PDCOB 11.4 Restrictions on providing data export to the customer
Specific disclosures prior to the provision of data export to the customer
1In good time before the customer elects to receive data export, a firm must provide the customer with appropriate information to help the customer make an informed choice as to whether or not to agree to data export. This information must include:
- (1)
the name of the person who is the data controller;
- (2)
the nature of the processing which will take place to export the data; and
- (3)
the purpose for which the data will be processed.
1Before the customer agrees to data export, a firm must clearly and prominently display a warning to the customer about the risks of data export to the customer, including that:
- (1)
their data is valuable;
- (2)
it is important that they keep their data safe; and
- (3)
if the data export is being facilitated by download, the customer should avoid downloading the data on a shared device.
Restrictions on the content, format and manner of data export to the customer
1A firm must ensure that pensions dashboard view data exported to a customer is in a format which is accessible to a member of the general population.
1A firm should consider whether the format of data export engages any accessibility obligations, such as under the Equality Act 2010.
1The information exported by data export to the customer must include:
- (1)
subject to PDCOB 11.3.4R, the customer’s pensions dashboard view data; and
- (2)
any display explanations and contextual information which is required by PDCOB 5 and other legislation, such as the Dashboard Regulations.
Specific disclosures when providing information by data export to the customer
1The information provided by data export to the customer must be prominently accompanied by:
- (1)
the warning at PDCOB 5.5.1R(1);
- (2)
a signpost to the ScamSmart campaign - such as a link to ScamSmart - Avoid investment and pension scams | FCA;
- (3)
a message that the customer’s pensions dashboard view data is sensitive and valuable, and the customer should seek to keep their data safe;
- (4)
a message that, if the customer is asked to share their data with a third party, the customer should think carefully about whether a third party needs to see the data, check whether the third party is who they say they are and, if they claim to be authorised or exempt, should use the Financial Services Register to check; and
- (5)
signposts to impartial guidance available from MoneyHelper.