Privacy and Security Concerns for Employee Benefit Plans with Service Provider Relationships

Recent cyber-attacks on health insurers have heightened awareness that sensitive participant and beneficiary information may not be adequately secure. There will undoubtedly be other attacks on databases maintained by service providers to employee benefit plans, which raises an important question for Employee Retirement Income Security Act of 1974 (ERISA) fiduciaries: what should be done now to protect participant and beneficiary information entrusted to service providers against future attacks and unauthorized disclosure? While the extent of a fiduciary’s responsibility to protect personal identifiable information of participants and beneficiaries is unclear, the fiduciary provisions of ERISA can be interpreted to impose a general duty to protect this information when it is part of a plan’s administration. In addition, plan fiduciaries also may have obligations under other federal and state laws governing data privacy and security that are not preempted by ERISA. This article addresses the nature of the problem, identifies the types of data breaches that can occur with employee benefit plans, provides an overview of relevant law that may apply, and sets forth practical steps that can be taken by plan fiduciaries with service providers to address privacy and security concerns.

Click here to read the full article from Benefits Law Journal.

Anthony A. Bongiorno
Anthony (Tony) A. Bongiorno has extensive jury trial experience in a variety of commercial matters and serves as the partner-in-charge of the Firm’s Boston office. Tony has successfully tried cases in various federal and state courts around the country. In addition to his significant jury trial experience, Tony has also tried matters under the auspices of the American Arbitration Association, the International Centre for Dispute Resolution and the International Chamber of Commerce. Tony has represented clients in many industries, including energy, health care, biotech and construction. Read Anthony A. Bongiorno's full bio.

Andrew Liazos
Andrew C. Liazos is the global chair of McDermott’s Benefits & Compensation Practice Group and has practiced at McDermott for over 25 years. Andrew focuses his practice on compensation and benefit matters, including related securities, M&A, IPO, private equity, international and litigation matters. Clients range from Fortune 500 companies to compensation committees to individual executives in employment and severance negotiations. Read Andrew Liazos' full bio.

Amy C. Pimentel
Amy C. Pimentel focuses her practice on privacy and data security and general health law. Her clients operate in a variety of industries, including health care, consumer products, retail, food and beverage, technology, banking and other financial services. Read Amy Pimentel's full bio.




Top ranked chambers 2022
US leading firm 2022