ERISA Cybersecurity – A Fiduciary Concern?

/ By / Compliance, Fiduciary, Latest Stories

ERISA CybersecurityThis week, the NFL’s official Twitter account announced the death of Commissioner Roger Goodell – except the report was false sent by someone who had hacked the NFL’s account. It took a computer security firm 37 seconds to uncover an eight-digit password just created by a CBS reporter on air. Which raises the question of general ERISA Cybersecurity and whether the accounts of participants in defined contribution (DC) plans are subject to cyber-attacks and, in turn, what are the fiduciary responsibilities of ERISA plan fiduciaries.

The law firm of McGuire Woods reviews these issues of ERISA Cybersecurity; and though there is a gap in ERISA concerning cyber security which has not been addressed by the DOL, the ERISA Advisory Council has made specific recommendations. HIPAA covers data privacy for healthcare but there is no such specific protection for retirement plan information other than an overall duty for fiduciaries to act prudently in the best interest of their participants.

It’s obvious that participant data stored by record keepers and TPAs should be protected. But other parties are getting access to sensitive data as more contribution plans and their advisors are using financial wellness firms to help their employees to improve their financial picture and better prepare them for retirement. Most do not think about protecting the privacy of the employees’ data who might assume that, like health care information, it cannot be reused. And in order to personalize professionally managed investments, some firms and advisors are asking the DC record keeper for information about the participant. (See related article – Fiduciary Risk in Not Protecting Participant Data)

Will the DOL eventually link cyber security to fiduciary liability? In an era when sensitive data like Social Security numbers and account information can be easily hacked causing significant harm to participants, plan sponsors should be especially vigilant about what they are doing to protect against cyber threats, what their partners storing the information are doing and who is being allowed access.

Leave a Comment

Your email address will not be published. Required fields are marked *

FOLLOW US:

401kTV

About Us

Management Team

Affiliates

Privacy Policy

Terms Of Service

Contact 401kTV

Thank you for visiting our site!

TRAU, Inc. and its affiliates TPSU and 401kTV do not provide investment, legal, tax or accounting advice. 401kTV readers and viewers should consult their legal and tax advisors for guidance. All materials, including but not limited to articles, directories, photos, videos, graphics etc., on this website are the sole property of TRAU, Inc. and are intended for educational purposes only. We do encourage your sharing 401kTV content with Plan Sponsors; however, unauthorized use of any and all materials is prohibited/restricted.

Permission to use any of the materials, etc. on any of this site or affiliate websites may be requested in writing at [email protected] and may be granted in writing on a case by case basis. Use of all editorial content without permission is strictly prohibited.

Scroll to Top