Regulation  

Tenet introduces 80-year rule over data protection

Tenet introduces 80-year rule over data protection

Adviser network Tenet has introduced a policy of keeping files for 80 years as it warns the lack of a long-stop exacerbates the issues advisers face when new data protection rules come into effect.

Advisers have until May 2018 to comply with the General Data Protection Regulation (GDPR), which could see them need to drastically overhaul how they manage client information.

Caroline Bradley, group risk and regulatory director at Tenet, said because of the incoming rules the network has introduced a policy of holding onto its members files for 80 years in order to address the fact that advisers have unlimited liability for their work.

Article continues after advert

She said: "We have decided we have got to hold it for a period of 80 years because if the client was 20 when they took advice, they will probably be dead by then.

"If a long-stop ever comes in then our retention policy will change but we have got to be able to defend the advice.

"The FCA has said the lack of a long-stop is not a problem because there are not a lot of complaints that come in but it is a problem because we have got to keep everything forever."

Ms Bradley said the lack of a long-stop means Tenet often has to send a van to an adviser's house when they retire to collect their files.

She said the cost of keeping files from all advisers, including those currently with the network and those who have left, is "quite substantial".

Tenet has been part of a long-standing campaign to convince the Financial Conduct Authority to introduce a long-stop, something the regulator has ruled out on several occasions.

General Data Protection Regulation introduces a number of regulations which will affect financial advisers, including the right to erasure, meaning an individual can request the deletion of personal data relating to them, and the right to access, meaning they can demand information on how their data is being used and a free copy of their personal data.

It also introduces the right to data portability, which means a person must be able to transfer their personal data from one system to another without being prevented by the handler of their data.

Meanwhile explicit consent must be obtained for the collection of data and all the purposes it is used for, while all data breaches must be reported within 72 hours.

In September Financial Adviser reported concerns among networks that the rules would leave advisers unable to defend themselves against Financial Ombudsman Service complaints.

This was because financial advisers could find themselves forced to delete information at the request of clients, only to face complaints being made to the Financial Ombudsman Service, which they are unable to defend.

damian.fantato@ft.com