02.04.19
Cybersecurity 'Patchwork' Leaving Industry Vulnerable
by: Brian Croce
The retirement industry has no unified cybersecurity approach to protect sensitive data, and the hodgepodge of federal and state regulations don't offer any clear approach for security within the retirement space, industry sources say. No federal regulation comprehensively governs cybersecurity for retirement plans or service providers, notes a Pension Research Council working paper published in December. ERISA "is silent on data protection in the form of electronic records, and the U.S. courts have not yet decided whether managing cybersecurity risk is a fiduciary function," the paper states. And while some retirement service providers are covered by federal rules based on their industry, they often cross several different industries. David Levine, principal at the Groom Law Group, said: "It's kind of woven together as a patchwork, and the patchwork has holes in it at times."
Read the full article on Pensions & Investments