The outsourcing of retirement plan recordkeeping and other administrative responsibilities has increased in recent years for both defined contribution and defined benefit plans. Although there is no overarching privacy law governing retirement plans, fiduciaries must adhere to the “prudent expert” standard of care in fulfilling their duties, and be continuously diligent and attentive to the privacy and security of participant data.
This diligence extends to the structuring of outsourcing agreements for administrative responsibilities. Read this post from our Tech & Sourcing @ Morgan Lewis blog for more data security considerations in plan administration outsourcing agreements.