To embed, copy and paste the code into your website or blog:
On April 14, the Department of Labor’s Employee Benefits Security Administration (EBSA) issued its first cybersecurity-focused guidance related to benefit plans regulated by Employee Retirement Income Security Act (ERISA). Such plans typically involve the collection and use of a wealth of sensitive and detailed personal information regarding plan participants. The cybersecurity guidance emphasizes that plan sponsors and fiduciaries, and their service providers, are expected to take steps to mitigate cybersecurity risks under their ERISA fiduciary obligations.
As a practical matter, impacted companies will want to review and confirm that their organizations’ actions align with the guidance, particularly with respect to how they oversee the third parties hired to administer such plans. And while much of the content of the new cybersecurity guidance will be familiar to those who have worked with plans covered by the Heal
Seyfarth Synopsis:
Retirement
plans hold millions (sometimes, hundreds of millions) of dollars in
assets, and participants personal information is increasingly
maintained and accessible online. With such large amounts of money
accessible electronically, retirement plans can be a prime target
for cyber-criminals. In response to this growing issue, on April
14, 2021, the Department of Labor ( DOL ) issued a
three-part set of informal guidance with best practices and
suggestions from different perspectives for addressing
cybersecurity in the retirement plan world. Acknowledging that
businesses largely rely on third parties, namely, the plan s
recordkeeper, to secure and protect participant data, the guidance
describes what cybersecurity protection to look for when selecting
Seyfarth Synopsis:
Retirement plans hold millions (sometimes, hundreds of millions) of dollars in assets, and participants’ personal information is increasingly maintained and accessible online. With such large amounts of money accessible electronically, retirement plans can be a prime target for cyber-criminals. In response to this growing issue, on April 14, 2021, the Department of Labor (“DOL”) issued a three-part set of informal guidance with best practices and suggestions from different perspectives for addressing cybersecurity in the retirement plan world. Acknowledging that businesses largely rely on third parties, namely, the plan’s recordkeeper, to secure and protect participant data, the guidance describes what cybersecurity protection to look for when selecting service providers. The guidance also provides tips for recordkeepers and other service providers responsible for maintaining plan data, and ideas for plan participants on safeguarding their data an