AADR	Annual Actuarial Data Return
ASI	Annual Scheme Information
CSO	Central Statistics Office
JLG	Joint Liaison Group
MoU	Memorandum of Understanding
PRSA	Pensions Retirement Savings Account
RAC	Retirement Annuity Contract
SFTP	Secure File Transfer Protocol
TOR	Terms of Reference

Definitions of Terms

“Act”	The Statistics Act, 1993
“1990 Act”	The Pensions Act, 1990 (as amended)
“2018 Act”	The Data Protection Act, 2018
“Breach”	Has the meaning assigned by Article 4(12) of the General Data Protection Regulation (GDPR).
“Controller”	Has the meaning assigned by Article 4(7) of the GDPR.
“Data”	Pensions Data, held by the CSO, as received from the PA
“Minister”	The Minister for Social Protection
“Personal Data”	Has the meaning assigned by Article 4(1) of the GDPR.
“Processing”	Has the meaning assigned by Article 4(2) of the GDPR.

Establishment of the Parties

The CSO was established in 1949 and became a statutory body in 1994, under the Statistics Act, 1993 (the ‘Act’).

The PA is a statutory body set up under the Pensions Act, 1990 (as amended) (the ‘1990 Act’).

The Role of the Parties

The functions of the CSO are set out in the Statistics Act, 1993. In particular, Section 10 states that the functions of the Office are the collection, compilation, extraction and dissemination for statistical purposes of information relating to economic, social and general activities and conditions in the State. The CSO has the authority to co-ordinate official statistics compiled by public authorities to ensure, in particular, adherence to statistical standards and the use of appropriate classifications and has the authority to assess the statistical potential of the records maintained by public authorities and to ensure that the potential is realised. Furthermore, the Office has legal obligations regarding the development, production, and dissemination of European statistics under Regulation 223/2009.

As per the Pensions Act, 1990 (as amended), the PA is responsible for:

monitoring and supervising the operation of the 1990 Act and pension developments generally, including the activities of Personal Retirement Savings Account (“PRSA”) providers, the provision of PRSA products and the operation of PRSAs;
issuing guidelines or guidance notes on the duties and responsibilities of trustees of schemes and trust Retirement Annuity Contracts (RACs) and codes of practice on specific aspects of their responsibilities;
issuing guidelines or guidance notes on the duties and responsibilities of PRSA providers in relation to PRSA products and with regards to such products;
issuing guidelines or guidance notes generally on the operation of the 1990 Act and specified associated legislation;
encouraging the provision of appropriate training facilities for trustees of schemes and trust RACs;
advising the Minister for Social Protection (the ‘Minister’) on all matters arising in relation to the 1990 Act and, in particular, on standards for trustees of schemes and trust RACs and on their implementation, and;
such other tasks as specified under Section 10 of the 1990 Act or as the Minister may request from time to time.
Section 10(1) of the Act, concerning the functions of the CSO in the collection, compilation, extraction, and dissemination for statistical purposes of information relating to economic, social, and general activities and conditions in the State;

Context and Background

The CSO is required under Regulation 549/2013, on the European system of national and regional accounts in the European Union, to compile a supplementary table on accrued-to-date pension entitlements in social insurance. Transmission of this table to Eurostat for reference year 2015 was required by 31 December 2017. Updates are required at three-year intervals thereafter. Estimates of household contributions to private occupational pensions are also required under the European System of Accounts transmission programme. These estimates of Irish private occupational pension liabilities and pension contributions have been compiled using data collected by the PA in its pension regulation role.

Purpose of the Memorandum of Understanding

The purpose of this MoU is to clarify the roles and responsibilities of, as well as the areas of cooperation between, the CSO and PA with regard to pensions data (the ‘Data’).

This agreement is a MoU and is not intended to create binding or legal obligations on either Party. The MoU is entered into on the understanding that it is subordinate to the relevant legislation, set out below under ‘Legal Background’, governing each Party.

This MoU also sets out a shared understanding of the parties in relation to data protection issues that may arise and roles relating to the compilation, transfer, and use of this data. The processing of personal data of data subjects is governed by the Act, the 2018 Act and the GDPR.

The purpose of the MoU is also to develop opportunities for sharing knowledge, data, and experiences. It will serve to build on the strong working relationship that already exists between the CSO and the PA.

Responsibilities of Each Party

The controller for personal data is the PA. When the Data is transferred to the CSO, the CSO becomes the controller for the data file it holds. The PA remains the controller for the data file it holds. It follows then that it is the responsibility of the CSO to report any Breach relating to the data it holds.

In the event of a Breach relating to data, the CSO will inform the Data Protection Officer of the PA and also inform the PA of the Breach through the Joint Liaison Group (JLG). This notification will be made within 24 hours. In addition, the CSO will refer to their own data breach procedures and may report the Breach to the Data Protection Commission as appropriate. The PA will not be held responsible for any loss, damage or injury caused as a result of such a Breach.

In the event of a Breach relating to the Data the CSO will inform the PA through the JLG, in advance, of any decision to issue a public statement in relation to the breach. Similarly, the PA will inform the CSO through the JLG, in advance, of any decision to issue a public statement in relation to the Breach.

The PA will not provide additional data or operational support in respect of the notification of data subjects in the event of a breach relating to CSO data.

Legal Background

Transfer and processing of the Data shall be done in accordance with the Act, 2018 Act, GDPR, EU law and in accordance with the CSO’s Code of Practice, in particular its protocol on data matching where one or more datasets originate from outside of the CSO.

The transfer and processing of the Data is covered by, inter alia, the following provisions:

Section 10(2) of the Act, concerning the authority of the CSO as regards co-ordination of official statistics compiled by public authorities and in ensuring, in particular, adherence to statistical standards and the use of appropriate classifications;
Section 10(3) of the Act, concerning the authority of the CSO to assess the statistical potential of the records maintained by public authorities and, in conjunction with them, to ensure that this potential is realised;
Section 13 of the Act, concerning the statistical independence of the Director General of the CSO;
Sections 30 and 31 of the Act, concerning the use of the records of public authorities for statistical purposes;
Sections 32 and 33 of the Act, concerning the protection of information;
Article 6(1)(c) of the GDPR, concerning processing necessary for compliance with a legal obligation by the controller;
Article 6(1)(e) of the GDPR, concerning processing necessary for the exercise of official authority vested in the controller;
Article 89 of the GDPR, concerning safeguards and derogations relating to processing for statistical purposes, and;
Section 42(1)(c) of the 2018 Act, concerning processing for statistical purposes.
Within 2 weeks of the end of Q1 (April), and;

Data Transfer, Security, and Storage

Pensions Authority data such as Annual Actuarial Data Return (AADR), Annual Scheme Information (ASI) and Personal Retirement Savings Account (PRSA) data files will be retained, securely stored, and processed by the CSO in accordance with CSO policies.

The latest versions of the encrypted AADR and ASI files for all years will be transmitted twice a year via Secure File Transfer Protocol (SFTP) in CSV format:

Within 2 weeks of the end of Q3 (October).
A Senior Statistician, Head of Income, Consumption & Wealth, CSO;

The latest versions of the encrypted PRSA file will be transmitted quarterly via SFTP in CSV format.

The list of wound-up and deleted schemes previously reported to the CSO and list of SQL updates made to returns (ASIs, AADRs and possibly PRSAs) will be provided annually encrypted via SFTP in CSV format.

The aggregated list of Section 50 estimates by year will be provided on an ad-hoc basis as requested by the CSO and transferred via email.

Any data obtained by the CSO from the PA is strictly confidential as per Section 33 Act and the Office’s Code of Practice on Statistical Confidentiality and will only be used for statistical purposes in line with the Act.

The PA will provide the CSO with the Data in the above agreed format and frequency. In accordance with CSO policies on the control of data the CSO will not copy this data onto removable media (including laptop computers) unless appropriate security provisions are in place (i.e., encryption and password access) and there is an agreed business need to do so, in which case the CSO will inform the PA of such need via the JLG.

Joint Liaison Group

A PA and CSO JLG will be convened, in accordance with the CSO’s standard Data Governance Framework. The JLG will oversee the data sharing as agreed between the parties and summarised in this MoU.

The Terms of Reference (ToR) for the JLG will be agreed between the PA and CSO. The ToR will cover, amongst other things, membership of the JLG, frequency of meetings and scope of the JLG. Changes to the ToR must be jointly agreed by both parties.

JLG members include:

A Senior Statistician, Head of Government Accounts – Compilation Outputs, CSO;
A Statistician, Government Accounts – Compilation and Outputs European System of integrated Social Protection Statistics, CSO;
A Statistician, Administrative Data Centre, CSO;
A Data Manager, Data Management Unit, PA;
A Higher Executive Officer, Data Management, PA.

Duration and Review of the Memorandum of Understanding

This MoU will be published on the CSO website (www.cso.ie) and the PA website (www.pensionsauthority.ie).

This MoU will remain in force until a new one is entered into or either the CSO or the PA revoke it. Depending on events, this MoU may be amended, subject to the mutual agreement of the PA and the CSO.

This MoU will be reviewed biennially by the both the PA and the CSO. Any changes to the MoU shall only be made with the mutual agreement of the PA and the CSO.

Signed	Signed
Padraig Dalton	Brendan Kennedy
Central Statistics Office Padraig Dalton Director General	Pensions Authority Brendan Kennedy Pensions Regulator
Date: 14th February 2024	Date: 14th February 2024

Signed

Padraig Dalton

Brendan Kennedy

Central Statistics Office

Padraig Dalton

Director General

Pensions Authority

Brendan Kennedy

Pensions Regulator

Date: 14th February 2024

MOU between the CSO and The Pensions Authority

Memorandum of Understanding between Central Statistics Office and The Pensions Authority in relation to Pensions Data

Table of Contents

List of Abbreviations