Plan sponsors of retirement plans handle a lot personal participant data, but many are unaware of their fiduciary duties in the context of cybersecurity. If a retirement plan suffers a cyberattack, plan assets could be diverted and misused. Under the Employee Retirement Income Security Act (ERISA), the plan sponsor could be held liable for a fiduciary breach for failure to satisfy a duty of loyalty and to act prudently.
The U.S. Circuit Court of Appeals for the 11th Circuit vacated the LabMD Federal Trade Commission order but did not challenge the Commission’s ability to use its unfairness authority to challenge inadequate data security practices in a closely watched case that tested the commission’s enforcement powers.
© 2019 Drinker Biddle & Reath LLP. All Rights Reserved. Lawyer Advertising.