The SPARK Institute's Data Security Oversight Board (DSOB) worked with definitional examples from national cyber standards, international regulations, state privacy laws, and client contracts and gathered insights from the plan consultant representatives on the board.
In a letter to the Government Accountability Office (GAO), lawmakers said retirement savings are "a tempting target for criminals who could hack into plans and individuals’ accounts to access information, commit identity fraud, and steal retirement savers’ nest eggs."
The "What's Now and What's Next" report focuses on eight specific risk areas that companies may face in 2019.
The council is asking the DOL to require sponsors to be familiar with the various security frameworks to protect retirement plan data.
John Hancock Retirement Plan Services is offering a guarantee to reimburse eligible participants for unauthorized transfers from their 401(k) retirement accounts.
The Segal Group suggests nine steps plans can take, starting with creating an information security policy.