Who is liable for the pensions dashboard?
Pardon the Interruption
This article is just an example of the content available to mallowstreet members.
On average over 150 pieces of new content are published from across the industry per month on mallowstreet. Members get access to the latest developments, industry views and a range of in-depth research.
All the content on mallowstreet is accredited for CPD by the PMI and is available to trustees for free.
The pensions dashboard is due to become reality soon, but little is known so far about who will bear the costs if savers’ data is misrepresented or stolen.
The Money and Pensions Service is taking over the dashboard project from the Department for Work and Pensions – to which it reports – and an industry delivery group is currently being formed.
Among the myriad tasks this delivery group is charged with is that it should have “a clear liability model that all parties are signed up to” and “a clear process for dealing with complaints”, the DWP said in its consultation response in April.
“Resolving a customer dispute could involve the dashboard provider, the scheme providing the data or another element within the ecosystem,” it noted.
By not defining who would be liable if data is wrong or breached, has the DWP merely postponed a difficult discussion?
A data breach is a matter of time
As MAPS and its executives do not enjoy Crown immunity, or even insurance, the government is leaving them exposed unless provisions are made.
A data breach – the dashboard being hacked – is just a matter of time according to some. “There is no doubt that someone somewhere will one day hack into it, although the opportunities for fraud seem limited,” says Robin Ellison, partner at Pinsent Masons.
Therefore, “if anyone is invited to serve on the [MAPS] board they may want to think twice, especially if there is liability under GDPR or for damages for a complete failure of the system. The normal checks and balances don’t seem to have been built into the system,” warns Ellison.
This risk could however be mitigated by organising the dashboard under a separate corporate system, he adds.
Is the DWP’s approach too ‘hands off’?
Liability for any data breaches or wrong information on the dashboard is a major issue for Tim Smith, professional support lawyer at Herbert Smith Freehills. He says the dashboard consultation did not address the topic in sufficient depth, with the government presenting the dashboard as a mere conduit for data rather than as a data controller.
However, if the dashboard does anything with the data before presenting it to members, such as illustrations, and mistakes happen, there is a question as to whether the dashboard will be liable, he says. “Will the dashboard be on the hook? Do they have money behind it?” said Smith.
Given the likelihood of complaints, the current “hands off approach” cannot last, he believes.
“The accuracy and security of people’s data on pensions dashboards is critical for people’s trust,” said Yvonne Braun, director of long-term savings at the Association of British Insurers.
“We expect the question of liability to be addressed in the work of the Industry Delivery Group and the Steering Group which are currently being set up by the Money and Pensions Service,” she added.
The DWP said the delivery group will be dealing with issues around liability.
David Reid, pensions dashboard operations policy lead at MAPS, said liability is one of many workstreams that will be taken forward by the industry delivery group once it has been established.
“We recognise that in an ecosystem with multiple participants we need to be clear about who is responsible and accountable for different parts of pensions dashboards,” said Reid.
“We have already identified the need to have a clear liability model for the whole dashboards ecosystem which will allow the user to easily raise any dispute about any part of the system with the right person,” he added.
