Los Angeles partner Bruce Ashton’s recent client alert, “The Fiduciary Duty for Cybersecurity,” was highlighted in an article on the National Association of Plan Advisors (NAPA)’s website titled “Is There a Fiduciary Duty of Cybersecurity?” The NAPA article reiterates Bruce’s description of the ERISA fiduciary duty owed by plan sponsors for cybersecurity protection of participant accounts. 

Bruce’s alert explains that a fiduciary duty exists with regard to the cybersecurity of plan participant information, since a DOL regulation says fiduciaries need to protect participants’ information. He goes on to explain that “plan fiduciaries have to take steps to protect participant information; the steps must be ‘appropriate and necessary’; and the protections need to be incorporated into the ‘system’ being used to communicate with the participants.” He also points out that plan sponsors need to monitor plan service providers to ensure they are taking appropriate steps to protect that information. 

Read “Is There a Fiduciary Duty of Cybersecurity?”

Read Bruce’s alert, “The Fiduciary Duty for Cybersecurity.”


Source: NAPA
Leave Drinker Biddle to Learn More