Date of this Version
The U.S. has no comprehensive national law governing cybersecurity and no uniform framework for measuring the effectiveness of protections, though retirement plan record keepers maintain the personally identifiable information on millions of workers, collecting names, birth dates, social security numbers, and beneficiaries. Plan sponsors frequently engage consultants and attorneys to help them secure sensitive data, but more work is necessary to engage a larger discussion around this issue. The SPARK Institute has outlined a flexible approach for an independent third-party reporting of cyber security capabilities with several key control objectives.
Cybersecurity, Personally Identifiable Information (PII), benefit plans, data security, robo-advisor
Working Paper Number
All findings, interpretations, and conclusions of this paper represent the views of the author(s) and not those of the Wharton School or the Pension Research Council. © 2018 Pension Research Council of the Wharton School of the University of Pennsylvania. All rights reserved.
Date Posted: 30 January 2019
The published version of this working paper may be found in the 2019 publication: The Disruptive Impact of FinTech on Retirement Systems.