DOL Issues Cybersecurity Guidance for ERISA-Covered Retirement Plans

April 23, 2021
by Daniel Chasen

For the first time, the DOL’s Employee Benefits Security Administration (EBSA) issued cybersecurity guidance for plan sponsors, plan fiduciaries, record keepers, and plan participants, including on how to protect retirement benefits.

The guidance covers: 

• Cybersecurity Program Best Practices for Service Providers: sets forth suggested cybersecurity practices for those responsible for plan-related IT systems and data.
  
  
• Tips for Hiring a Service Provider: directs plan sponsors to conduct due diligence when selecting service providers. 
  
  
• Online Security Tips: provides guidance to help employees in securing their benefit accounts.

Harriet Pearson, HR Policy Privacy Counsel and Partner, Hogan Lovells, said:  “DOL’s new cybersecurity guidance is a good example of how HR data privacy and security is already addressed by federal laws that are specific to the employment context.  As a practical matter, CHROs and their teams will likely want to confirm that their companies’ actions align with the guidance, particularly with respect to how they oversee the third-parties hired to administer such plans.”

Click here for a brief on the guidance by Pearson and Paul Otto, privacy and cybersecurity partner at Hogan Lovells.