Cybersecurity - Hacks, Breaches, & Inadvertent Disclosure - Oh My!Disclosure!

There is a lot of talk about cybersecurity lately, even from the U.S. Department of Labor (DOL). In fact, how funds are protecting participants’ personal information has emerged as an issue of concern for the DOL, according to Ian Dingwall, chief accountant for DOL’s Employee Benefit Security Administration (EBSA).

Trustees must ensure that the trust fund itself has adopted strict security protocols designed to protect participant and beneficiary information from hacks, breaches and inadvertent disclosure. The obligation doesn’t end with the fund’s own handling of information. The fund is also responsible for ensuring its service providers with access to confidential or private information and must take adequate steps to protect it.

Service provider agreements are among a number of cyber-liability issues EBSA staffers are asking funds about, Dingwall said. Plan fiduciaries must know that their service providers are taking precautions, just as the plan is, to be sure systems are safe and secure, backed up, and tested.

A recent article by Wyatt J. Holliday, CEBS, and David J. Fournier, lawyers from Shumaker, Loop & Kendrick, LLP, entitled What Fiduciaries Need to Ask Service Providers About Cybersecurity in the August 2015 Benefits Magazine covers this at length. The article is worth a read, particularly if your fund has not recently reviewed its service provider agreements with cyber-liability in mind.

Of course, no security measures are 100 percent, so a blog post to follow will discuss cyber-liability insurance and what it might offer a trust fund that other insurance policies might not.
 

Trustees should not construe the blog as legal advice and are urged to consult with their own fund counsel to determine whether any action is permissible or advisable. 

Trustees should not construe these resources as legal advice and are urged to consult with their own fund counsel to determine whether any action is permissible or advisable.