Cybersecurity needs grow as retirement plan providers get into personalized services
You asked participants for not only financial but now personal data, goals, desires, dreams. Do you have a fiduciary duty to secure that data?
Retirement plan providers that collect comprehensive employee data in an effort to promote financial wellness now face a new challenge: that of better safeguarding that data.
A new report from Cerulli, “U.S. Retirement Markets 2019: Looking Toward Holistic Solutions for Participants and Plan Sponsors,” finds that cybersecurity needs to be stepped up in the face of new methods of customizing financial wellness efforts.
As tech becomes more advanced and allows greater opportunities for customization of financial wellness programs that cover everything from budgeting and debt management to investing, college planning, Social Security optimization and retirement income, the potential for trouble has also increased.
“[T]echnology has the potential to standardize recommendations, combat human biases, and at the very least alleviate some of the more time-intensive, computational aspects of portfolio management and financial planning,” Anastasia Krymkowski, ASA, associate director at Cerulli, is quoted saying in the report.
However, along with all these opportunities to become more directly involved in plan participants’ financial well-being comes the responsibility to safeguard the personalized information that makes it all possible.
Says the report, “[C]ybersecurity has emerged as a top issue for retirement specialist advisors—80 percent rate data security/cybersecurity very important, deeming it the single most important factor when evaluating recordkeepers.”
But it’s also going to cost plan providers more—in particular recordkeepers and third-party administrators. “In a digital age, these firms essentially double as technology companies, with plan sponsors and their consultants/advisors closely scrutinizing security procedures and policies,” Krymkowski is quoted saying, adding, “It is critical for providers to maintain accurate data representing participants’ transactions while safeguarding their assets and confidential information.”
Not only do providers need to protect client data ranging from Social Security numbers to credit card debt and outstanding student loans, they’re also now playing host to deeply personal information on such topics as career satisfaction, work productivity, personal relationships, smoking status and sleep patterns.
That’s a treasure trove for cyberthieves, and health data bring along their own particular requirements for safeguards: Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA) carries its own obligations for protection.
READ MORE: