stay current with news & events

Webinar: ERISA Fiduciaries, Data Privacy and Cybersecurity Risks: HIPAA, HITECH, and ERISA Preemption of State Data Breach Laws

20 June 2017
Poyner Spruill
Tuesday, June 20, 2017
1:00pm-2:30pm EDT, 10:00am-11:30am PDT
Register Here

This CLE webinar will provide guidance to employee benefits counsel on trends in data breaches for ERISA healthcare and retirement plans, lessons from recent BCBS/Anthem litigation, ERISA fiduciary obligations, ERISA preemption of state data breach laws, and contractual risk mitigation with third-party administrators (TPAs).


Data breach prevention and response is an increasingly serious issue for many industries. Anthem’s data breach affected employers and health plans nationwide, confirming that health plans and insurers are not immune. Plan sponsors and fiduciaries must take great care to comply with complex regulations that differ based on the type of plan involved.

Last year two retirement plan administrators experienced data breaches. Unlike the liability for breaches of healthcare plans where the standards and liability are more certain (e.g., HIPAA, HITECH), the standards and liability under ERISA for retirement benefits plans are inconclusive. There is no case law regarding whether ERISA fiduciaries have a fiduciary duty to take reasonable measures to prevent data breaches, and unlike HIPAA and HITECH, the liability for violations of ERISA fiduciary duties is personal to the individual fiduciary.

While regulatory guidance to ERISA administrators and fiduciaries regarding data breaches is scarce, the ERISA Advisory Council recently provided DOL with limited guidance on cybersecurity risks. However, the guidance addresses neither the scope of ERISA fiduciary obligations regarding cybersecurity, nor whether ERISA preempts state data breach laws. While the court in the Anthem litigation held that the state law claims were preempted by ERISA, there is a dearth of case law on this issue.

Listen as our esteemed panel provides guidance to benefits counsel on trends in data breaches of ERISA healthcare and retirement plans. The panel will review the recent BCBS/Anthem litigation, discuss the scope of fiduciary obligations to prevent breaches, ERISA preemption of state data breach laws, and contractual risk mitigation with TPAs.


  • Trends in ERISA data breaches: health care and retirement plans
  • Lessons from the BCBS/Anthem litigation
  • ERISA fiduciary obligations with respect to data breaches
  • Trends in ERISA preemption litigation and what it portends for preemption of state data breach laws
  • Incorporating cybersecurity protections into retirement plan contracts with TPAs


The panel will review these and other key issues:

  • What specific obligations do plan sponsors and fiduciaries have when responding to an occurrence of a data breach?
  • How can plan sponsors manage their breach response to safeguard plan data, achieve an effective response, and reduce the risk of legal and regulatory action?
  • What lessons can be learned from the Anthem litigation and recent breaches of retirement plan employee information?
  • How can cybersecurity protections be incorporated into retirement plan contracts with (TPAs)?


Saad Gul

Mr. Gul focuses his practice on privacy and information security.He advises clients on a wide range of privacy, data security, and cyber liability issues, including risk management plans, regulatory compliance, cloud computing implications, and breach obligations. He writes and speaks regularly on privacy, data security, and cyber liability issues. He is the author of over a dozen published law review articles, as well as a number of articles in trade journals. He has also served on the Cyber Security Task Force of the U.S. Chamber of Commerce.

Michael E. Slipsky

Mr. Slipsky focuses his practice on mergers and acquisitions, representing buyers and sellers in broad range of industries. He also counsels clients on a variety of privacy and information security matters, including HIPAA compliance and data breach prevention and responses. Additionally, he advises clients on a broad range of corporate and securities matters, including corporate reorganizations and restructurings, commercial contracts, corporate governance, the formation and maintenance of business entities, and securities offerings.

Brenna A. Davenport

Ms. Davenport practices primarily in two areas of law, employee benefits and business law. In the area of employee benefits, she represents clients in the design, implementation and administration of retirement, welfare, fringe, and executive compensation plans. In the area of business law, she advises small and midsize closely held corporate clients and non-profit entities regarding a broad range of corporate transactional matters.

Communication Agreement

I understand and agree that Poyner Spruill LLP will have no obligation to keep confidential the information that I am now sending to the firm.