More schemes should be auditing their data controls to avoid data protection fines, a pensions actuaries and administration specialist has said.

Spence & Partners suggested that schemes should take a number of steps to ensure better information security, such as implementing and maintaining a strict data implementation and carrying out spot checks on staff to ensure compliance with policies are in place.

Mark Johnson, Spence & Partners head of data audit and analysis, said: "It is vital that schemes don't just pay lip service to data protection.

"With the Information Commissioner's office able to impose fines of up to £500,000 for serious breaches, data protection should be given a higher profile. There are still a significant number of schemes who have not audited their systems' security and data protection framework."

Johnson added that trustees must ensure that measures and protocols are in place to protect members and safeguard scheme data and said that it was important to obtain both ISO27001 and AAF accreditations.

Other suggestions included that data should be discarded in confidential waste bins and that a specialist firm should dispose of the waste; more probing questions should be asked and staff should be trained to make sure that they understand the importance of data security and are aware of the procedures that need to be followed.

First published 29.08.2013

monique_simpson@wilmington.co.uk