ERISA Advisory Council: 2016 Benefit Plan Cybersecurity Report Released
Monday, February 27, 2017
cybersecurity key, benefit plans, dol
Print Mail Download i

The ERISA Advisory Council (Council) has been tackling the issue of cybersecurity as it relates to benefit plans since 2011, and just this last summer, the Council held two hearings where it heard testimony from various experts and interested parties on the issue. Following these hearings, the Council issued a report that remained unpublished until this month, when it was released by the Department of Labor (DOL). The report, titled “Cybersecurity Considerations for Benefit Plans” (Report), states that the Council focused on providing information to “plan sponsors, fiduciaries and service providers in evaluating and developing a cybersecurity risk management program for benefit plans.” The Council provides two recommendations in the Report:

  1. Make the Report and its appendices available via the DOL’s website as soon as administratively feasible to provide plan sponsors, fiduciaries, and service providers with information on developing and maintaining robust cyber-risk management programs for benefit plans.

  2. Provide information to the employee benefit plan community of plan sponsors, fiduciaries, and service providers to educate them on cybersecurity risks and potential approaches for managing these risks.

While a majority of the Report discusses the challenges of cybersecurity, current legal framework, and other background information, the Report also includes an appendix intended to serve as a resource for plan sponsors and service providers, so that they can establish and customize appropriate strategies on cybersecurity for benefit plans. The appendix includes

  • information to help plan sponsors and fiduciaries better understand how plan data is handled,

  • components of a successful cybersecurity framework,

  • tips for establishing protocols and cybersecurity risk management strategies, and

  • a list of questions to ask before contracting with service providers.

However, the Report does not discuss two key issues that impact benefit plans: whether cybersecurity is a fiduciary responsibility and whether ERISA preempts state cybersecurity laws. We expect further developments in the area of cybersecurity, as it appears to be a priority for US President Donald Trump’s administration.  

Copyright © 2024 by Morgan, Lewis & Bockius LLP. All Rights Reserved.

Current Legal Analysis

More from Morgan, Lewis & Bockius LLP

Arizona to Fintech Companies: Come Play in Our Sandbox!
by: Melissa R. H. Hall , Charles M. Horn
New Russia Sanctions: Key Takeaways
by: Brian L. Zimbler , Carl A. Valenstein
DOJ’s First Enforcement Action for ‘No-Poaching’ Agreements Since the Landmark Antitrust Guidance for HR Professionals
by: Mark L. Krotoski
Government Requests for Data: CLOUD Act Attempts to Provide Guidance
by: Dr. Axel Spies , Jessica M. Pelliciotta
Contract Corner: Is It Time for Form NDA Spring Cleaning?
by: Michael L. Pillion , Jessica M. Pelliciotta
Renewable Energy Deals Targeted for More Scrutiny in New Trade Report
by: Stephen Paul Mahinka
No Such Thing as Simple Food Labeling: Changes Ahead in 2018
by: Ryan Fournier
Gender Equality: The French Government’s Roadmap
by: Sabine Smith-Vidal , Laetitia de Pelet
Power to the States: Which Came First, the Chicken (CFPB) or the Eggs (AGs)?
by: Nicholas M. Gess , Charles M. Horn
DC Circuit’s ACA v. FCC Decision: Implications for Calling and Texting
by: Gregory T. Parks , Ezra D. Church

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins