Plans covered by the Employee Retirement Income Security Act (“ERISA”) are at a greater risk of cyber-incidents since they hold millions of dollars or more in assets and maintain an abundance of personal information about plan participants. Recognizing these risks, on April 14, 2021, the Department of Labor’s (“DOL’s”) Employee Benefits Security Administration (“EBSA”) published cybersecurity guidance for plan sponsors, plan fiduciaries, record keepers, and plan participants. The new guidance pertains to plan sponsors and fiduciaries regulated by ERISA, including plan participants and beneficiaries. Furthermore, in its 2022 budget, the EBSA has specifically requested increased expenditures for investigations into cybersecurity breaches and related enforcement actions. Below are highlights from the EBSA’s new guidance for plan sponsors, plan fiduciaries, and record keepers. Within the guidance, there are also tips that plan participants can use to protect their own personal information. The entirety of the EBSA’s guidance can be found here.
Best Practices
EBSA has for years recommended that ERISA plan sponsors, plan fiduciaries and record keepers use the…
