EBSA Privacy and Cybersecurity Guidance

By and on May 20, 2021

Andrew C. Liazos, partner at McDermott Will & Emery, recently moderated an American Bar Association panel on the new cybersecurity guidance for retirement plan sponsors issued by the Department of Labor (DOL). The panel slides included 10 takeaways for the new DOL guidance.

Access the slides.

As a background, the DOL’s new guidance formalized its long-held view that retirement plan fiduciaries have an obligation to ensure proper mitigation of cybersecurity risks. More specifically, the DOL expects retirement plan fiduciaries to select and monitor the cybersecurity practices of their service providers.

The DOL guidance is in three parts.

  • The first part provides plan fiduciaries with a framework for reviewing a vendor’s cybersecurity practices.
  • The second part provides a robust list of cybersecurity “best practices” for record keepers and other vendors responsible for plan-related IT systems and data. For example, the DOL recommends that all retirement plan vendors with critical participant data conduct a reliable annual third-party audit of their security controls.
  • The third part provides security tips for participants and beneficiaries who manage their retirement accounts online.
Andrew LiazosAndrew Liazos
Andrew C. Liazos heads the Firm's Executive Compensation Group and the Boston Employee Benefits Practice. Andrew focuses his practice on compensation and benefit matters, including related securities, M&A, IPO, private equity, international and litigation matters. Clients range from Fortune 500 companies to compensation committees to individual executives in employment and severance negotiations. Read Andrew Liazos' full bio.


Todd McClellandTodd McClelland
Todd McClelland advises companies on complex, international legal issues associated with cybersecurity breaches and compliance, data privacy compliance, and data, technology, cloud and outsourcing transactions. Todd counsels clients in many industries, including payment processors, cybersecurity product providers, retailers, petro companies, financial institutions and traditional brick-and-mortar companies. Todd is the global head of the Firm’s Global Privacy & Cybersecurity Practice Group. Read Todd McClelland's full bio.

STAY CONNECTED

TOPICS

ARCHIVES