Document Type
Working Paper
Date of this Version
12-1-2018
Abstract
The U.S. has no comprehensive national law governing cybersecurity and no uniform framework for measuring the effectiveness of protections, though retirement plan record keepers maintain the personally identifiable information on millions of workers, collecting names, birth dates, social security numbers, and beneficiaries. Plan sponsors frequently engage consultants and attorneys to help them secure sensitive data, but more work is necessary to engage a larger discussion around this issue. The SPARK Institute has outlined a flexible approach for an independent third-party reporting of cyber security capabilities with several key control objectives.
Keywords
Cybersecurity, Personally Identifiable Information (PII), benefit plans, data security, robo-advisor
Working Paper Number
WP2018-16
Copyright/Permission Statement
All findings, interpretations, and conclusions of this paper represent the views of the author(s) and not those of the Wharton School or the Pension Research Council. © 2018 Pension Research Council of the Wharton School of the University of Pennsylvania. All rights reserved.
Date Posted: 30 January 2019
Comments
The published version of this working paper may be found in the 2019 publication: The Disruptive Impact of FinTech on Retirement Systems.