Pittsburg, PA

Tucker Arensberg, P.C.
Tucker Arensberg, P.C.
One PPG Place, Suite 1500
Pittsburgh, PA 15222
(412) 566-1212
(412) 594-5619
Directions to Pittsburgh

Harrisburg, PA

Tucker Arensberg, P.C.
Tucker Arensberg, P.C.
2 Lemoyne Drive, Suite 200
Lemoyne, PA 17043
(717) 234-4121
(717) 232-6802
Directions to Harrisburg

New York, NY

Tucker Arensberg, P.C.
Tucker Arensberg, P.C.
250 Park Avenue, Suite 1508, 7th Floor
New York, NY 10171
(212) 739-7910
(212) 739-9607
Directions to New York

Widget Title

  • People
  • Practice Areas
  • News + Insights
    • News
    • Articles
    • Speaking
  • Office Locations
    • Pittsburgh
    • Harrisburg
    • New York
  • About the Firm
    • Overview
    • Careers
    • Diversity
    • Affiliations
    • Pro Bono & Community

Title

  • Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar

Tucker Arensberg, P.C.Tucker Arensberg, P.C.

Attorneys in Pittsburgh, Harrisburg, New York City

  • People
  • Practice Areas
  • News + Insights
  • About Our Firm
  • COVID 19: Answers to Business Challenges
ShareBookmarkPDF

Cybersecurity for ERISA Retirement and Welfare Benefit Plans

COVID 19: Answers to Business Challenges July 6, 2020

Edward A. Wodarczyk, Esq., ewodarczyk@tuckerlaw.com, (412) 594-3920

Cybersecurity continues to be an important fiduciary responsibility as the threat for security breaches grows with fraud, hacking or phishing schemes.  During this COVID-19 pandemic, cybersecurity for your ERISA retirement and welfare benefit plans becomes more important as plan participants work from home and access information remotely.  When plan fiduciaries are working with outside service providers that access and use confidential participant data, they may wish to consider the following questions that were part of an ERISA Advisory Council Report issued a few years ago.

  1. Does the service provider have a comprehensive and understandable cybersecurity program?
  2. What are the elements of the service provider’s cybersecurity program?
  3. How will the plan(s) data be maintained and protected?
  4. Will the data be encrypted at rest, in transit and on devices, and is the encryption automated (rather than manual)?
  5. Will the service provider assume liability for breaches?
  6. Will the service provider stipulate to permitted uses and restrictions on data use?
  7. What are the service provider’s protocols for notifying plan management in the case of a breach and are the protocols satisfactory?
  8. Will the service provider agree to regular reports and monitoring and what will they include?
  9. Does the service provider regularly submit to voluntary external reviews of their controls (such as SOC reports or a similar report or certification)?

Primary Sidebar

Cybersecurity for ERISA Retirement and Welfare Benefit Plans

Related

People

  • Edward A. Wodarczyk

Practice Areas

  • Employee Benefit Plans/ERISA
© 2021 All Rights Reserved|Tucker Arensberg, P.C.|Log in|Powered by Content Pilot
  • Sitemap
  • Disclaimer
  • Privacy Policy
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Accept