In short, through its new guidance, the DOL is making it clear that fiduciaries cannot reasonably fulfill their obligations to plan participants without taking an active role to ensure that not only are the plan’s cybersecurity practices aligned with the DOL’s best practices, but also that such fiduciaries are actively monitoring and evaluating a service provider’s cybersecurity policies and procedures.
Below, we have set out answers to some of the overarching questions facing the who, the what, the when, and the how of DOL’s new guidance.
Cybersecurity Program Best Practices
To whom does this guidance apply?
DOL Issues New Guidance On Cybersecurity For Retirement Benefit Plans - Employment and HR mondaq.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from mondaq.com Daily Mail and Mail on Sunday newspapers.
Guidance for Plan Sponsors, Plan Fiduciaries, Record Keepers and Plan Participants
Guidance for Investment Advice Exemption
Mental Health ASPIRE Initiative | Seven States Selected
Amazon Union Election
Biden Administration Labor Leadership Updates. On April 21, the Senate Health, Education, Labor, and Pensions (HELP) Committee is scheduled to hold a business meeting to consider the nomination of
Ms. Julie Su to serve as Deputy Secretary of Labor.
On April 9, U.S. President Joe Biden announced his intent to nominate
Mr. Doug Parker to serve as Assistant Secretary of Labor for Occupational Safety and Health (OSHA). Mr. Parker currently serves as chief of California’s Division of Occupational Safety and Health (Cal/OSHA). House Education & Labor Committee Ranking Member Virginia Foxx (R-North Carolina) said of the nomination:
To print this article, all you need is to be registered or login on Mondaq.com.
The DOL s Employee Benefits Security Administration
( EBSA ) provided new guidance for plan sponsors,
fiduciaries, participants and record-keepers concerning best
practices for managing cybersecurity. This is the first time the
EBSA has provided cybersecurity guidance. (See also GAO retirement
plan guidance issued in February 2021: Defined Contribution Plans: Federal Guidance Could
Help Mitigate Cybersecurity Risks in 401(k) and Other Retirement
Plans ).
The DOL asserted that plan participants and plan assets may be at risk from both internal and external cybersecurity
threats, and that ERISA requires plan fiduciaries to
To embed, copy and paste the code into your website or blog:
On April 14, 2021, the Department of Labor (“DOL”) issued several pieces of guidance on cyber security best practices, including: (1) a press release, (2) Online Security Tips for retirement plan participants, (3) a Tips for Hiring a Service Provider with Strong Cybersecurity Practices, and (4) Cybersecurity Program Best Practices. This set of cybersecurity guidance emphasizes how critical it is for fiduciaries to focus on cybersecurity issues in selecting, contracting with and monitoring the performance of recordkeepers and other plan service providers to protect plan participants. Fiduciaries should focus on cybersecurity in performing service provider due diligence, in negotiating service provider contracts, and in ongoing monitoring of a service provider’s compliance with policies and procedures and to ensure that any breaches are promptly reported, investigated and addressed.