The guidance covers:
- Cybersecurity Program Best Practices for Service Providers: sets forth suggested cybersecurity practices for those responsible for plan-related IT systems and data.
- Tips for Hiring a Service Provider: directs plan sponsors to conduct due diligence when selecting service providers.
- Online Security Tips: provides guidance to help employees in securing their benefit accounts.
Harriet Pearson, HR Policy Privacy Counsel and Partner, Hogan Lovells, said: “DOL’s new cybersecurity guidance is a good example of how HR data privacy and security is already addressed by federal laws that are specific to the employment context. As a practical matter, CHROs and their teams will likely want to confirm that their companies’ actions align with the guidance, particularly with respect to how they oversee the third-parties hired to administer such plans.”
Click here for a brief on the guidance by Pearson and Paul Otto, privacy and cybersecurity partner at Hogan Lovells.