April 20, 2021,
The U.S. Department of Labor (DOL) recently announced new guidance for plan sponsors, plan fiduciaries, record keepers and plan participants on best practices for maintaining cybersecurity. Although much of the guidance is intended to protect retirement benefits, the rules also generally apply to health and welfare benefits subject to the Employee Retirement Income Security Act of 1974 (ERISA). The guidance comes in three forms: 1) Tips for Hiring a Service Provider, 2) Cybersecurity Best Practices and 3) Online Security Tips. Plan sponsors, fiduciaries, and third-party service providers should seriously evaluate their current cybersecurity protocol and processes in order to prevent regulatory and civil liability in connection with cybersecurity breaches affecting employee benefit plans.