NEWS   |    June 6, 2023

Anna Rogers comments on trustees navigating cyber security crisis management

Data security is once again centre stage in the pensions industry. Amid a modern backdrop of heightened digital risk, demonstrated by Capita’s recent cyber attack, a data breach incident can have serious consequences for schemes if not properly addressed and rectified. If a data breach does unfortunately occur, trustees must know how to navigate this

Partner Anna Rogers commented on how to approach a data breach situation, stating: “Pension trustees must rely on third parties to process their data, and no-one is safe from cyber risk. If there is a data breach, affected members may well make claims. Members can claim for non-material losses (e.g. distress), often pursued by specialist claims management firms. GDPR lawyer Alex Dittel of Wedlake Bell says “£3,000 per person would be a typical claim and even if unsuccessful, defending them costs money”. Trustees could fail to recover their losses from the third party because of:

  • inadequate contractual terms
  • inadequate due diligence by the trustee, or
  • actions taken (or inaction) by the trustee following the breach.

“Regulators (ICO and TPR) will be understanding of trustees who have done as much as they could, but their requirements to some extent push in different directions. Notifying members when not required by law may increase risk.

“Now is a good time to refresh training, supplier reviews and readiness to respond.”

Read Anna’s comments in Investment & Pensions Europe, here.

The views in this article are intended for general information purposes only and should not be used as a substitute for professional advice. Arc Pensions Law and the author(s) are not responsible for any direct or indirect result arising from any reliance placed on content, including any loss, and exclude liability to the full extent. Always seek appropriate legal advice from a suitably qualified lawyer before taking, or avoiding taking, any action. If you have any questions on the points raised in the above, please do not hesitate to get in touch.

Related News