On April 14, 2021, the U.S. Department of Labor (DOL) released three-part guidance on cybersecurity issues for employee benefit plans, marking its first significant commentary on the issue since its comprehensive but nonbinding report in late 2016.

The DOL’s guidance provides tips and best practices for ERISA plan sponsors, responsible fiduciaries, recordkeepers, service providers, and participants in appropriately safeguarding nonpublic plan and participant information against cybersecurity threats. The DOL also issued a tip sheet for ERISA plan participants to best protect their own information when interacting with plan data online.

Though the DOL’s guidance is described in terms of tips and best practices, this guidance raises a number of practical implications for ERISA plan sponsors and responsible fiduciaries. Plan sponsors and responsible fiduciaries should consider evaluating, implementing, and documenting actional responses for their own information systems and cybersecurity controls against points raised in the DOL’s guidance. Read the full article.