Cybersecurity and Your 401(k) Plan Fiduciary Duties
Did you know that systems and data security fall within a retirement plan fiduciary’s duties? Cybersecurity—or the protection of personally identifiable information (PII)—is integral to a 401(k) plan fiduciary’s responsibility to act in the best interests of participants and beneficiaries.
Cybersecurity is an ERISA fiduciary duty
According to the Employee Retirement Income Security Act of 1974 (ERISA), a fiduciary is obligated to take “appropriate and necessary” steps to protect the safety of participants’ accounts and information, just as they do with plan design, investment selection, and monitoring fees and expenses. To this end, the U.S. Department of Labor (DOL) has provided broad, best-practice guidelines to address fiduciaries’ roles and responsibilities related to cybersecurity, which we’ve summarized below.
To read more, click here!