Data Privacy and Security: Key Concerns for Benefit Plans

In consideration of Data Privacy Day, it is the perfect time to take stock of retirement and health plan information.

Whether you work with your employer’s retirement or health plans – or you are an enrollee yourself –  chances are you will need to access benefit plan data at some point. Benefit plan data can include more straightforward information, such as name, family members, and address – or more sensitive information, such as birthdate, Social Security Number, salary, and medical claims incurred.

Questions benefit plans should be asking with respect to plan data include:

  • Do you collect more information than required or retain information longer than necessary, possibly increasing your risk of a breach?
  • Do you know how your data flows internally? Are there safeguards to make sure only those who need to see data can access it?
  • With whom do you share data externally? Should you hold vendors to a particular privacy or security standard?
  • Should you be using encryption or other security measures with respect to your data?
  • What are your procedures in the event of a security breach? Whom should you notify?  Should you have cyberinsurance?

If you would like more information or need assistance with retirement and health plan data privacy and security matters, please contact a Groom attorney and/or subscribe to our alerts.