ERISA Fiduciaries, Data Privacy and Cybersecurity Risks: HIPAA, HITECH, and ERISA Preemption of State Data Breach Laws

Responding to Data Breaches of Healthcare Administrators and Retirement Plans, Minimizing Risks with TPAs

Recording of a 90-minute premium CLE webinar with Q&A

Conducted on Tuesday, June 20, 2017

Recorded event now available

or call 1-800-926-7926
Program Materials

This CLE webinar will provide guidance to employee benefits counsel on trends in data breaches for ERISA healthcare and retirement plans, lessons from recent BCBS/Anthem litigation, ERISA fiduciary obligations, ERISA preemption of state data breach laws, and contractual risk mitigation with third-party administrators (TPAs).


Data breach prevention and response is an increasingly serious issue for many industries. Anthem’s data breach affected employers and health plans nationwide, confirming that health plans and insurers are not immune. Plan sponsors and fiduciaries must take great care to comply with complex regulations that differ based on the type of plan involved.

Last year two retirement plan administrators experienced data breaches. Unlike the liability for breaches of healthcare plans where the standards and liability are more certain (e.g., HIPAA, HITECH), the standards and liability under ERISA for retirement benefits plans are inconclusive. There is no case law regarding whether ERISA fiduciaries have a fiduciary duty to take reasonable measures to prevent data breaches, and unlike HIPAA and HITECH, the liability for violations of ERISA fiduciary duties is personal to the individual fiduciary.

While regulatory guidance to ERISA administrators and fiduciaries regarding data breaches is scarce, the ERISA Advisory Council recently provided DOL with limited guidance on cybersecurity risks. However, the guidance addresses neither the scope of ERISA fiduciary obligations regarding cybersecurity, nor whether ERISA preempts state data breach laws. While the court in the Anthem litigation held that the state law claims were preempted by ERISA, there is a dearth of case law on this issue.

Listen as our esteemed panel provides guidance to benefits counsel on trends in data breaches of ERISA healthcare and retirement plans. The panel will review the recent BCBS/Anthem litigation, discuss the scope of fiduciary obligations to prevent breaches, ERISA preemption of state data breach laws, and contractual risk mitigation with TPAs.



  1. Trends in ERISA data breaches: health care and retirement plans
  2. Lessons from the BCBS/Anthem litigation
  3. ERISA fiduciary obligations with respect to data breaches
  4. Trends in ERISA preemption litigation and what it portends for preemption of state data breach laws
  5. Incorporating cybersecurity protections into retirement plan contracts with TPAs


The panel will review these and other key issues:

  • What specific obligations do plan sponsors and fiduciaries have when responding to an occurrence of a data breach?
  • How can plan sponsors manage their breach response to safeguard plan data, achieve an effective response, and reduce the risk of legal and regulatory action?
  • What lessons can be learned from the Anthem litigation and recent breaches of retirement plan employee information?
  • How can cybersecurity protections be incorporated into retirement plan contracts with (TPAs)?


Saad Gul
Saad Gul

Poyner Spruill

Mr. Gul focuses his practice on privacy and information security.He advises clients on a wide range of privacy, data...  |  Read More

Michael E. Slipsky
Michael E. Slipsky

Poyner Spruill

Mr. Slipsky focuses his practice on mergers and acquisitions, representing buyers and sellers in broad range of...  |  Read More

Davenport, Brenna
Brenna A. Davenport

Poyner Spruill

Ms. Davenport practices primarily in two areas of law, employee benefits and business law. In the area of employee...  |  Read More

Other Formats
— Anytime, Anywhere

Strafford will process CLE credit for one person on each recording. All formats include program handouts. To find out which recorded format will provide the best CLE option, select your state:

CLE On-Demand Video