Sophisticated algorithms will confirm if the individual making the search has permission to view the data. It is then sent in an encrypted packet to the individual’s web browser, and it disappears as soon as they leave that site. The crucial point here is the data is temporary, and not stored.
With dashboards, we can provision data using modern techniques using the magic of application programming interfaces and the cloud so we do not store a lot of the same data all over the place, and that helps bake in security from the start.
It also means that you are not creating a huge honeypot ripe for illicit or nefarious actors to take advantage of.
Access and consent
Consent is a crucial piece of the puzzle when it comes to the dashboards, as it is with any form of financial advice.
From a security perspective, the CDA acts as both the gatekeeper and controller. Consent and therefore access can be removed at any time and, as soon as that happens, everything will instantly stop working.
For example, if a commercial dashboards provider was doing something it should not be — such as beginning transfers of pensions — permission can be revoked and activity halted immediately.
One of the key things for advisers is the fact that, in this consent model, the pension holder can allow a suitably qualified financial adviser to view that information as well.
That really opens up those data avenues to advisers and, should a client choose a different adviser in the future, they can remove consent from their previous provider.
There will also be a mechanism in place so that permissions “time out” and have to be renewed after a certain period, adding an additional layer of protection for users.
Problem of data matching
The UK’s pensions industry used to be the envy of the world. However, as the decades have rolled by, years of underinvestment in digitising old, legacy systems have left us with around 50 to 60 (or more) years’ worth of pensions data of varying quality, and that has left us with a huge problem.
It is easy enough to verify an individual’s identity — we do it every time we open a bank account or apply for a passport online. I may be able to prove I am Jonathan Hawkins, but do I match the Jonathan Hawkins that is on your pensions database? That is where it gets more difficult.
There may have been paper application forms, mistyping, misleading data, employers sending submissions that contain temporary national insurance numbers, or a date of birth entered backwards because you worked for an American company. These sorts of things are where you start to see problems in data matching.