Groom principal Allison Itami was featured by the National Association of Plan Advisors (“NAPA”) in the article, “A Cybersecurity Audit Survival Kit: What Plan Sponsors Must Do to Pass,” where she covered the guidance plan sponsors might expect on cybersecurity from the Department of Labor (“DOL”).
According to NAPA, Itami said that “ERISA, enacted in 1974, does not explicitly address a fiduciary responsibility for cybersecurity. It’s not surprising, since people didn’t think much about cybersecurity in the 1970s.”
“But obviously, there is a fiduciary duty to make sure that the plan assets are used for the payment of benefits and plan expenses,” Itami added. “Part of that is protecting those assets from hackers and fraud.”
The outlet reported that Itami said that, “Now, DOL investigators are deciding what to do with all the cybersecurity information submitted by plan sponsors.
NAPA further reported that she “expects cybersecurity to start becoming a part of all retirement plan audits, rather than the DOL doing cybersecurity-specific audits,” and that Itami said that “the DOL’s cybersecurity guidance also applies to health and welfare plans.”
To read the article, click here.
