The Information Commissioner
The Information Commissioner’s Office is responsible for regulating information rights – this includes rights under data protection and freedom of information legislation.
Both trustees and sponsors of occupational pension schemes are considered to be data controllers because they handle personal data. This means they are also subject to an obligation to keep that data secure, including identifying and mitigating cybersecurity risks. Both trustees and sponsors should already be compliant with the data protection regime introduced in 2018.
Read more about taking action to reduce your cyber risk in our checklist Cyber risk: practical actions to improve data security. Learn more about how to respond well when a cyber breach occurs in this Pensions Academy webinar.
Read related posts from our PensionsTalk blog.