Wharton Pension Research Council Working Papers
 

Document Type

Working Paper

Date of this Version

12-1-2018

Abstract

The U.S. has no comprehensive national law governing cybersecurity and no uniform framework for measuring the effectiveness of protections, though retirement plan record keepers maintain the personally identifiable information on millions of workers, collecting names, birth dates, social security numbers, and beneficiaries. Plan sponsors frequently engage consultants and attorneys to help them secure sensitive data, but more work is necessary to engage a larger discussion around this issue. The SPARK Institute has outlined a flexible approach for an independent third-party reporting of cyber security capabilities with several key control objectives.

Comments

This Working Paper is part of a forthcoming publication, entitled The Disruptive Impact of FinTech on Retirement Systems.

Keywords

Cybersecurity, Personally Identifiable Information (PII), benefit plans, data security, robo-advisor

Working Paper Number

WP 2018-16

Copyright/Permission Statement

All findings, interpretations, and conclusions of this paper represent the views of the author(s) and not those of the Wharton School or the Pension Research Council. © 2018 Pension Research Council of the Wharton School of the University of Pennsylvania. All rights reserved.

Included in

Finance Commons

Share

COinS
 

Date Posted: 30 January 2019