Cynics thought the UK’s IT infrastructure would simply collapse under the weight of home-working, homeschooling and online home-entertainment, but so far the system seems to have been remarkably resilient. What the COVID-19 crisis has, however, brought to the fore are questions of data protection and cyber security, with trustee meetings and administration now being carried out from home.
Prior to COVID-19, video-conferences were only rarely used at trustee meetings. We have all now become experts, exchanging tips on the merits of systems we had not even heard of a week before. However, new technology brings new concerns, and experts have questioned whether all the products in use have appropriate privacy settings, or, if so, whether these are being applied appropriately.
Before using a system for the first time, it’s worth asking your IT department how to ensure the privacy of attendees and the confidentiality of the matters being discussed.
Another potential risk is people working on their home computers or using home email addresses. Thanks to GDPR, most trustees, administrators and advisers had already put measures in place to protect member data through the use of secure remote access facilities.
Trustees who are not still employed (for example pensioner-nominated trustees) may have been given secure email addresses rather than having to use their private accounts. Confidential material (especially that including sensitive personal data) is also routinely protected by being uploaded onto secure servers or using password protection. If any of these protections isn’t already in place then it should be considered urgently. Even if they are, trustees should ask whether processes are sufficiently robust.
One area that is still being considered is the receipt of original documents such as death certificates. Whilst many administrators are operating a skeleton staff to deal with post, there will be many cases where individuals cannot get to a post office to send the original, for example if they are self-isolating. Trustees will need to consider how to deal with such documents, balancing the safety of administrators and members with the need to reduce the risk of fraud. Another area where practice is still emerging is electronic signatures, which are not yet universally accepted.
When we emerge from COVID-19, it’s likely the world will feel a very different place. We can hope that the lessons learned during these strange few months will have focused our attention on ensuring that remote working is, nevertheless, secure working.
Notes/Sources
This article was featured in Pensions Aspects magazine May 2020 edition.
Last update: 19 January 2021