Compliance Assistance Release confirms cybersecurity guidance applies to all ERISA plans
WASHINGTON – In its continuing effort to protect U.S. workers’ retirement and health benefits, the U.S. Department of Labor today updated current cybersecurity guidance confirming that it applies to all types of plans governed by the Employee Retirement Income Security Act, including health and welfare plans, and all employee retirement benefit plans.
The new Compliance Assistance Release issued by the department’s Employee Benefits Security Administration provides best practices in cybersecurity for plan sponsors, plan fiduciaries, recordkeepers and plan participants. The release updates EBSA’s 2021 guidance and includes the following:
“Today’s Compliance Assistance Release provides an important clarification for plan sponsors and fiduciaries, confirming that our guidance on cybersecurity applies to all plans covered by the Employee Retirement Income Security Act,” explained Assistant Secretary for Employee Benefits Security Lisa M. Gomez. “All ERISA covered-plans need to implement appropriate best practices to help protect participants and their beneficiaries from cybercrime and emerging threats. These updates remind plan sponsors and fiduciaries of the critical importance of safeguarding job-based benefits and personal information.”
As of June 2024, EBSA estimates ERISA covers 2.8 million health plans, 619,000 other welfare benefit plans and 765,000 private pension…