To print this article, all you need is to be registered or login on Mondaq.com.
On April 14, 2021, the U.S. Department of Labor (DOL) released
three-part guidance on cybersecurity issues for employee benefit
plans, marking its first significant commentary on the issue since
its comprehensive but nonbinding report in late 2016. The DOL s
guidance arrives amidst an increase in high-profile lawsuits
arising out of retirement plan participants claims that plan
sponsors, responsible fiduciaries, and service providers failed to
adequately protect retirement accounts against cybersecurity
threats. Given the increased threat of cybersecurity attacks
in general and the potential vulnerability of approximately $9.3
To embed, copy and paste the code into your website or blog:
On April 14, the Department of Labor’s Employee Benefits Security Administration (EBSA) issued its first cybersecurity-focused guidance related to benefit plans regulated by Employee Retirement Income Security Act (ERISA). Such plans typically involve the collection and use of a wealth of sensitive and detailed personal information regarding plan participants. The cybersecurity guidance emphasizes that plan sponsors and fiduciaries, and their service providers, are expected to take steps to mitigate cybersecurity risks under their ERISA fiduciary obligations.
As a practical matter, impacted companies will want to review and confirm that their organizations’ actions align with the guidance, particularly with respect to how they oversee the third parties hired to administer such plans. And while much of the content of the new cybersecurity guidance will be familiar to those who have worked with plans covered by the Heal
As noted in our recent
blog post, the US Department of Labor (DOL) has repeatedly signaled that it would be turning its focus toward the intersection of cybersecurity practices and ERISA’s fiduciary duties. On April 14, 2021, the DOL stopped signaling and started acting, issuing three pieces of subregulatory guidance addressing the cybersecurity practices of retirement plan sponsors, their service providers, and plan participants respectively.
While this subregulatory guidance does not have the deferential authority of a regulation subject to notice and comment or arguably even the persuasive authority of an Advisory Opinion the guidance provides a window into the DOL’s expectations of what ERISA’s prudence standards require with respect to cybersecurity matters. This window is particularly important given the specters of a threatened DOL enforcement initiative focusing on cybersecurity and privacy issues, increased private litigation arising out of cybersecurity events, and
[co-author: Kim Lee]
Cybercrime increased exponentially in 2020 and into 2021, starting with the disruption caused by COVID-19 and the migration to a work from home environment. Phishing emails were up 35 times and ransom attacks were up 150 percent in 2020. Foreign state sponsored cyberattacks such as the one affecting Solar Winds, also highlighted the increased risks from vendors and suppliers.
In step with this increasing threat environment, on April 14, 2021, the Department of Labor (DOL) issued for the first time cybersecurity guidance with respect to plans covered by the Employee Retirement Income Security Act of 1974 (ERISA). In addition to the prevalence of cybersecurity and other data-related issues across a variety of different areas, on the ERISA front, there have recently been developments regarding data protection and data use.
DOL s New Cybersecurity Guidance | McGuireWoods LLP jdsupra.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from jdsupra.com Daily Mail and Mail on Sunday newspapers.