Data Privacy & Cyber Compliance for Benefit Plans
Data privacy and cybersecurity is not just the IT department’s problem. Employee benefit plan leadership plays an important role in protecting an organization from cyber attacks, data breaches, and other cyber incidents. As fiduciary standards continue to evolve, and the amount of individual information stored and shared by employee benefit funds continues to grow, we efficiently and effectively assist our clients as they strive to navigate and comply with regulations and best practices governing the protection of personal information. We understand that cyber events such as a cyber attack or data breach are inevitable and will increasingly expose fiduciaries and plans to liability. To combat these challenges, we work with our clients to protect against and minimize this inevitable risk through:
- Designing and implementing plan-wide data privacy and cybersecurity compliance frameworks.
- Developing written policies and procedures to achieve compliance with federal and state data privacy and cybersecurity laws.
- Assessing risks and identifying shortfalls in compliance, prevention, detection and response initiatives.
- Performing due diligence on all data and security protocols when selecting and monitoring vendors.
- Developing data privacy and security protections for contracts with service providers.
- Data privacy and security training.
- Developing corporate governance and oversight programs.
- Development and testing of Cyber Incident Response Plans.
- Conducting data security and privacy breach investigations and risk assessments.
- Responding to and reporting cyber-attack and data breach incidents.