In 2020, the Department of Labor (DOL) announced their final rule that simplified the delivery of retirement plan information to participants by allowing employers to deliver disclosures to plan participants primarily electronically (the E-Delivery Rule). Benefits and executive compensation partner Fred Reish, senior counsel Bruce Ashton and associate Stephen Pennartz coauthored an article for American Society of Pension Professionals & Actuaries (ASPPA) titled “The New E-Delivery Rule: The Price of Simplification,” that addresses the fiduciary considerations applicable to plans that rely on the E-Delivery Rule.
In the article, the authors note that, under the E-Delivery Rule, retirement plans still retain a fiduciary duty to protect participants’ personal information from cybertheft. Retirement plans that are applying the new rule may face increased exposure to ERISA fiduciary breach claims alleging inadequate cybersecurity measures.
The authors outline steps plan committees using the new e-delivery safe harbor may want to take to assess the security of their e-delivery procedures and repair any vulnerabilities that might place participant data at risk.