Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

Privacy and Security of Personal Information Collected by Benefit Plans

By Marc Bussone
October 14, 2016

High profile cyberattacks and data breaches have become routine occurrences. Cyber threats are so pervasive that many privacy and security experts advise that responsible parties ' like fiduciaries of employee benefit plans ' should prepare for when a data breach occurs, not if . Data collected by employee benefit plans includes sensitive information that makes them a particularly attractive target for cybercrime. While the Health Insurance Portability and Accountability Act (HIPAA), as amended by the Health Information Technology for Economic and Clinical Health Act (HITECH), sets forth requirements applicable to the security and privacy of protected health information collected by health plans, no such guidance currently exists with respect to the security and privacy of personal identifiable information (PII) collected by employee benefit plans other than health plans. However, plan sponsors and fiduciaries should be aware of, and address, security and privacy issues in connection with PII.

Personal Identifiable Information

The Office of Management and Budget (OMB) defines PII as “information which can be used to distinguish or trace an individual's identity, such as their name, social security number, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother's maiden name, etc.” OMB Memorandum M-07-16. The U.S. Department of Labor (DOL) has, at least informally, stated that information permitting the physical or online contacting of a specific individual is the same as personally identifiable information, and that this information can be maintained in either paper, electronic or other media.

This premium content is locked for Entertainment Law & Finance subscribers only

  • Stay current on the latest information, rulings, regulations, and trends
  • Includes practical, must-have information on copyrights, royalties, AI, and more
  • Tap into expert guidance from top entertainment lawyers and experts

For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473

Read These Next
Spurred By Data Breaches, CLOs Are Increasing Cybersecurity Leadership Role Image

Chief information officers still bear the brunt of cybersecurity worries at many companies. But a study by the Association of Corporate Counsel Foundation finds that chief legal officers are increasingly taking a leadership role in cybersecurity strategy.

GCs Want to Tap Into AI But Lack Roadmap, Report Shows Image

General counsel are eager to tap the promise of generative AI. But without clear technology road maps, many legal departments are struggling to turn that interest into action.

Is Google Search Dead? The Key to Thriving In an AI-Driven World Image

Part Two of this two-part article examines practical steps marketers must take to succeed in this changing landscape by embracing a multichannel, AI-driven approach to their marketing and PR efforts.

Shifting Crypto and Cyber Enforcement Priorities In SEC Image

When the SEC issues the next annual enforcement report for fiscal year 2025, we expect securities offering actions and investment adviser actions will almost certainly be up, and the “crypto” and “cyber” cases will almost certainly be down. Public statements by the new SEC administration have said as much, but even more telling than public statements are the allocation of limited enforcement resources.

Seventh, Ninth Court Rulings Tighten Reach of Federal Video Privacy Protection Act Image

The VPPA may be nearly four-decades old and video-rental stores largely a thing of the past, but the rise of online content, streaming services and ancillary activities has brought with it frequent litigation based on the VPPA. The key challenge in these litigations is how to interpret the VPPA’s 1980s terms in light of today’s digital advances.