Considering marital status tracing? – Think data protection
As defined benefit schemes mature, de-risk and edge ever closer to buy-out and wind up, companies and trustees are increasingly focusing on different types of risk exposure. One risk they may be looking at more closely is the risk which relates to whether members have a partner who would qualify for survivor benefits on the death of the member.
For some time we have seen schemes gather additional information about members’ marital status to obtain keener buy-in pricing from insurers. However, we are now also starting to see trustees considering gathering such information to help refine their ongoing funding projections as part of their triennial valuation.
Although getting a better understanding of your risks and liabilities may sound like a no brainer, it’s important trustees pause to think about the potential data protection implications.
So what key data protection questions should trustees ask?
Whose decision is it?
The first question trustees should ask is who is deciding what data to collect and how it will be used. Although a scheme actuary will be acting as a data controller in relation to much of the valuation process, when looking at using marital tracing it is likely to be the trustee who is the data controller.
This means it is ultimately the trustee who needs to decide whether to collect the additional data and who will be on the hook for ensuring that any relevant data protection requirements are being met.
What data is being collected?
Trustees should check exactly what data items would be collected and whether any of them are optional. Don’t forget that some data items will have greater data protection implications than others. Two key things to look out for are –
- Names – will members’ spouses be identifiable from the data collected?
- Sensitive data – for example, will the data relate to an individual’s sexual orientation?
How will the data be collected?
There are different ways that marital status data can be collected.
In the past when gathering such data for the purposes of a buy-in, trustees tended to write out to members directly to ask for the data. However, there are now tracing agencies which can collect this data without contacting members.
Both options have advantages and disadvantages. Contacting members directly can be administratively more complex and time consuming. However, some trustees may feel more comfortable with gathering data in this way as it is more transparent and the data should be more accurate.
What is the purpose for collecting the data?
Trustees need to have a clear purpose for collecting the data. When establishing their purpose, trustees should take account of both the advantages of having the data and it’s likely limitations. For example:
- how accurate/reliable is the data likely to be given the source of the information?
- how useful will the data be given marital status isn’t static (a member’s marital status could easily change by the time the member dies and any death benefits actually become payable)?
- how useful will the data be given our specific benefit design (e.g. the type of survivor benefits which are payable)?
What is our legal basis for collecting the data?
Trustees can only process data if they have a legal basis for doing so.
If trustees approach members for the data directly they are likely to be getting the members’ (and possibly their spouses’) consent.
However, if trustees use a tracing agency, they will need to use another legal basis. If trustees want to collect sensitive data (such as data relating to a person’s sexual orientation) this will need extra thought as there will be fewer potential legal bases available.
How are we complying with the principle of data minimisation?
The principle of data minimisation requires that a data controller should only collect and use the personal data they need for a specific purpose. Trustees should therefore be asking themselves (and their advisers) whether, or to what extent, they could achieve the same purpose with less data so they can ensure they are only collecting and using the data they really need.
How will the data be kept secure?
Trustees will need to check that there are appropriate arrangements in place to make sure the data is kept secure and confidential. This may mean getting some assurances from the tracing agency and/or the trustee’s actuarial advisers. For example, how will data be shared between them? What data will then be shared with the trustee and in what form?
If data is collected directly from members, how will the responses be collated and stored?
Do we need a new/updated contract?
If using a tracing agency, trustees need to confirm whether they will be engaging the agency direct or whether they will they be engaged as a sub-processor by one of the scheme’s advisers?
If it’s the former, the trustee will need to enter into a contract with the agency which meets the minimum data protection requirements. If it’s the latter, the trustee should check that the adviser’s contract covers this arrangement (e.g. making it clear that the adviser will enter into their own contract with the agency and will remain responsible for performance).
Do we need to update our privacy notice etc?
If marital status tracing is a new processing activity, trustees should check it is appropriately covered under their privacy notice. Depending on exactly what data you are collecting, and how, you may need to consider to what extent (if any) it would be appropriate to try to make privacy information available to members’ spouses etc.
Trustees may also need to update their record of processing activities and data protection policy to cover the new processing activity and, if relevant, the new provider.