Retirement Plan Data Ownership and Rights
Retirement plan data ownership and the protection of that data are amid a firestorm with issues surfacing in places where no one wants to see them. The U.S. Court system has become one of the unfortunate gathering places for plan sponsors to discuss retirement plan data. The need to protect and preserve the integrity of retirement plan data is coming to a head as plan fiduciaries and trustees are being schooled in the courts on what the plan can permit and what the plan is not permitted to authorize.
A recent lawsuit against Vanderbilt University had the plaintiff claiming Vanderbilt University had mismanaged its retirement plan. The school settled the case; however, as part of that settlement agreement, Vanderbilt University was required to inform the plan recordkeeper, Fidelity Investments, to refrain from using participant data to cross-sell unrelated products and services – unless participants requested such information from Fidelity Investments.
Recordkeepers and other retirement plan service providers are increasingly looking at internal records (data) for two reasons. One reason is data mining. Financial service firms have for years, analyzed data to learn if there are additional products or services, they can deliver to existing retirement plan clients either faster, cheaper or with an improved outcome. Something that would help the client. (Historically, this was not considered a breach of trust or a plaintiff attorney’s opportunity.) The other reason service providers might be looking at their own clients may be as a cross-selling business opportunity outside of the in the interest of the qualified retirement plan. Sometimes with the client’s best interest in mind, and sometimes, perhaps not.
The implications are also applicable to financial advisers who are upselling services such as wealth management and financial wellness to retirement plan participants based upon access to existing retirement plan data. There are varying regulations — not just the Employee Retirement Income Security Act (ERISA), which governs retirement plans — that could be looked at as examples of how an individual’s data can be protected. For example, the state of California has a Consumer Privacy Act. Financial institutions have The Gramm-Leach-Bliley Act, which pertains to the sharing and protection of consumer privacy information. The healthcare industry has the Health Insurance Portability and Accountability Act, or HIPAA.
Coming to the forefront is the issue of data ownership. The central concern is whether plan-specific data is a “plan asset”? One could ask the same question for Plan Education. Is retirement education a “plan asset”? Neither data nor education is defined under the Employee Retirement Income Security Act of 1974.
Plan sponsors and all retirement plan fiduciaries need to be fully aware of any vendor’s effort to sell products or services to retirement participants. For the Plan Sponsor, the true difficulty is in distinguishing the difference between a predatory sales tactic and a true value-added service for plan participants.
Latest posts by Steff Chalk (see all)
- Emergency Savings Contributions Protect Retirement Plan Assets - May 21, 2020
- Emergency Savings Needed for Financial Wellness - May 19, 2020
- 401k Communication with a Remote Workforce - May 14, 2020