When a saver uses a pensions dashboard, you will receive certain personal data from the digital architecture. You will need to use the data to search your records and determine if you have a pension for them. This process is called ‘matching’.
Information included in the ‘find request’
The potential member will be verified by GOV.UK One Login before they can issue a ‘find request’. This means you can be confident the saver is who they say they are.
Once a potential member has been successfully verified, their details are added to other information they have provided, to be used for ‘find requests’. This may include National Insurance number, previous names, addresses, email address(es) and mobile phone number(s).
Schemes will receive a ‘find request’ with all provided information, to match the saver to their pensions. If a saver successfully proves their identity, the find request will always include the following core identity information:
- first name
- last name
- date of birth
- email address
One Login will also check any provided UK address that it exists and has an association with the saver, through credit records.
More detail on the data that schemes will receive is provided in MaPS’ identity service page.
Preparing your data for matching
You need to ensure the quality of data is good enough to enable you to match savers with their pensions. You should interrogate your data to consider the extent to which it is:
- complete and accurate
- digitally searchable for dashboards purposes
If your data is not reliable, you risk returning data for the wrong person or not finding a pension record when you should. This may lead to enforcement action being taken against you by us, or the Information Commissioner’s Office (ICO).
You should audit your data and discuss with your administrator or other advisers which items are most suitable for you to use. You should put a plan in place to improve data and digitise this data if needed.
You should understand your obligations under data protection law and have processes in place for protecting scheme data. This includes being able to manage your data to comply with data protection legislation and to address any breaches. You can find out more about your duties in our code of practice.
Matching, combining or comparing data from multiple sources requires a Data Protection Impact Assessment (DPIA) under UK General Data Protection Regulation (GDPR), so you may need to produce one. If you already have a DPIA, you may need to update this. You can find out more about DPIAs on the ICO website.
Setting the criteria for matching
You should decide what data to use to match members to their pensions (your ‘matching criteria’), based on your scheme’s data quality and availability. It is vital that your scheme’s matching criteria is in line with the level of confidence that you have in the quality of your data.
You will be required to keep a record of your matching policy for at least six years from the end of the scheme year in which the decision is taken. You should record the matching criteria you are using for the scheme generally. You are not expected to record the criteria used for each individual search.
Your matching criteria may evolve over time. It’s anticipated that many schemes will use last name, date of birth and National Insurance numbers for matching. However, if you are not satisfied with the quality of these data items, you will need to decide how great this risk is and whether you want to use any of these items in the ‘matching criteria’. You could widen your matching criteria to include further data items such as first name, alternative names, personal email address or postcode. This should increase your confidence that you are matching to the right person, without increasing the risk that you fail to find someone when you should.
When your data quality has improved, you can update your 'matching criteria' accordingly. You should keep a change record including why this is the best option for your scheme, any changes made, and the reasons behind this.
See further record-keeping requirements on matching in ongoing connection and record-keeping requirements.
To help schemes, the Pensions Administration Standards Association (PASA) has published guidance around data and matching. You may wish to refer to this guidance when deciding on your approach to matching.
Match is found
If you are confident that you have found a member’s pension record using the information they provided, you have ‘made a match’.
You must create and register a unique identifier, also known as Pension Identifier (PeI), with the digital architecture, to meet MaPS’ technical standards. The PeI does not contain any pensions information but acknowledges that there is a match. The member can then ask to view their information and you should return the relevant data directly to the dashboard. For more information, see information to provide to members.
If someone leaves your scheme or retires, you need to remove their match from the digital architecture by ‘de-registering’ their PeI as soon as possible.
Possible match is found
In some cases, you might not be certain enough that you have ‘made a match’ to release a member’s pension data.
For example, the National Insurance number and date of birth match, but the last name doesn’t. This could happen if a member has married but failed to notify the scheme of their new last name.
In these circumstances, you should return a ‘possible match’ to the member. You must create and register a PeI. In this case the system will only send a message to inform the member that they may have a pension, but that they need to provide more information via the given contact details to confirm this. You can do this by using an appropriate code, that the data standards provide more information on. If they do not make contact within 30 days, you must delete their personal information and deregister the PeI.
If a match is subsequently confirmed, you would need to notify MaPS that the match is now confirmed and provide the relevant data to the dashboard when you are asked to.
Match cannot be found
If you determine that you do not hold a pension for the saver, including following the ‘possible match’ process, you must delete the personal information provided as there are no legal reasons to keep it and you will otherwise breach the GDPR requirements.
Schemes with multiple sections or administrators
If your scheme has multiple sections and there are different administrators for some of your sections, you need to work with all your administrators to agree the most suitable approach for your scheme in the following situations.
- Where there are discrepancies in the data quality for each of the sections, you may want to have more than one set of ‘matching criteria’.
- Where a member has multiple benefits across your scheme and has been successfully matched for one section, but a ‘possible match’ for another, you will need to consider the level of information to provide to the member.
- Where you have multiple sections with different administrators, you must consider which contact information is provided to the member. This may depend on the approach of your connection routes.
If your scheme has a very complex benefit structure, you may also consider performing a data mapping exercise to understand where data is held, who is involved in providing it, as well as any gaps. Where necessary, you should consider updating contractual agreements with your providers. You may wish to consider the toolkit that PASA has published, if your scheme has sections including AVCs.