To embed, copy and paste the code into your website or blog:
On April 14, the Department of Labor’s Employee Benefits Security Administration (EBSA) issued its first cybersecurity-focused guidance related to benefit plans regulated by Employee Retirement Income Security Act (ERISA). Such plans typically involve the collection and use of a wealth of sensitive and detailed personal information regarding plan participants. The cybersecurity guidance emphasizes that plan sponsors and fiduciaries, and their service providers, are expected to take steps to mitigate cybersecurity risks under their ERISA fiduciary obligations.
As a practical matter, impacted companies will want to review and confirm that their organizations’ actions align with the guidance, particularly with respect to how they oversee the third parties hired to administer such plans. And while much of the content of the new cybersecurity guidance will be familiar to those who have worked with plans covered by the Heal
DOL s New Cybersecurity Guidance | McGuireWoods LLP jdsupra.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from jdsupra.com Daily Mail and Mail on Sunday newspapers.
Seyfarth Synopsis:
Retirement
plans hold millions (sometimes, hundreds of millions) of dollars in
assets, and participants personal information is increasingly
maintained and accessible online. With such large amounts of money
accessible electronically, retirement plans can be a prime target
for cyber-criminals. In response to this growing issue, on April
14, 2021, the Department of Labor ( DOL ) issued a
three-part set of informal guidance with best practices and
suggestions from different perspectives for addressing
cybersecurity in the retirement plan world. Acknowledging that
businesses largely rely on third parties, namely, the plan s
recordkeeper, to secure and protect participant data, the guidance
describes what cybersecurity protection to look for when selecting
To embed, copy and paste the code into your website or blog:
On April 14, 2021, the U.S. Department of Labor (DOL) released three-part guidance on cybersecurity issues for employee benefit plans, marking its first significant commentary on the issue since its comprehensive but nonbinding report in late 2016. The DOL’s guidance arrives amidst an increase in high-profile lawsuits arising out of retirement plan participants’ claims that plan sponsors, responsible fiduciaries, and service providers failed to adequately protect retirement accounts against cybersecurity threats. Given the increased threat of cybersecurity attacks in general and the potential vulnerability of approximately $9.3 trillion in benefit plan assets (per DOL estimation), ERISA plan sponsors, responsible fiduciaries, and participants have eagerly awaited formal DOL guidance on this issue. This update provides a detailed examination of the DOL’s three-part cybersecurity guidance for ERISA plans as well as a s
The Department of Labor (DOL) has issued its first-ever guidance
1 on cybersecurity for ERISA-regulated retirement
benefit plans. This guidance comes shortly after the Government
Accountability Office (GAO) released a report
2 calling
on the DOL to clarify how plan administrators should address
cybersecurity risks for defined benefit plans. The DOL s
guidance, which suggests combating cybercrime should be a priority
for plan sponsors and fiduciaries, also provides tips to
participants and beneficiaries on how to guard against cyber
threats.
The guidance has three parts: one directed at plan sponsors, one
directed at record keepers and service providers, and one directed
at plan participants.