PASA calls for 'proactive and dynamic' approach to data security

With cyber threats evolving rapidly, the Pensions Administration Standards Association (PASA) has urged trustees, administrators, and providers to adopt a "proactive and dynamic" approach to data, sharing new guidance on improving data security and governance.

The association argued that ensuring robust data security is not just a regulatory necessity, but is “fundamental” to maintaining trust and confidence in pension schemes.

“Protecting sensitive member data isn’t just about mitigating risks; it's about safeguarding the integrity of the scheme and the peace of mind for all involved,” it said.

As schemes become increasingly reliant on data in decision-making and member service delivery, the guidance aims to strengthen data security, future-proof administration, and support robust scheme governance in response to the growing threat of cyberattacks and identity fraud.

Specifically, it offers practical and accessible advice on improving data security and governance, addressing topics such as third-party oversight, responsible AI usage, cyber resilience, and secure communications to enhance data management.

The guidance also outlined practical measures, such as implementing role-based access controls and multi-factor authentication, assessing and overseeing third-party vendors, conducting regular security evaluations, and incorporating these actions into the Effective System of Governance (ESOG) and Own Risk Assessments (ORA) frameworks.

It also recommended that providers and trustees create incident response plans and data communication strategies, as well as prepare for potential risks associated with emerging technologies such as AI.

PASA Data Working Group chair, Kristy Cotton, argued that trustees and providers are custodians not only of member benefits, but of highly sensitive personal data.

“Data breaches and cyber-attacks are no longer abstract threats; they’re real, frequent and growing,” Cotton said.

“This guidance equips schemes with the tools to assess, protect and respond to data security risks, while embedding a culture of awareness across all stakeholders.”

Adding to this, PASA chair, David Fairs, said the guidance aims to enhance schemes' confidence in their controls, ensuring they are taking appropriate and proactive measures.



Share Story:

Recent Stories


A changing DC market
In our latest Pensions Age video interview, Aon DC senior partner and head of DC consulting, Ben Roe, speaks to Laura Blows about the latest changes and challenges within the DC sector

Being retirement ready
Gavin Lewis, Head of UK and Ireland Institutional at BlackRock, talks to Francesca Fabrizi about the BlackRock 2024 UK Read on Retirement report, 'Ready or not. How are we feeling about retirement?’

Podcast: Who matters most in pensions?
In the latest Pensions Age podcast, Francesca Fabrizi speaks to Capita Pension Solutions global practice leader & chief revenue officer, Stuart Heatley, about who matters most in pensions and how to best meet their needs
Podcast: A look at asset-backed securities
Royal London Asset Management head of ABS, Jeremy Deacon, chats about asset-backed securities (ABS) in our latest Pensions Age podcast

Advertisement Advertisement