Home | Thought Leadership

Pensions Pod: Cyber and AI Bytes – key takeaways from the mini series

By Samantha Howell

29 Jan 2026 4 min read

To kick off the new year, we released six mini podcast episodes as part of our Cyber and AI Bytes Podcast Series.

We invited some of our cyber and data protection experts from around the firm to speak on topical issues and to showcase how their expertise can help our pensions clients whether you are trustee, sponsor, provider or anyone else connected with UK pensions.

Here, we outline the topics covered in the six episodes and the key takeaways from each of them.

No.	Episode	Summary of topic covered	Key takeaways/action points	Speakers	Link to recording
1	Implications of the Data (Use and Access) Act 2025 for pension schemes	This episode covers: what the Data (Use and Access) Act 2025 is; why it is relevant for pension schemes; and the key changes it introduced that trustees need to be aware of, in particular in relation to data subject complaints.	They key takeaways for trustees are to: review your scheme’s IDRP and wider complaints procedure in light of the changes; and to engage with your scheme administrator about: the changes the DUAA has introduced; and how their processes are being updated to reflect those changes.	Amanda Leiu Samantha Howell	Implications of the Data (Use and Access) Act 2025 for pension schemes
2	Understanding legal privilege for trustees in a cyber context	This episode covers: what legal privilege is and why it is so essential when responding to a cyber threat; when lawyers should be brought in to ensure that communications concerning the incident re protected by legal privilege; and the practical steps trustees should take to establish and preserve privilege.	Legal privilege is a powerful tool in managing cyber incidents. It protects trustees’ ability to investigate, strategies and respond without exposing sensitive discussions. By planning ahead and following practice, organisations can maximise their ability to rely on privilege, reducing legal risk and maintaining confidentiality throughout a crisis. In other words, trustees should consider in advance whether they want to instruct legal advisers as soon as they become aware of a potential cyber incident and, if so, whether their legal advisers have the required mix of cyber security and pensions expertise.	Amy Khodabandehloo Richard Pettit	Understanding legal privilege for trustees in a cyber context
3	Demystifying Data Subject Access Requests	This episode covers: what a data subject access request is; who has to “deal” with them; who can make them; and the specific issues that crop up with trustees dealing with DSARs.	The key takeaway for trustees is to remember that as data controllers you are responsible for reporting to DSARs, but that this will need to be done in practice in conjunction with your advisers who hold the relevant data (usually your scheme administrator), taking into account the tight timeframes to respond (usually 30 days max).	Helen Haworth Samantha Howell	Demystifying Data Subject Access Requests
4	The evolving landscape of AI in Pensions	This episode covers: the evolving landscape of AI in the pensions sector; regulatory developments, adoption rates and the understanding of AI among clients; and the importance of mitigating risks while maximising opportunities for trustees and pension providers.	The key takeaways for trustees are: to consider how members are using AI; to review service providers’ contractual terms for AI provisions; and to consider their own AI use – and how training and policies can help mitigate risk.	Tom Whittaker Chris Brown	The evolving landscape of AI in Pensions
5	A Guide to Ransomware for Pension Trustees	This episode covers: what ransomware is; whether paying a ransom is legal; the role insurance has to play in the context of a ransomware attack; and some considerations for Trustees and Employers in relation to these attacks.	They key takeaway for trustees is to engage with your scheme sponsor about this issue ahead of time where possible. What would their likely position be and who would the trustees be able to contact who could make this kind of decision within a short time frame if the worst were to happen?	Amy Khodabandehloo Samantha Howell	A Guide to Ransomware for Pension Trustees
6	Understanding the cyber risks of Pensions Dashboards	This episode covers: what the pensions dashboard programme is; how it works from a user perspective; the biggest cyber or data protection threats that pension dashboards pose; and what a Data Protection Impact Assessment is and why it is useful.	They key takeaways from the podcast episode are to put in place a DPIA for dashboards if your scheme does not already have one, to update your scheme’s privacy notice and to consider other relevant actions. Other relevant actions are discussed on the podcast and can also be found in this article: Pensions dashboards compliance: the cyber risk perspective - Burges Salmon Access to the Pensions Dashboards Toolkit and Connection Checklist mentioned on this episode can be requested here: Pensions Dashboards – Burges Salmon	Andy Prater Samantha Howell	Understanding the cyber risks of Pensions Dashboards

We hope you enjoyed listening to our podcast series. If you would like any more information regarding the cyber security, data protection and AI advice that we offer, please consult our dedicated webpage. If you have any questions, please feel free to get in contact with Chris Brown, Samantha Howell or your usual Burges Salmon contact.