Participant Data: Whose Asset is it Anyway?

2020 has seen a record number of class action lawsuits alleging excessive fees and imprudent investment offerings in defined contribution plans governed by the Employee Retirement Income Security Act of 1974 (ERISA). But the dramatically high number of new filings is not the only story surrounding this genre of ERISA fiduciary litigation. One of the most significant developments in this area is the plaintiffs’ bar’s effort to promote a new strain of fiduciary and prohibited transaction liability that, ironically, does not relate to the propriety of plan investments or expenses. Rather, this emerging line of attack focuses on plan recordkeepers’ alleged use of participant-specific data (e.g., participants’ ages, employment status, contribution levels, investment allocations, account balances, etc.) to market non-plan financial products and services to those participants. Given its potentially broad legal and business implications, this is an important development for all retirement plan service providers to follow.

Plaintiffs initially sought to introduce these new claims in certain suits — including several of the so-called “university” 403(b) plan cases — solely against plan sponsors and named fiduciaries, alleging the defendants breached their purported fiduciary duties to safeguard participant data and prevent recordkeepers from exploiting the data for non-plan marketing purposes. However, in at least one case involving a large 401(k) plan, plaintiffs also joined the recordkeeper and some of its affiliates as defendants for purposes of asserting both fiduciary and non-fiduciary party-in-interest claims for alleged misuse of participant data.

Regardless of what types of defendants are joined in a particular suit, these claims largely hinge on the proposition that participant data constitutes a “plan asset” under ERISA. However, this is a conclusion that no court has reached to date. In fact, in denying plaintiffs’ motion to amend their complaint to add participant data claims, the federal district court for the Northern District of Illinois, in Divane v. Northwestern University, expressly concluded that the participant information at issue was not a plan asset “based on ordinary notions of property rights” and the defendants did not otherwise breach any recognized fiduciary obligation under ERISA by “not preventing” the recordkeeper from using participant data for sales purposes as alleged. The Divane plaintiffs appealed this ruling, but the Seventh Circuit affirmed the lower court’s decision. (The plaintiffs have filed a petition for certiorari with the United States Supreme Court seeking review of certain aspects of the Seventh Circuit’s Northwestern decision; however, the plaintiffs are not seeking further review of the ruling rejecting the participant data claims.)

Some of the lawsuits in which plaintiffs asserted participant data claims have settled on a class-wide basis before the courts had an opportunity to rule on the merits of the claims. While the precise language of the relevant agreements varies somewhat, these settlements essentially require that the respective plan fiduciaries contractually prohibit their recordkeepers from using participant information to market non-plan products or services (or from communicating with plan participants about non-plan products at all) unless a request for such products or services is initiated by a plan participant. These settlement provisions may be a prelude to the types of restrictions recordkeepers should expect some plan customers to demand in future service agreements.