>>
What Should Benefit Plan Fiduciaries Do In the
Absence of Clear Rules Regarding Protection of PII?
Recognizing that ERISA plan fiduciaries
are charged with meeting a prudence
standard when discharging their duties
solely in the interest of plan participants
and beneficiaries, fiduciaries must not
only act prudently in responding to a
breach of their plan participants’ PHI,
but should also consider developing
prudent policies and procedures with
respect to the handling and transmission
of all PII, participant data, and PHI, in
the regular course, as well as notification
and remediation measures for breaches of
same.
Establishing an appropriate PII Privacy
& Protection Policy is complicated