UK - Trustees and employers must review their administration practices to ensure they conform to the latest edition of the Data Protection Act, say lawyers.
The warning follows the publication of the Employment Practices Data Protection Code.
Allen & Overy associate Dana Burstow says the new code adopts a more “hard-line” stance.
She said: “Particular care must be taken over ensuring that information required in connection with a pension scheme is not leaked to the employer, unless this is necessary for funding purposes.”
Burstow added that if trustees failed to review their current administration practices – including the dissemination of trustee minutes – they could find themselves open to compensation claims.
The code suggests that one way to guard against any leaks is for all information to be passed from workers to scheme administrators via the employer in “sealed envelopes”.
But Simmons & Simmons solicitor Camilla Barry said: “The information commissioner has powers to enforce the provisions of the Data Protection Act and any enforcement will be for breaches of the requirements of the Act, not of the code.
“However, the code is intended to interpret in practical terms what is actually required by the Act so, in many areas, the code sets the standard of what – in the information commissioner’s view – is required by the Act.”
The registration deadline for the Workplace Savings & Benefits Awards 2019 is today.
This week's top stories were the DWP giving the green light to CDC and TPR granting extensions for 11 master trust authorisation applications.
Susan Martin says building strong foundations for business are the only way forward as the pensions industry is radically shaken up
The Pensions Regulator (TPR) has granted Now Pensions a six-week extension for its master trust authorisation application after the 31 March deadline, PP can reveal.