DOL Advisory Council to Further Study Cybersecurity

By ASPPA Net Staff • May 24, 2016 • 0 Comments

The Department of Labor’s 2016 Advisory Council on Employee Welfare and Pension Benefit Plans has announced that it is embarking on an in-depth study of cybersecurity as it applies to benefit plans.

Cybersecurity Considerations for Benefit Plans” is not the first such effort. The new project builds on previous reports from 2011 and 2015. In 2011, the council recommended that the DOL:

  • provide guidance on the obligation of plan fiduciaries to secure and keep private the personal identifiable information (PII) of participants and beneficiaries; and

  • develop educational materials and outreach efforts for plan sponsors, participants and beneficiaries to address issues of privacy and security of PII.

Last year the advisory council looked at cybersecurity issues in the context of those topics and after hearing testimony, determined that the topic deserved more attention and should be taken up by a future council in greater depth.

The 2016 council will complement the work of these previous councils by focusing specifically on outlining the scalable elements of cyber risk management strategies for benefit plans. Its goal is to offer the DOL draft materials that will help in understanding and evaluating cybersecurity risks and protecting benefit plan data and assets from them.

The council warns that “no individual, organization, or industry is immune from cyber threats, including benefit plans.” And it further argues that given the data they handle and the many parties involved with its use, it is incumbent upon plans to protect themselves and information about the plan and its participants from cyber threats. “The operation and administration of benefit plans requires the sharing of data and assets among multiple parties, including third party administrators, actuaries, auditors, and trustees, to name a few. It is critical for plan sponsors and vendors to manage this data with the objective of minimizing exposure to the cyber threats that exist now and will develop in the future,” says the council.