Abstract

Although the drafters of the Employee Retirement Income Security Act of 1974 (“ERISA”) likely could not have anticipated the data security issues of the twenty-first century, ERISA’s duty of prudence almost certainly requires employee benefit plan fiduciaries to protect sensitive participant data in at least some manner. This Article suggests the Department of Labor should issue a regulation clarifying fiduciaries’ data security obligations. Given that fiduciaries are in the best positions to recognize their plans’ individual security needs and capabilities, the regulation should not attempt to micromanage fiduciaries’ substantive data security policies; rather, it should focus on the procedures by which they adopt their substantive policies. In addition to promoting specially tailored policies for protecting sensitive participant data, this regulation would resolve much of the confusion surrounding the application of ERISA to the data security field

Recommended Citation

Gregg Moran, Breaches Within Breaches: The Crossroads of ERISA Fiduciary Responsibilities and Data Security, 73 U. Mia. L. Rev. 483 (2019)
Available at: https://repository.law.miami.edu/umlr/vol73/iss2/7

Download

Included in

Computer Law Commons, Privacy Law Commons

COinS

University of Miami School of Law Institutional Repository

University of Miami Law Review

Breaches Within Breaches: The Crossroads of ERISA Fiduciary Responsibilities and Data Security

Abstract

Recommended Citation

Included in

Journal Links

Miami Law Links

University of Miami School of Law Institutional Repository

University of Miami Law Review

Breaches Within Breaches: The Crossroads of ERISA Fiduciary Responsibilities and Data Security

Authors

Abstract

Recommended Citation

Included in

Share

Journal Links

Miami Law Links