Pensions - Articles - Time to focus on data breach response plans


Trafalgar House have advised that two months on from the introduction of GDPR schemes need to ensure they have a response plan in place to deal with any data breaches, and provided some tips for establishing a working plan.

 Daniel Taylor, Director at Trafalgar House, said: “With such dramatic build up, GDPR has been somewhat anticlimactic since its implementation. However, its real value can already be seen, as it encourages more trustees to feel genuinely accountable for data for the first time. Crucially though, increased action must go hand in hand and response plans are far more important for members than general GDPR policy - but few schemes have actually begun work on them, because they often simply don’t know where to start.

 “Like so much around GDPR, data breach response plans can be overcomplicated, so for many trustees it’s about breaking things down into distinct actions. If done correctly, a response plan needn’t be merely a tick box exercise but can also allow schemes to take a proactive approach to protecting member data. It allows schemes to deal quickly and efficiently with breaches that occur and to prevent them in the first place. A good place to start is to agree the following:

 1. Definitions and explanations of what a breach is
 2. A decision framework for who decides what needs to be escalated, and when
 3. Potential strategies for containing and remedying breaches, both hypothetical and model
 4. A strong communication plan
 5. Details of how a breach should be recorded and followed up after the event to identify root cause

 “Trustees cannot avoid putting these plans off - as with most things, delay makes the process no easier and could even put member data at risk. Data breach response plans needn’t be cumbersome, but they can involve complex processes and difficult decisions, so trustees would be naive to think it is something that can be done in the spur of the moment.”
  

Back to Index


Similar News to this Story

Wish list for the occupational pensions industry in 2025
As one year closes and another begins, it's an opportune moment to set our sights on the future. The UK occupational pensions industry faces nume
PSIG announces outcome of Consultation
The Pensions Scams Industry Group (PSIG), which was established in 2014 to help protect pension scheme members from scams, today announced the feedbac
Transfer values fell to a 12 month low during November
XPS Group’s Transfer Value Index reached a 12-month low, dropping to £151,000 during November 2024 before then recovering to its previous month-end po

Site Search

Exact   Any  

Latest Actuarial Jobs

Actuarial Login

Email
Password
 Jobseeker    Client
Reminder Logon

APA Sponsors

Actuarial Jobs & News Feeds

Jobs RSS News RSS

WikiActuary

Be the first to contribute to our definitive actuarial reference forum. Built by actuaries for actuaries.