DOL Issues New Cybersecurity Guidance for Plan Sponsors, Plan Fiduciaries, Record-Keepers and Plan Participants
June 21, 2021
On April 14. 2021, the U.S. Department of Labor (DOL) issued much needed guidance concerning best practices for plan sponsors, fiduciaries, record-keepers, participants and beneficiaries pertaining to cybersecurity for retirements plans. The DOL’s guidance focuses on three specific topics: hiring service providers; managing cybersecurity risks; and online security tips for participants to avoid risk of fraud and loss. Although the guidance was couched as “best practices,” it is reasonable to interpret it as creating minimum cybersecurity standards and practices for retirement plans. The guidance specifies the duty of plan fiduciaries to protect plan data against cybersecurity breaches and attacks, and potentially signifies a precursor for the DOL to assess liability for damages stemming from plan data breaches in the future. Although the guidance did not address health and welfare plans, those plans may also wish to consider implementing these measures.