cybersecurity program best practices; and online security tips for participants. There’s not much new information in the DOL guidance from what had already been suggested by experts; it has issued common sense best practices that reflect the state of the industry, says Andrew Elbon, a partner with law firm Bradley. “What’s new is that the DOL has laid out in a thorough manner what it would expect plan fiduciaries to be looking for,” he says. “The DOL is saying, ‘This is a fiduciary issue and here’s a road map.’” Matthew Hawes, a partner at Morgan, Lewis & Bockius LLP, agrees that the guidance is a clear indication that the DOL thinks cybersecurity is a fiduciary responsibility. Both plan sponsors and providers have a responsibility to be proactive with respect to the privacy and cybersecurity of plan and participant information, he says.