Identity Theft and Internet Fraud Warning Clauses
(Retirement Plan) (Summary Plan Description)

Summary

Use these clauses in a qualified retirement plan's summary plan description to warn plan participants of the dangers of identity theft incidents and data security attacks with respect to their retirement plan account. This includes warnings for incidents with respect to distributions and loans. These clauses include practical guidance, drafting notes, and an alternate clause. Plan sponsors and other fiduciaries must take steps to secure participation information provided to vendors in order to protect the security of plan information—as is consistent with their fiduciary duties under ERISA (especially that of the duty of prudence). As there has been limited guidance on the part of the Department of Labor when it comes to fiduciary responsibility with respect to the protection of plans against privacy and risks of cybersecurity attacks, this topic has been one of much debate. These clauses provide sample language to warn participants of identity theft and internet fraud issues that can appear in the plan's Summary Plan Description (SPD). For more information on cybersecurity and identity protection issues related to ERISA plans, see Privacy Risks for Retirement and Other Non-Health Benefit Plans. For additional language required by law in a summary plan description, see Summary Plan Description Resource Kit. Also see ERISA Fiduciary Duties.