DOL Stepping Up Cybersecurity Focus
There’s been increasing awareness – and litigation – regarding cyber security and participant accounts – and the Labor Department has taken notice.
Sources tell us that plan audits are now asking to see employers’ written cyber security policies and procedures – and asking about cyber security attacks, and the response(s) to them.
Recent litigation involving Abbot Labs, Estee Lauder, MandMarblestone Group, and Boeing has reportedly highlighted the issue and the fiduciary duty to protect plan participant’s confidential information and safeguard participant’s accounts from cyber fraud.
In a September Risk Alert by the SEC’s Office of Compliance Inspections and Examinations (OCIE), the Securities and Exchange Commission (SEC) cautioned that it has observed an increase in cyber-attacks against registered investment advisers (RIAs) and broker dealers (BDs), which, in some cases, has resulted in the loss of customer assets and unauthorized access to customer information.
Earlier this year the DOL issued a new rule titled “Default Electronic Disclosure by Employee Pension Benefit Plans Under ERISA,” which provided safe harbor relief to plan administrators who satisfy specific conditions in delivering electronic communications, but in unveiling that rule also noted that “…the Department expects that many plan administrators, or their service or investment providers, already have secure systems in place to protect covered individuals’ personal information.”
Apparently those expectations are going to be “vetted.”