Cybersecurity Concerns For ERISA Fiduciaries

Pension and welfare plans store participant and beneficiary personal data that is of interest to cyber attackers. Not only does the plan sponsor have access to personal confidential data, but so do the participant and beneficiary, the third party service provider and other vendors. What cyber attackers aim for is not just theft of plan assets but also theft of personal data and an individual’s identity, which may be of higher value. Currently there is no comprehensive federal guidance regarding cybersecurity obligations of plan fiduciaries, although guidance from DOL may be pending. Meanwhile there are federal and state laws that address the issue in various ways. In this Today’s General Counsel article, Morgan Lewis attorneys provides some general recommendations.