Pension providers will have legal requirements in respect of connecting to the dashboards ecosystem and providing pensions information via dashboards, to be set out in regulations and rules.
We have outlined what data providers ie pension providers, schemes, trusts and administration software providers, will need to do in the table below.
| Requirement | Actions | Further info |
|---|---|---|
| connect to the ecosystem | register interfaces (find and view) with the governance register register software with the consent and authorisation service comply with PDP service standards, specifications and technical requirements (including security and safety technology, notification and reporting requirements) | detail on the requirements for dashboard provider interfaces is available within the Architecture brief for suppliers. Further detail on the scope of the code of connection and draft technical standards is available on the PDP website standards page. We expect these standards to iterate to include learnings from our initial (alpha) test phase |
| comply with the find and view interface standards | ensure find interface and view interface comply with the PDP standards | detail on the requirements for dashboard provider interfaces is available within the Architecture brief for suppliers. View further detail on the draft technical standards. We expect these standards to iterate to include learnings from our initial (alpha) test phase |
| implement the UMA profile | implement the user managed access (UMA) specification, related to the role of data providers | view further detail on the draft technical standards. We expect these standards to iterate to include learnings from our initial (alpha) test phase |
| receive and respond to find requests | receive find data from the pension finder service register automatic receipt (within a set time limit) run internal search any data received as part of the find request should be deleted once a match has been either made or not found if positive match, register PeI token and store view data for subsequent access by user at dashboard (within set time limit) if partial matches, register PeI token inviting the user to contact the provider directly via email / phone / webform etc | Data standards introduction Data standards guide |
| receive and respond to view requests | provide view data so that it can be returned to dashboards if the view data doesn’t already exist, generate this data, including any calculations check view requests permissions against the consent and authorisation service if authorised, retrieve view data from internal systems and transmit to dashboard | Data standards introduction Data standards guide |
| governance | data erasure – delete users’ data related to the ecosystem on request or after a significant period of non-use meet regulatory and monitoring requirements | view further detail on the scope of the code of connection and draft technical standards. We expect these standards to iterate to include learnings from our initial (alpha) test phase |
Pension schemes and providers may delegate their find and view functions to a third party administrator or software provider.
As we understand pension schemes and providers will be acting under a legal obligation they will not have to:
- verify the identity of dashboards users (or their authorised delegates) requesting their pensions information, as the central digital architecture’s identity service will ensure that only individuals whose identity has been proven will be able to use the ecosystem
- provide user interfaces
- obtain user consents for processing identity data to search internal records or to return pensions information to dashboards
