To embed, copy and paste the code into your website or blog:
On April 14, 2021, the Department of Labor (DOL) issued its first set of guidance documents related to the cybersecurity of retirement benefit plans covered by the Employee Retirement Income Security Act (ERISA). The three-part guidance is aimed at various stakeholders plan fiduciaries, service providers, plan participants and beneficiaries and provides cybersecurity expectations for plan fiduciaries and best practices for their service providers.
Cybersecurity has become an area of critical importance to plan sponsors and administrators of employee benefit plans, as well as their service providers, as they increasingly rely on the Internet and IT systems to administer those plans. In a February 2021 Government Accountability Office (GAO) Report, the GAO, an independent and non-partisan U.S. legislative agency that monitors and audits government spending and operations, highlighted the significant cybersecurity risks to b
To print this article, all you need is to be registered or login on Mondaq.com.
On April 14, 2021, the Department of Labor (DOL) issued its
first set of guidance documents related to the cybersecurity of
retirement benefit plans covered by the Employee Retirement Income
Security Act (ERISA). The three-part guidance is aimed at various
stakeholders-plan fiduciaries, service providers, plan participants
and beneficiaries-and provides cybersecurity expectations for plan
fiduciaries and best practices for their service providers.
Cybersecurity has become an area of critical importance to plan
sponsors and administrators of employee benefit plans, as well as
their service providers, as they increasingly rely on the Internet
To embed, copy and paste the code into your website or blog:
On April 14, the Department of Labor’s Employee Benefits Security Administration (EBSA) issued its first cybersecurity-focused guidance related to benefit plans regulated by Employee Retirement Income Security Act (ERISA). Such plans typically involve the collection and use of a wealth of sensitive and detailed personal information regarding plan participants. The cybersecurity guidance emphasizes that plan sponsors and fiduciaries, and their service providers, are expected to take steps to mitigate cybersecurity risks under their ERISA fiduciary obligations.
As a practical matter, impacted companies will want to review and confirm that their organizations’ actions align with the guidance, particularly with respect to how they oversee the third parties hired to administer such plans. And while much of the content of the new cybersecurity guidance will be familiar to those who have worked with plans covered by the Heal
As noted in our recent
blog post, the US Department of Labor (DOL) has repeatedly signaled that it would be turning its focus toward the intersection of cybersecurity practices and ERISA’s fiduciary duties. On April 14, 2021, the DOL stopped signaling and started acting, issuing three pieces of subregulatory guidance addressing the cybersecurity practices of retirement plan sponsors, their service providers, and plan participants respectively.
While this subregulatory guidance does not have the deferential authority of a regulation subject to notice and comment or arguably even the persuasive authority of an Advisory Opinion the guidance provides a window into the DOL’s expectations of what ERISA’s prudence standards require with respect to cybersecurity matters. This window is particularly important given the specters of a threatened DOL enforcement initiative focusing on cybersecurity and privacy issues, increased private litigation arising out of cybersecurity events, and
[co-author: Kim Lee]
Cybercrime increased exponentially in 2020 and into 2021, starting with the disruption caused by COVID-19 and the migration to a work from home environment. Phishing emails were up 35 times and ransom attacks were up 150 percent in 2020. Foreign state sponsored cyberattacks such as the one affecting Solar Winds, also highlighted the increased risks from vendors and suppliers.
In step with this increasing threat environment, on April 14, 2021, the Department of Labor (DOL) issued for the first time cybersecurity guidance with respect to plans covered by the Employee Retirement Income Security Act of 1974 (ERISA). In addition to the prevalence of cybersecurity and other data-related issues across a variety of different areas, on the ERISA front, there have recently been developments regarding data protection and data use.