DOL Guidance on Cybersecurity: Risks and Duties for Plan Sponsors & Fiduciaries
This presentation focuses on the Department of Labor’s new cybersecurity guidance and its potential impact on retirement plan sponsors and plan fiduciaries going forward. A panel of Frost Brown Todd practitioners will discuss cybersecurity risks faced by plan sponsors and fiduciaries in connection with their retirement plans and the fiduciary duty to mitigate those risks. Practical insights and strategies for demonstrating compliance with the Department of Labor’s standard will be identified. Additionally, the panel will discuss some interesting observations they have made as they have helped plan sponsors diligence the cybersecurity programs of their service providers, including reviewing their service contracts.
Sarah Lowe | Member | Employee Benefits & ERISA
Sarah’s employee benefits practice is primarily focused on all aspects of qualified retirement plans, related ERISA fiduciary issues and 401(k) and pension plan investments. Sarah regularly advises plan fiduciaries regarding compliance with ERISA’s fiduciary duties.
Bob Dibert | Member | Privacy & Data Security
Bob’s experience with data privacy and security issues dates to the early 2000’s, in the successful negotiation and handling of litigation materials subject to privacy and security requirements of HIPAA. During the last ten years, his practice has expanded to include counseling clients in records retention and compliance and handling internal investigations of potential data security breach incidents. Example incidents have included HR phishing, business email compromise and ransomware.
Michael Nitardy | Member | Privacy & Data Security
Michael assists clients in addressing state and federal regulations regarding employee health and benefits plans and advises on how to deal with all aspects of the modern information economy. Michael helps clients comply with the applicable laws and regulations governing the proper use and disclosure of personal information as well as assisting clients in investigating and addressing potential data breaches and incidents.