DOL Issues New Cybersecurity Guidance

Cybersecurity Guidance Plan Sponsors
April 20, 2021 34 view(s)
DOL Issues New Cybersecurity Guidance
On April 14th, 2021, the Department of Labor (DOL) announced cybersecurity guidance for plan sponsors, fiduciaries, recordkeepers, and plan participants. Specifically, the direction includes best practices for maintaining cybersecurity, including tips on protecting worker retirement benefits. Moreover, this is the first time the DOL’s Employee Benefits Security Administration (EBSA) has issued cybersecurity guidance. The EBSA wrote the new guidance for plan sponsors and fiduciaries regulated by the Employee Retirement Income Security Act (ERISA). In addition, the guidance affects plan participants and beneficiaries. Recently, the EBSA issued a notice guiding employers on the duration of COVID-19-related benefit plan deadline extensions.

Important Statistics

According to the DOL, the EBSA created the new guidance after reviewing current statistics. For instance, as of 2018, the EBSA estimates 34 million defined benefit plan participants in private pension plans. Additionally, there are 106 million defined contribution plan participants. Both forms of plans cover estimated assets of $9.3 trillion. Without sufficient protection, the DOL claims that these assets may be at risk from internal and external cybersecurity threats. Therefore, the ERISA requires plan fiduciaries to take appropriate precautions to mitigate these risks.

Overview of the Guidance

The EBSA’s new cybersecurity guidance comes in three forms:
  • Tips for Hiring a Service Provider: Helps plan sponsors and fiduciaries prudently select a service provider with solid cybersecurity practices. The document also provides advice on how sponsors and fiduciaries can monitor service provider activities, which the ERISA requires.
  • Cybersecurity Program Best Practices: Assists plan fiduciaries and recordkeepers in their responsibilities to manage cybersecurity risks.
  • Online Security Tips: Offers plan participants and beneficiaries who check their retirement accounts basic online rules to reduce the risk of fraud and loss.
In conclusion, the guidance complements the EBSA’s regulations on electronic records and disclosures to plan participants and beneficiaries. Those regulations include provisions on ensuring that:
  • electronic recordkeeping systems have reasonable controls;
  • adequate records management practices are in place; and
  • electronic disclosure systems include measures calculated to protect Personally Identifiable Information (PII).
by

NOTE: The details in this blog are provided for informational purposes only. All answers are general in nature and do not constitute legal advice. If legal advice or other expert assistance is required, the services of a competent professional should be sought. The author specifically disclaims any and all liability arising directly or indirectly from the reliance on or use of this blog.

Comments
Leave your comment
Your email address will not be published
Leave your comment
Loading...
Options chevron-down
Contact Us
Compliance 101A
Categories chevron-down
Search the blog chevron-down
Recent posts chevron-down
Latest EEOC Enforcement Data Shows Increased Pre-Litigation Activity Latest EEOC Enforcement Data Shows Increased Pre-Litigation Activity
59 view(s)
EEOC Pens Letter to Companies Regarding Title VII Compliance and DEI Initiatives EEOC Pens Letter to Companies Regarding Title VII Compliance and DEI Initiatives
112 view(s)
NLRB Officially Reinstates Previous 2020 Joint Employer Standard NLRB Officially Reinstates Previous 2020 Joint Employer Standard
198 view(s)
OSHA Releases New Job Safety and Health Workplace Poster OSHA Releases New Job Safety and Health Workplace Poster
436 view(s)
Agency Releases Newly Proposed Independent Contractor Status Rule; Seeks Employer Comments Agency Releases Newly Proposed Independent Contractor Status Rule; Seeks Employer Comments
55 view(s)