Cybersecurity Attack Warning Clauses
(Defined Contribution Plan) (Summary Plan Description)

Summary

Use these clauses in a defined contribution retirement plan's summary plan description (SPD) to educate participants about the risks of cybercrime that have become prevalent among retirement plans. They provide language to warn plan participants of the dangers of cybersecurity issues relative to the plan's operation and recordkeeping. These clauses include practical guidance and drafting notes. Defined contribution retirement plans are especially susceptible to cybersecurity and data security attacks. A participant is particularly susceptible to damages at times during which such participant is receiving distributions or loans. Plan sponsors and other fiduciaries must take steps to secure participant information provided to vendors in order to protect the security of plan data, as is consistent with their fiduciary duties under ERISA. As there has been limited guidance on the part of the Department of Labor (DOL) when it comes to fiduciary responsibility regarding the protection of plans against privacy and risks of cybersecurity attacks, this topic has been one of much debate. For similar clauses available for a defined benefit plan SPD, see {Cybersecurity Attack Warning Clauses (Defined Benefit Plan) (Summary Plan Description)}. For a listing of key content regarding cybersecurity issues in retirement plans, see Cybersecurity for Qualified Retirement Plans Resource Kit.