To embed, copy and paste the code into your website or blog:
On April 14, 2021, the U.S. Department of Labor’s (“DOL’s”) Employee Benefits Security Administration (“EBSA”) issued its first cybersecurity best practices guidance for retirement plans. The EBSA guidance has been highly anticipated as the frequency and cost of data breaches affecting employee benefit plans continues to rise. The EBSA guidance focuses on actions that plan sponsors, plan fiduciaries, record-keepers, and plan participants can take.
The Employee Retirement Income Security Act (“ERISA”) imposes certain fiduciary duties on plan fiduciaries with respect to recordkeeping and the selection and monitoring of service providers. As recently as February, 2021 the Government Accountability Office urged the DOL to state whether it is a fiduciary’s responsibility to mitigate cybersecurity risks. Notably, and for the first time, the EBSA best practices guidance states that