Navigating the Intersection of ERISA Fiduciary Duties and Cybersecurity Data Breach Protections

A hedge fund manager may become subject to the provisions of the Employee Retirement Income Security Act of 1974 (ERISA) if it manages a “plan assets fund” or provides advice to retirement account clients. See our four-part series “A ‘Clear’ Guide to Swaps and to Avoiding Collateral Damage in the World of ERISA and Employee Benefit Plans”: Part One (Jul. 28, 2016); Part Two (Aug. 4, 2016); Part Three (Aug. 11, 2016); and Part Four (Aug. 25, 2016). A recent program presented by Poyner Spruill considered the relationship between cybersecurity and ERISA, looking at recent breaches and litigation involving ERISA plans; evaluating whether cybersecurity is a fiduciary duty under ERISA; analyzing whether ERISA preempts state cybersecurity and data-protection laws; and exploring how plan sponsors can implement effective cybersecurity measures. The panel featured Poyner Spruill partners Saad Gul and Michael E. Slipsky, along with associate Brenna A. Davenport. This article summarizes their key insights. See also our overview of ERISA issues for fund managers, “Happily Ever After? – Investment Funds That Live With ERISA, For Better and For Worse”: Part One (Sep. 4, 2014); Part Two (Sep. 11, 2014); Part Three (Sep. 18, 2014); Part Four (Sep. 25, 2014); and Part Five (Oct. 2, 2014).

To read the full article

Continue reading your article with a HFLR subscription.