To embed, copy and paste the code into your website or blog: Earlier this month, the U.S. Department of Labor (the “DOL”) issued informal guidance outlining “best practices” for managing the cybersecurity risks facing employer-sponsored retirement plans. Although the DOL has previously stated generally that plan fiduciaries must ensure systems are in place to protect participant data, this guidance marks the first time the DOL has directly addressed cybersecurity in this context. The most notable portion of the guidance for plan sponsors and fiduciaries are the DOL’s Tips for Hiring a Service Provider with Strong Cybersecurity Practices. This guidance outlines both: (i) the questions plan fiduciaries should ask potential plan service providers about their cybersecurity practices; and (ii) the contract provisions related to cybersecurity that plan fiduciaries should include in their service provider agreements.