17 Sep 2024
Don’t Be Scared! Weaving Cybersecurity Awareness into Your Plan Fiduciaries’ Duties
Cybersecurity is the word, and fiduciaries of employee benefit plans governed by the Employee Retirement Income Security Act of 1974 should implement cybersecurity risk management strategies to mitigate the risks of liabilities that can result from cybersecurity attacks on ERISA employee benefit plans. With the Department of Labor (DOL) having issued initial guidance on the extent of a fiduciary’s cybersecurity responsibilities, plan fiduciaries continue to struggle to understand the extent of their responsibilities and the manner they might best be addressed. This practice note outlines some important risk management strategies they may consider when addressing these concerns.
Related Content
- Cybersecurity Considerations for ERISA Plan Fiduciaries
Review this practice note to focus on what cybersecurity-related concerns ERISA fiduciaries should be focused. Plan fiduciaries should be involved in the protection of participants' plan assets, financial and personally identifiable information, protected health information, and other plan data. During a time when the global digital landscape is expanding exponentially and becoming increasingly vulnerable, ERISA plan fiduciaries should include these concerns in reviewing the health and data security of the information that plans and their vendors store and transmit. - Cybersecurity Best Practices in Retirement Plans Checklist
Reference this checklist for action steps to recognize and address cybersecurity risks for an ERISA employee benefit plan, in protecting plan data, plan participant records, and confidential information, including account information.
Practical Guidance Updates
Featuring the latest updates from your Practical Guidance account.
- Employee Benefits & Executive Compensation Key Legal Developments Tracker (Current)
Stay informed on new developments.- ERISA. DOL’s EBSA division clarifies and updates its cybersecurity guidance indicating that the guidance applies to all types of ERISA plans, including health and welfare plans. EBSA, Compliance Assistance Release No. 2024-01.
- ERISA. A Texas district court granted a stay on the effective date of the Department of Labor's Retirement Security Rule, expanding an earlier partial stay to now apply to all of the rule's exemptions. Fed'n of Ams. for Consumer Choice, Inc. v. United States DOL, No. 6:24-cv-163-JDK, 2024 U.S. Dist. LEXIS 131589 (E.D. Tex. July 25, 2024).
- Retirement Plans. IRS issues guidance in the form of questions and answers for section 110 of the SECURE 2.0 Act of 2022, which section allows employers to match employees' qualified student loan payments (QSLPs) under section 401(k) plans, section 403(b) plans, SIMPLE IRA plans, and governmental section 457(b) plans. R.S. Notice 2024-63.
- Health and Welfare Benefits. IRS, EBSA, HHS, and CMS issue final rules amending regulations implementing the Paul Wellstone and Pete Domenici Mental Health Parity and Addiction Equity Act of 2008 (MHPAEA) and adding new regulations implementing the nonquantitative treatment limitations (NQTL) comparative analyses requirements under the MHPAEA, as amended by the Consolidated Appropriations Act, 2021. The new rules prohibit plans from using more restrictive prior authorization for mental health than for physical health conditions. They also close loopholes that exempted state and local government- insured plans from its requirements. 89 Fed. Reg.__ (prepublished version and CMS News).
- Employment Agreements and Restrictive Covenants. The District Court for the Northern District of Texas issued a nationwide injunction on the FTC's noncompete clause rulemaking. The decision fell shortly before the September 4, 2024, effective date of the rule. Accordingly, employers are not required to provide notice regarding the lack of enforceability of any non-compete agreements as was required by the FTC's rule. Ryan LLC v. FTC, 2024 U.S. Dist. LEXIS 148488 (N.D. Tex. 2024); 89 Fed. Reg. 38342 (May 7, 2024).
- Stay informed on SECURE 2.0 Act developments by using our SECURE 2.0 Act Guidance Tracker.
- Document alerts allow you to stay current on legal developments that affect your practice. Find out how to set up your document alerts.
- For Practical Guidance content on important recent trends, please review easy-to-use Resource Kits on these emerging topics:
- Generative Artificial Intelligence (AI) Resource Kit is a frequently updated collection of current Practical Guidance materials on generative AI, ChatGPT, and similar tools.
- Review this guidance, AI and Legal Ethics: What Lawyers Need to Know, in the Summer Edition of the Practical Guidance Journal. Explore insights from a judge into the use of GenAI in civil litigation, including discovery issues, use cases, and key takeaways. Also advance your career with professional and business development guidance.
- Learn About New Practical Guidance Content and Resources
Review this exciting guide featuring some of the recent content additions to Practical Guidance, designed to help you find the tools and insights you need to work more efficiently and effectively. - Browse the Practical Guidance Author Center to see the 2000+ leading attorney authors contributing to our 26 practice areas. Interested in becoming a Practical Guidance author? Click here for details. Practical Guidance is committed to amplifying diverse voices of attorneys across all differences, including gender and race.
- Legal Developments provide the latest updates and analyses of emerging topics impacting your practice area. Visit the Legal Developments page to see the latest topics, which also include breaking legal news and related Practical Guidance content.
- New and Updated Practical Guidance Content
- ERISA at 50: Pre-ERISA and the Need for Pension Protections Video
- ERISA at 50: Fiduciary Protections Video
- ERISA at 50: Impact of ERISA and Major Amendments Video
- SECURE 2.0 Act Impact on Retirement Plan Compliance and Administration
- Employee Benefits and Executive Compensation Issues in Corporate Transactions Checklist
- HIPAA Privacy and Security Policy
- The New Fiduciary Rule: The Regulations and Exemptions are Stayed
- What the End of the Chevron Doctrine May Mean for ERISA’s Fiduciary Provisions
PRACTICAL GUIDANCE CUSTOMER EMAIL EDITION ON THE WEB
Experience results today with practical guidance, legal research, and data-driven insights—all in one place.
Experience Lexis+