To what extent are plan sponsors and plan fiduciaries required to protect plan participant data from cyberattack and cybersecurity risks? No clear answer exists. Presumably plan sponsors and fiduciaries have some level of responsibility to protect participant data, but the required level is unclear. Congress recently sent a letter to a government agency requesting guidance on this topic. For more commentary on this matter, see here.
For additional information contact Ed Wodarczyk.