Pensions Authority (Register of Users)

Last updated March 2019

Does the Pensions Authority use the PPSN at present?

Yes.

For what purpose(s)?

The Pensions Authority uses the PPSN in the following situations:

• internally as an employer for pay and tax requirements. The PPS Number is supplied to the Authority with applications from Life Companies and individuals as part of the joint approval registration process with the Revenue Commissioners for non-group single member schemes. The PPSN Number is required for the tax exemption approval on the Revenue side of this process
• during the course of authorised Investigations under section 18, 58A and 121 of the Pensions Act, 1990 as amended (the ‘Act’), on the state and conduct of a scheme, the Authority obtains pay slip information which contains the PPS Number of scheme members
• section 99 of the Act requires that the Authority receives annual returns from PRSA providers. Schedule B of Article 4 of the Personal Retirement Savings Accounts (Operational Requirements) Regulations, 2002 sets out the detailed information to be included in these returns in respect of contributors to PRSAs. This detailed information includes the PPS Number

Does your Office exchange the PPS Number with any external body? If so please name the relevant bodies and state the purpose(s) of the exchange

The Authority shares information with the Revenue Commissioners and the Department of Social Protection (DSP) in relation to Taxes and Benefits of Employees. While provision exists under our Act to exchange information with any supervisory Authority established in the state, in respect of PPS numbers, we the Authority would firmly establish why the provision of PPS numbers is necessary for that Authority to perform its supervisory function provided it is a specified body on the register of PPSN users.

What future plans has your Office for the use of the PPS Number?

At present, the Authority has no future plans for the usage of PPS numbers

There is a duty to ensure compliance with the principles of processing personal data which are set out in Article 5(1) and 5(2) of the GDPR. These principles are summarised as follows:

• Process it lawfully, fairly, and in a transparent manner;
• Collect it only for one or more specified, explicit and legitimate purposes, and do not otherwise use it in a way that is incompatible with those purposes;
• Ensure it is adequate, relevant and limited to what is necessary for the purpose it is processed;
• Keep it accurate and up-to-date and erase or rectify any inaccurate data without delay;
• Where it is kept in a way that allows you to identify who the data is about, retain it for no longer than is necessary;
• Keep it secure by using appropriate technical and/or organisational security measures;
• Be able to demonstrate your compliance with the above principles; and
• Respond to requests by individuals seeking to exercise their data protection rights (for example the right of access

Have you measures in place to ensure that the Public Service Identity data you hold/collect whether in electronic or written format is in line with the GDPR Principles described above?

Yes, the Authority has measures in place to ensure data we hold/collect whether in electronic or written format is in line with the GDPR Principles described above. The Authority has a Data Protection Officer (DPO) and each Unit of operation has a Records Manager who liaises with the DPO. The Authority’s Privacy Statement is published on our website which includes information on the legal rights of data subjects and we also have data protection/retention policies in place.

All PPS numbers are only used for the purpose in which they are provided and are stored on password protected systems in soft copy and in locked filling cabinets if in hard copy.

The Authority also receives incoming enquiries and while PPS number information is often provided by members of the public when they make enquiries through the website, the Authority does not ask or use these PPS numbers for any purpose. Generally, these queries are misdirected and are intended for the DSP. Therefore, it is standard practice for the individual to be redirected to the DSP. The Authority’s policy in relation to data that is submitted to the Authority but is not required, which sometimes includes PPS numbers, is to delete the data.