Seyfarth Synopsis:
Retirement
plans hold millions (sometimes, hundreds of millions) of dollars in
assets, and participants personal information is increasingly
maintained and accessible online. With such large amounts of money
accessible electronically, retirement plans can be a prime target
for cyber-criminals. In response to this growing issue, on April
14, 2021, the Department of Labor ( DOL ) issued a
three-part set of informal guidance with best practices and
suggestions from different perspectives for addressing
cybersecurity in the retirement plan world. Acknowledging that
businesses largely rely on third parties, namely, the plan s
recordkeeper, to secure and protect participant data, the guidance
describes what cybersecurity protection to look for when selecting
To embed, copy and paste the code into your website or blog:
On April 14, 2021, the U.S. Department of Labor announced new cybersecurity guidance for plan sponsors, plan fiduciaries, record-keepers, and plan participants. The guidance is specifically “directed at plan sponsors and fiduciaries regulated by the Employee Retirement Income Security Act, and plan participants and beneficiaries” and is intended to mitigate cybersecurity risks to pension plans and contribution plans. While organizations with mature cybersecurity and vendor management programs may not find much of note within the standards, the Department of Labor announcement highlights the general importance of employee benefits data and the Department’s heightened attention to such standards. The guidance consists of three supplementary documents including: 1) “Tips for Hiring a Service Provider”, 2) “Cybersecurity Program Best Practices”, and 3) “Online Security Tips”.
Seyfarth Synopsis:
Retirement plans hold millions (sometimes, hundreds of millions) of dollars in assets, and participants’ personal information is increasingly maintained and accessible online. With such large amounts of money accessible electronically, retirement plans can be a prime target for cyber-criminals. In response to this growing issue, on April 14, 2021, the Department of Labor (“DOL”) issued a three-part set of informal guidance with best practices and suggestions from different perspectives for addressing cybersecurity in the retirement plan world. Acknowledging that businesses largely rely on third parties, namely, the plan’s recordkeeper, to secure and protect participant data, the guidance describes what cybersecurity protection to look for when selecting service providers. The guidance also provides tips for recordkeepers and other service providers responsible for maintaining plan data, and ideas for plan participants on safeguarding their data an
To print this article, all you need is to be registered or login on Mondaq.com.
Many issues keep employee benefit plan administrators,
committees, and sponsors (plan fiduciaries) awake at night, but
cybersecurity is especially troubling for many reasons. Employee
benefit plans face significant cybersecurity threats and, given the
incredibly significant amount of assets involved, the consequences
of even one single attack can be devastating. Further, plan
fiduciaries can have the best cybersecurity procedures in place for
their own internal systems, and yet the plan or a plan participant
can still experience a cyber-breach because of the numerous
interfaces the plan has with third parties, such as record-keepers,
To embed, copy and paste the code into your website or blog:
On April 14, 2021, the U.S. Department of Labor’s (DOL’s) Employee Benefits Security Administration (EBSA) finally issued first-ever guidance for plan sponsors, plan fiduciaries, record keepers and plan participants on best practices for maintaining cybersecurity to protect the retirement benefits of America’s workers under ERISA-subject private sector employer-sponsored retirement plans.
Background. The Employee Retirement Income Security Act of 1974 (ERISA) established minimum standards and requirements intended to protect plan participants and beneficiaries in private sector employer-sponsored retirement plans. However, since ERISA’s enactment, plan sponsors and their service providers have increasingly relied on the internet and IT systems to execute tasks required to administer these retirement plans. In addition, plan sponsors often outsource retirement plan administration, including record keeping and other