When a scheme member uses a pensions dashboard, you will receive certain personal data from the digital architecture. You will need to use the data to search your records and determine if you have a pension for them. This process is called ‘matching’.
The identity of the dashboard user will be independently verified by an identity service before it reaches you. This means you can be confident that the member is who they say they are. The current assumption is that the identity service will check:
- first name (given name) and last name
- date of birth
- current address
The member will also be encouraged to provide other data to help you find their records:
- National Insurance number
- alternative first name
- previous last name
- previous address
- email address
- mobile phone number
More detail on the data that schemes will receive is provided in section 27 of the data standards and in the data usage guide.
Setting the criteria for matching
You should decide what data to use to match members to their pensions (your ‘matching criteria’), based on your scheme’s data quality and availability. It is vital that your scheme’s matching criteria are in line with the level of confidence that you have in the quality of your data.
You will be required to keep a record of your matching policy for at least six years from the end of the scheme year in which the decision is taken. You should record the matching criteria you are using for the scheme generally. You are not expected to record the criteria used for each individual search.
Your matching criteria may evolve over time. It’s anticipated that many schemes will use last name, date of birth and National Insurance numbers for matching. But if you are not satisfied with the quality of this data, you could widen your matching criteria to include further personal data items such as first name or postcode. This should increase your confidence that you are matching to the right person, without increasing the risk that you fail to find someone when you should.
When your data quality has improved, you can update your matching criteria accordingly. You should keep a change record including why this is the best option for your scheme, any changes made and the reasons behind this.
See further record-keeping requirements on matching in ongoing connection and record-keeping requirements.
Common issues to consider when selecting matching criteria
- If you are concerned about the use of a data element, eg date of birth or National Insurance number, you will need to decide how great this risk is and whether you want to use this data in the matching criteria.
- If your scheme has multiple sections and there are discrepancies in the data quality for each of them, you may want to have more than one set of matching criteria.
Preparing your data for matching
You need to ensure that the quality of data is good enough to enable you to match users with their pensions. You should interrogate your data to consider to what extent your data is:
- complete, up to date and accurate
- digitally searchable for dashboards purposes
If your data is not reliable, you risk returning data for the wrong person or not finding a pension record when you should. This may lead to enforcement action being taken against you by the Information Commissioner’s Office (ICO) or by us.
You should audit your data and discuss with your administrator or other advisers which items are most suitable for you to use. You should put a plan in place to improve data and digitise this data if needed.
To help schemes, the Pensions Administration Standards Association (PASA) has published data guidance, dashboard accuracy data guidance and data matching convention guidance. You may wish to refer to this guidance when deciding on your approach to matching.
Matching, combining or comparing data from multiple sources requires a Data Protection Impact Assessment (DPIA) under the UK General Data Protection Regulation (GDPR), so you may need to produce one. If you already have a DPIA, you may need to update this. You can find out more about DPIAs on the ICO website.
Match is found
If you are confident that you have found a member’s pension record using the information they provided, you have ‘made a match’.
You must create and register a unique identifier, also known as Pension Identifier (PeI), with the digital architecture, in order to meet MaPS’ technical standards. The PeI does not contain any pensions information but acknowledges that there is a match. The member can then ask to view their information and you should return the relevant data directly to the dashboard. For more information, see information to provide to members.
If someone leaves your scheme or retires, you need to remove their match from the digital architecture by ‘de-registering’ their PeI as soon as possible.
Possible match is found
In some cases, you might not be certain enough that you have ‘made a match’ to release a member’s pension data.
For example, the National Insurance number and date of birth match, but the last name doesn’t. This could happen if a member has married but failed to notify the scheme of their new last name.
In these circumstances, you should return a ‘possible match’ to the member. You must create and register a PeI. However, in this case you don’t send the member any personal data, only a message to inform the member that they may have a pension, but that they need to provide more information via the given contact details to confirm this. If they do not make contact within 30 days, you must delete their personal information and deregister the PeI.
If a match is subsequently confirmed, you would need to notify MaPS that the match is now confirmed, and provide the relevant data to the dashboard when you are asked to.
Match cannot be found
If you determine that you do not hold a pension for the member, including following the ‘possible match’ process, you must delete the personal information provided as there are no legal reasons to keep it and you will breach the GDPR requirements.