Breaches within Breaches: The Crossroads of ERISA Fiduciary Responsibilities and Data Security

48 Pages Posted: 8 Mar 2019

See all articles by Gregg Moran

Gregg Moran

University of Nebraska at Lincoln, College of Law

Date Written: February 7, 2019

Abstract

Although the drafters of the Employee Retirement Income Security Act of 1974 (“ERISA”) likely could not have anticipated the data security issues of the twenty-first century, ERISA’s duty of prudence almost certainly requires employee benefit plan fiduciaries to protect sensitive participant data in at least some manner. This Article suggests the Department of Labor should issue a regulation clarifying fiduciaries’ data security obligations. Given that fiduciaries are in the best positions to recognize their plans’ individual security needs and capabilities, the regulation should not attempt to micromanage fiduciaries’ substantive data security policies; rather, it should focus on the procedures by which they adopt their substantive policies. In addition to promoting specially tailored policies for protecting sensitive participant data, this regulation would resolve much of the confusion surrounding the application of ERISA to the data security field.

Keywords: data security, data protection, consumer protection, ERISA, department of labor, data regulation

JEL Classification: K23, K29

Suggested Citation

Moran, Gregg, Breaches within Breaches: The Crossroads of ERISA Fiduciary Responsibilities and Data Security (February 7, 2019). University of Miami Law Review, Vol. 73, No. 2, 2019, Available at SSRN: https://ssrn.com/abstract=3334270

Gregg Moran (Contact Author)

University of Nebraska at Lincoln, College of Law ( email )

Lincoln, NE
United States

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
110
Abstract Views
333
Rank
511,155
PlumX Metrics