7th Circuit Affirms DOL Authority to Investigate ERISA Plan Cybersecurity

Summary

A defined contribution (DC) plan recordkeeper must comply with a broad Department of Labor (DOL) administrative subpoena seeking information about cybersecurity practices, the 7th US Circuit Court of Appeals has ruled (Walsh v. Alight Solutions, No. 21-3290 (7th Cir. Aug. 12, 2022)). The subpoena stems from DOL's investigation of alleged cybersecurity breaches, which the agency says led to unauthorized benefit distributions. As part of the investigation, DOL is seeking a wide range of documents and communications, including information about Alight's plan sponsor clients and participants.