Members of our labor and employment team recently published a LawFlash discussing the US Department of Labor’s (DOL’s) April 14 issuance of three pieces of subregulatory guidance addressing the cybersecurity practices of retirement plan sponsors, vendors, and plan participants respectively. This resource, which includes our team’s analysis and observations, may be of particular interest to employers in the healthcare sector, who are all too familiar with how important it is to keep data secure.
The DOL’s guidance provides a window into its expectations of what ERISA’s prudence standards require with respect to cybersecurity matters. It is particularly important given the specters of a threatened DOL enforcement initiative focusing on cybersecurity and privacy issues, increased private litigation arising out of cybersecurity events, and the general uptick in cybersecurity events affecting employee benefit plans.