DOL Issues First Ever Cybersecurity Guidance

Stinson - Benefits Notes Blog

Stinson - Benefits Notes Blog

On April 14, 2021, the Department of Labor’s (DOL) Employee Benefits Security Administration issued guidance on cybersecurity for the first time to help plan sponsors, fiduciaries, service providers, and participants protect personal information and retirement assets. In the guidance, the DOL identifies evaluating cybersecurity practices as part of the plan sponsor’s or other plan fiduciary’s duty to prudently select and monitor plan service providers and states that ensuring proper mitigation of cybersecurity risks is a fiduciary obligation.  The guidance is provided in three documents:

  • Tips for Hiring a Service Provider, which provides plan sponsors and fiduciaries with questions to ask before selecting a service provider and items to include in contracts with service providers;
  • Cybersecurity Program Best Practices, which includes best practices for recordkeepers and service providers and can be used by fiduciaries to prudently select service providers; and
  • Online Security Tips, which includes steps participants and beneficiaries can take to reduce the risk of fraud and losses to their retirement accounts.

The guidance is intended to complement the DOL’s regulations on electronic records and disclosures, which require a plan administrator using electronic disclosure to take steps reasonably calculated to protect the confidential information of participants and beneficiaries. For more information on the electronic disclosure regulations, see Stinson’s previous blog post: New DOL Electronic Disclosure Safe Harbor Offers Relief for Retirement Plans.

There has been a recent increase in litigation involving cybersecurity and retirement plans. Some of these lawsuits allege a breach of fiduciary duty by a plan administrator or plan sponsor for failing to prudently select and monitor service providers or by a service provider for failing to establish processes to prevent fraudulent withdrawals. Plan sponsors and fiduciaries should carefully review the new DOL cybersecurity guidance as part of broader measures to protect plan assets and personal information.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Stinson - Benefits Notes Blog | Attorney Advertising

Written by:

Stinson - Benefits Notes Blog

Stinson - Benefits Notes Blog on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.