While the European Union led the world on data privacy through the enactment of the General Data Protection Regulation (“GDPR”), developments in the United States suggest that a similar data privacy regulatory structure may be forthcoming that will also affect pension and benefit plans and their service providers and advisors. This can be seen both through recent enforcement initiatives and through policy developments. First, in September 2018, the U.S. Securities and Exchange Commission (“SEC”) announced that it had settled claims related to the cyber security policies and procedures to protect personally identifiable information (“PII”) held by Voya Financial Advisors’ (the “Advisor”), a registered investment advisor and broker-dealer. Second, the U.S. Congress and federal regulators have taken steps towards implementing a nationwide privacy framework. Both the enforcement initiative and policy developments are discussed in the article linked below.

This article was originally published in Volume 89 of International Pension Lawyer, the Journal of the International Pension and Employee Benefits Lawyers Association, released in December 2018.

Latest Resources


April 20, 2023

Groom Event


March 23, 2023

George Washington University Law School