Confero Summer 2015: Issue 11 | Page 11

>> What Should Benefit Plan Fiduciaries Do In the Absence of Clear Rules Regarding Protection of PII? Recognizing that ERISA plan fiduciaries are charged with meeting a prudence standard when discharging their duties solely in the interest of plan participants and beneficiaries, fiduciaries must not only act prudently in responding to a breach of their plan participants’ PHI, but should also consider developing prudent policies and procedures with respect to the handling and transmission of all PII, participant data, and PHI, in the regular course, as well as notification and remediation measures for breaches of same. Establishing an appropriate PII Privacy & Protection Policy is complicated