“Gillian goes above and beyond, she is very responsive to the whole team and delivers outstanding work. ”
“The Trustee training was very interactive and the presenters were engaging - thank you.”
“The work that has been done has been delivered beyond expectations.”
“In my experience, not all professional trustees are able to cope with tricky or potentially confrontational situations. I find PSGS has massive experience in getting involved, earning the respect of others and resolving such issues. They get stuck in – they are a first rate team.”
“The trustee training was a very well-paced overview which gave opportunity to explore ideas and question more deeply at key points.”
“In any major corporate transaction, time is of the essence. PSGS's pragmatic commercial approach helped us manage the pensions aspects of our group re-structure to ensure a positive outcome for all parties. ”
The data sharing code of practice laid before parliament in May 2021 is now in force. The code is a practical guide on sharing data lawfully and in a fair, simple, transparent way. All pension trustees as data controllers, whether lay or professional, need to be aware of the new code and requirements when sharing data to or from third parties. Read on for everything trustees need to know…
What data can be shared under the code?
The code covers the sharing of personal data between organisations that are data controllers. The code does not cover sharing data with data processors, as they have their own duties to comply with.
For pension trustees, it is normal practice to share personal member data with joint data controllers such as the employer/sponsor and scheme actuary, subject to having data sharing agreements in place. The code sets out the requirements of sharing data with a third party by whatever means including transmission, dissemination or otherwise making it available. The scope of the code is wide and could easily catch trustees out.
A one-way or reciprocal exchange of data between organisations is caught by the code, whether this is a one-off exchange or a routine exchange carried out on a regular basis. However, the code only applies to sharing personal data. If the data being shared does not identify anyone (e.g. membership statistics only) then it is not covered by the code. However, care needs to be taken when personal data is anonymised or pseudonymised prior to being shared. This is still likely to be caught by the code if an individual can be identified when combined with other data.
Things pension trustees should consider before sharing data:
As a trustee, have you followed the key principles of data protection prior to sharing data?
If in doubt, don’t risk it
As professional trustees, we are increasingly vigilant about the data we share with other organisations and fully support the code. The key question to ask is “is it necessary to share personal member data?”. Often, the answer is no. But, if the answer is yes, you need to ask “how can I do so securely, proportionately and in compliance with the code and the Data Protection Act 2018?”.
The risk of non-compliance to member security is huge, as is the potential for reputational damage and financial penalties in the event of a data breach. Summed up, pension trustees should remind themselves “if in doubt, don’t risk it”.
That was the interesting question posed at a recent Pensions Management Institute (PMI) and...
In this CMS Pensions LawCast episode, Louise Webb and Simon Lewis joined Jae Fassam and...