individual consignor or buyer, it is also personal data. The way it is shared therefore matters as much as the way it is stored.

The typical paper trail

• Consignment agreements naming the consignor, the reserve price and the commission structure
• Condition reports describing the physical state of an object, often with photography
• Valuations and estimates attaching a monetary figure to a named owner's property
• Insurance schedules and shipping paperwork that travel alongside the object

There are two distinct concerns wrapped up in a single attachment. The first is commercial confidentiality. A leaked valuation or reserve can undermine a negotiation, tip off competitors, or expose a private collector’s holdings to unwanted attention. The second is data protection. A consignment agreement that names an individual and links them to a valuable asset is personal data, and that brings legal obligations.

Consider a probate valuation. A specialist prepares an estimate for an estate, names the deceased and the beneficiaries, and emails it to the executor. The executor forwards it to a relative who is in dispute with the rest of the family, and within minutes a confidential figure that should have stayed between three people is circulating among a dozen. Or picture a private collector whose reserve on a single lot is forwarded out of an auction house; competitors can now infer the shape of holdings the collector has spent years keeping quiet. In each case nothing was hacked. The information simply travelled further than anyone intended because it was attached to a message.

The UK GDPR treats confidentiality as a core obligation. The security principle requires that personal data be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, using appropriate technical or organisational measures. The ICO frames confidentiality, integrity and availability as the “CIA triad”, meaning data should be accessible, alterable, disclosable or deletable only by those who are authorised.

The law does not prescribe a single technology. It asks for a level of security appropriate to the risks of the processing, weighed against the state of the art, the cost of implementation, and the nature and purpose of what you are doing. The ICO considers encryption to be an appropriate technical measure given its widespread availability and relatively low cost, and notes that damage and distress from a breach may be reduced or avoided where personal data has been encrypted.

That position is reinforced in the statute itself. Article 32 of the UK GDPR cites encryption as an example of an appropriate technical measure, using a secret key so that only those holding it can read the data. For a gallery handling valuations and ownership details, encryption is among the most obvious safeguards available.

Encryption also changes what happens after an incident. The ICO confirms that the duty to tell an affected individual about a personal data breach does not apply where appropriate measures, such as securely encrypting the data so it is rendered unintelligible, have been applied. The regulator can still require notification where it considers a breach likely to adversely affect individuals, but encrypting documents before they move materially reduces the fallout if something goes wrong.

Most galleries and auction houses still send these documents by email, and increasingly by messaging apps when a deal is moving quickly. Both feel convenient, and both quietly undermine the confidentiality the work demands. The ICO advises that you should use encrypted communication channels when transmitting personal data over an untrusted network, such as HTTPS, because data encrypted in transit is protected against eavesdropping.

The same guidance carries an important caveat: even when data is encrypted in transit, it may still be at risk on the recipient’s device if security protocols are not in place there. That is the heart of the problem with email and chat. The moment a valuation lands in someone’s inbox, it can be forwarded, saved to a phone, synced across devices, and kept for years with no way for you to revoke access.

For a deeper look at why the inbox is the wrong place for sensitive files, see our comparison of email versus secure document sharing.

The alternative is to stop attaching these documents to messages at all. A one-time encrypted link lets you send a consignment agreement, condition report or valuation directly to the named recipient, with the file encrypted before it ever leaves your device and access removed once it has been collected. The valuation never sits in an inbox; the ownership detail never lingers in a thread.

The same approach works in both directions. When a consignor sends you provenance paperwork or a buyer returns a signed agreement, an encrypted upload link keeps that material out of email too. Galleries that handle identity and source-of-funds checks will find the pattern familiar from our guidance on KYC and AML document collection for art dealers and on sharing provenance documents securely.

Why are consignment agreements and condition reports sensitive?

These documents reveal who owns a high-value object, what it is worth, and often the personal details and contact information of the consignor or buyer. Under UK GDPR, that personal data must be processed with appropriate security, and the commercial confidentiality of valuations and ownership is a competitive concern in its own right. Treating these files casually in email or chat threads exposes both the individual and the business.

Is email secure enough for art valuations and consignment paperwork?

Email is rarely sufficient on its own. The ICO advises using encrypted communication channels when transmitting personal data over an untrusted network, and once a file lands in an inbox it can be forwarded, stored on multiple devices, and retained indefinitely with no way to revoke access. A one-time encrypted link keeps valuations and ownership details out of long-lived inboxes and chat threads.

Does encryption reduce the impact of a data breach for a gallery?

Yes. The ICO notes that the duty to tell an affected individual about a personal data breach does not apply where appropriate measures, such as strong encryption that renders the data unintelligible, have been applied. Encrypting consignment and condition documents before they are shared can therefore reduce both the regulatory and reputational impact if files are lost or intercepted.

Discretion is part of what a gallery or auction house sells. A consignor entrusts you not only with a valuable object but with the knowledge of what they own and what it is worth. The documents that carry that knowledge deserve the same care as the artwork itself, and UK GDPR makes that care a legal duty as well as a matter of professional reputation.

Encrypting consignment agreements, condition reports and valuations before they are shared, and sending them through one-time links rather than email or chat, is a straightforward way to meet that duty. It keeps confidential information where it belongs and demonstrates, to clients and regulators alike, that you took the security of their data seriously.