Cybersecurity for ERISA Retirement and Welfare Benefit Plans

Tucker Arensberg, P.C.
Contact

Tucker Arensberg, P.C.

Cybersecurity continues to be an important fiduciary responsibility as the threat for security breaches grows with fraud, hacking or phishing schemes.  During this COVID-19 pandemic, cybersecurity for your ERISA retirement and welfare benefit plans becomes more important as plan participants work from home and access information remotely.  When plan fiduciaries are working with outside service providers that access and use confidential participant data, they may wish to consider the following questions that were part of an ERISA Advisory Council Report issued a few years ago.

  1. Does the service provider have a comprehensive and understandable cybersecurity program?
  2. What are the elements of the service provider’s cybersecurity program?
  3. How will the plan(s) data be maintained and protected?
  4. Will the data be encrypted at rest, in transit and on devices, and is the encryption automated (rather than manual)?
  5. Will the service provider assume liability for breaches?
  6. Will the service provider stipulate to permitted uses and restrictions on data use?
  7. What are the service provider’s protocols for notifying plan management in the case of a breach and are the protocols satisfactory?
  8. Will the service provider agree to regular reports and monitoring and what will they include?
  9. Does the service provider regularly submit to voluntary external reviews of their controls (such as SOC reports or a similar report or certification)?

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Tucker Arensberg, P.C. | Attorney Advertising

Written by:

Tucker Arensberg, P.C.
Contact
more
less

Tucker Arensberg, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide