Cybersecurity Considerations for Plan Distribution Administration

Journal of Pension Benefits Winter 2021

Michelle Capezza, Member of the Firm in the Employee Benefits and Health Care & Life Sciences practices, in the firm’s New York office, authored an article in the Journal of Pension Benefits, titled “Cybersecurity Considerations for Plan Distribution Administration.”

Following is an excerpt (see below to download the full version in PDF format):

There is increasing scrutiny on ERISA plan fiduciaries concerning the scope of their responsibilities for the cybersecurity of plan participant personally identifiable information, data and assets, and the potential fiduciary liability that could be incurred due to a cybersecurity breach. Volumes of data and personally identifiable information (PII) related to plan participants are collected, transmitted, processed, and stored for plan administration. With continuing advancements in plan administration technology and electronic access to account information, participant data and PII have become increasingly more vulnerable to attack as they travel through employer and third-party systems; in fact, the retirement accounts themselves are more at risk. The focus of this column is to comment solely on the plan distribution facet of the retirement plan administrative process and the cybersecurity considerations that it raises. The best practices outlined herein should be part of a larger plan fiduciary policy on cybersecurity for applicable benefit plans.