Blog Logo
Blog Logo

Edward A. Wodarczyk

Of Counsel

Contact information

View All News & Insights

Cybersecurity for ERISA Retirement and Welfare Benefit Plans

Edward A. Wodarczyk, Esq.,, (412) 594-3920

Cybersecurity continues to be an important fiduciary responsibility as the threat for security breaches grows with fraud, hacking or phishing schemes. During this COVID-19 pandemic, cybersecurity for your ERISA retirement and welfare benefit plans becomes more important as plan participants work from home and access information remotely.  When plan fiduciaries are working with outside service providers that access and use confidential participant data, they may wish to consider the following questions that were part of an ERISA Advisory Council Report issued a few years ago.


  1. 1.  Does the service provider have a comprehensive and understandable cybersecurity program?
  2. 2.  What are the elements of the service provider’s cybersecurity program?
  3. 3.  How will the plan(s) data be maintained and protected?
  4. 4.  Will the data be encrypted at rest, in transit and on devices, and is the encryption automated (rather than manual)?
  5. 5.  Will the service provider assume liability for breaches?
  6. 6.  Will the service provider stipulate to permitted uses and restrictions on data use?
  7. 7.  What are the service provider’s protocols for notifying plan management in the case of a breach and are the protocols satisfactory?
  8. 8.  Will the service provider agree to regular reports and monitoring and what will they include?
  9. 9.  Does the service provider regularly submit to voluntary external reviews of their controls (such as SOC reports or a similar report or certification)?

July 06, 2020

Serving our clients successfully since 1900

The same attributes that have anchored over a century of success are still our guiding principles today.

Stay up-to-date on the latest News & Insights by subscribing to our alerts

Enter your email address below and be notified when we post new information.