Cybersecurity and ERISA Retirement Plans: Risks and Best Practices for Plan Sponsors and Fiduciaries

Mintz Of Counsel Michelle Capezza co-presented "Cybersecurity and ERISA Retirement Plans: Risks and Best Practices for Plan Sponsors and Fiduciaries," a live CLE webinar hosted by Strafford.

Cybersecurity is an increasingly serious issue for many industries during the pandemic. Recent data breaches across a variety of companies demonstrate that benefit plans, sponsors, and service providers are not immune. Plan sponsors and fiduciaries must act proactively to develop a course of action to address these issues.

Aside from ERISA fiduciary duty principles, there is limited guidance regarding ERISA plan fiduciary duties with respect to privacy and security of plan data and data breaches. The liability for violations of ERISA fiduciary duties can be personal to the individual fiduciary.

Plan sponsors, fiduciaries, and service providers should identify risks and understand the nuances of applicable rules and regulations. In addition, effective privacy and security practices and response procedures should be implemented to minimize potential liability.

Listen as the panel provides guidance to benefits counsel on trends in data breaches in ERISA retirement plans. The panel will discuss the scope of fiduciary obligations to prevent breaches, industry standards, ERISA preemption of state data breach laws, and contractual risk mitigation with third-party administrators (TPAs).

Learning objectives:

• What lessons can be learned from recent breaches of retirement plan employee information and data?
• What should ERISA plan fiduciaries consider in developing benefit plan cybersecurity best practices?
• How can cybersecurity protections be incorporated into retirement plan contracts with service providers and TPAs?
• What specific obligations do plan sponsors and fiduciaries have when responding to an occurrence of a data breach?