The Department of Labor is working on a guidance package addressing cybersecurity issues as they relate to plan sponsors and third-party providers.
Tim Hauser, Deputy Assistant Secretary for DOL’s Employee Benefits Security Administration (EBSA) has indicated that we should expect more focus in the department’s investigations of the adequacy of various cybersecurity programs to confirm that service providers plan sponsors hire are practicing effective cybersecurity practices.
Mr. Hauser also indicated that the forthcoming guidance would be informal, and not a formal notice and comment.
The DOL expects there to be questions asked when hiring a TPA or record-keeper.
In the event, a security breach is identified and an offender has achieved access to confidential information, the plan sponsor should produce a documented response, including notifying law enforcement, the FBI, the plan and their participants.