Participant Data: Recent Lawsuits May Make Protection of Personal Information a Priority

Safeguarding Participant Data

Although ERISA does not explicitly designate participant data as a plan asset, recent litigation suggests that plan sponsors will want to make an effort to safeguard data and limit what they share with service providers.

There are several best practices for plan sponsors that have emerged as a result of the settlements.

What you should know

Plan participants do not approve of personal information being used to cross-sell. Recent litigation suggests that plan participants are not interested in having their personal information used to help recordkeepers or advisors market other products and services to them. This data includes investment choices, age, and account balances among other factors.
Recent settlement impacts responsibilities of plan sponsors. A case brought by participants in a Vanderbilt University plan argued that participant data should be covered under ERISA as a plan asset^[1]. The case relied on an expanded interpretation of Interpretive Bulletin 96-1 from the Department of Labor on investor education to require fiduciary protection of information. While the court did not rule on the participants' claim, Vanderbilt agreed in a settlement to prohibit the plan's recordkeeper from using participant information acquired in the course of providing recordkeeping services to market other products or services to participants unless a request for such products or services is initiated by a participant.
For the first time a recordkeeper has been named in a suit alleging the use of participants’ personal information to market financial products. Shell Oil Co. and Fidelity have been hit with a recent proposed class action alleging excessive fees and improper use by Fidelity of participants’ personal data as a way to market Fidelity’s products even though those products are unrelated to the plan. Fidelity denies that it used participant information in this manner.^[2]
Plan sponsors should begin discussions on data protection with service providers at the RFP phase.It is advisable for plan sponsors to inquire about what data is needed by a service provider and for what purpose during the RFP phase of engagement. Information about cross-marketing and cybersecurity practices should also be obtained through the RFP phase and a limited scope for the use of participant data should be established.

$14.5M

The amount Vanderbilt University paid to resolve claims over incorrect use of participant data^[1]

Schedule an appointment

SCHEDULE NOW

Find a branch near you

FIND NOW

Important Legal Disclosures and Information

1. Cassell v. Vanderbilt Univ., Case No. 3:16-CV-02086, District Court for the Middle District of Tennessee (4/22/19)

2. Harmon et al. v. Shell Oil Company et al., Case No. 3:20-CV-00021, District Court for the Southern District of Texas)

The material presented herein is of a general nature and does not constitute the provision by PNC of investment, legal, tax, or accounting advice to any person, or a recommendation to buy or sell any security or adopt any investment strategy. Opinions expressed herein are subject to change without notice. The information was obtained from sources deemed reliable. Such information is not guaranteed as to its accuracy.

The PNC Financial Services Group, Inc. (“PNC”) uses the marketing name PNC Institutional Asset Management® for the various discretionary and non-discretionary institutional investment, trustee, custody, consulting, and related services provided by PNC Bank, National Association (“PNC Bank”), which is a Member FDIC, and investment management activities conducted by PNC Capital Advisors, LLC, an SEC-registered investment adviser and wholly-owned subsidiary of PNC Bank (“PNC Capital Advisors”). PNC does not provide legal, tax, or accounting advice unless, with respect to tax advice, PNC Bank has entered into a written tax services agreement. PNC Bank is not registered as a municipal advisor under the Dodd-Frank Wall Street Reform and Consumer Protection Act.

“PNC Institutional Asset Management” is a registered mark of The PNC Financial Services Group, Inc.

Investments: Not FDIC Insured. No Bank Guarantee. May Lose Value.