An unfortunate reality of modern life is that all manner of personal and confidential information can be accessed by digital thieves. This includes financial information which can be used to gain access to assets such as retirement plans. Which leads to the question; what are the responsibilities of a retirement plan fiduciary to prevent cyber attack? ERISA does not explicitly offer an answer since the law was crafted well before the rise of the internet but general duties to act with prudence likely means that at least some preventative measures be taken. Thorough vetting of third party administrators and other with access to accounts should be a priority since many breaches are the result of deliberate action by those with access. In addition, simple steps like properly updating computer security software and properly protecting passwords can tremendously increase security. While no specific set of preventative measure is required by law, it is always a good idea to use a cornucopia of measures to ensure that there will never be a need to test what the legally minimum responsibility might be.
See Danielle Andrus, Are Retirement Plan Fiduciaries Required to Prevent Cyberattacks?, Think Advisor, March 7, 2016.
Special thanks to Brian Cohan (Attorney at Law, Law Offices of Brian J. Cohan, P.C.) for bringing this article to my attention.
