Service providers for 401(k) and other retirement plans require access to personal data on participants including name, age, address, date of hire, compensation and possibly social security number to provide recordkeeping services. Are these plan service providers simply taking advantage of a business opportunity or are they improperly exploiting information that is a  plan asset that plan fiduciaries must protect?

At least one district court has concluded that the personal information of retirement plan participants is not a plan asset because it is not “property the plan could sell or lease” (see Divane v. Northwestern University which is discussed in more detail here.

But there is a thriving commercial market for personal information and it is bought and sold for marketing purposes every day (think Google here). So, should retirement plan fiduciaries act to protect the personal information of plan participants while the courts sort this out? Recent settlements in cases involving Vanderbilt University and Johns Hopkins University strongly suggest that the answer to that question is “yes.”

These settlements, in addition to requiring the payment of millions of dollars to resolve a variety of claims involving retirement plan administration, also require the university plan sponsors to prohibit plan service providers from soliciting current plan participants to “cross-sell” their non-plan products and services. Participant data has value and, like medical records, is not disclosed to service providers with the expectation that it will be used by the provider for its own commercial purposes.

Takeaways:

Plan fiduciaries should protect participant information from non-plan use by plan service providers. Whether the basis for doing so is protection of personal privacy or the preservation of “plan assets,” the trend is clear. And that is the case because one court’s conclusion that personal information is not “property” simply does not reflect commercial reality.

Plan fiduciaries can take action by including appropriate provisions in their agreements with plan service providers. For plans in mid contract, consider inquiring about the non-plan use of participant data and objecting to any such use that comes to their attention. Plan service providers themselves need to take stock of their sales practices and evaluate them in the light of the Vanderbilt and Johns Hopkins settlements as well as any opinion that may be issued in the appeal of Divane v. Northwestern University.

About the Author

Andrew S. Williams has practiced in the employee benefits and ERISA arena since ERISA was passed in 1974. He has been recognized by his peers through a survey conducted by Leading Lawyers Network as among the top 5 percent of Illinois lawyers in Small, Closely and Privately Held Business Law and Employee Benefit Law. He maintains a website, Benefits Law Group of Chicago, with additional updates, commentary and analysis on benefits and employment topics.

The above material is intended for general information purposes and should not be relied on or construed as professional advice. Under the applicable Illinois Rules of Professional Conduct, the contents of this e-mail may be considered to be attorney advertising. The transmission of this information is not intended to create, and receipt of it does not create a lawyer-client relationship.

Copyright © 2019 Golan Christie Taglia LLP. All rights reserved

Picture Credit: CanStockPhoto,com