National Conference on Public Employee Retirement Systems

The Voice for Public Pensions

Blog

Data Breaches: A Looming Threat for Pension Administrators

By: ABL Tech Team 

Data breaches are a constant worry in today's digital age. Even industry giants aren't immune, as high-profile cases involving UnitedHealthcare and AT&T demonstrate. These incidents highlight the vulnerability of sensitive data, which is a major concern for pension administrators entrusted with protecting participants' financial information. 

This is an excerpt from NCPERS Summer 2024 issue of PERSist.

Data breaches are a constant worry in today's digital age. Even industry giants aren't immune, as high-profile cases involving UnitedHealthcare and AT&T demonstrate. These incidents highlight the vulnerability of sensitive data, which is a major concern for pension administrators entrusted with protecting participants' financial information. 

The Risk of Data Breaches in Pension Administration
Pension plans often manage a wealth of sensitive information, including Social Security numbers, addresses, and salary data. A data breach can have severe consequences for both the administrator and plan participants:
  • Identity Theft and Financial Loss: Exposed data can be used for fraudulent purposes, leaving participants vulnerable to identity theft and potentially leading to financial losses.
  • Regulatory Scrutiny and Investigations: Data breaches can trigger investigations and from regulatory bodies for both the administrator and any third-party vendors involved.
  • Erosion of Trust: A breach can shatter plan participant confidence in the administrator's ability to safeguard their financial future. This can lead to reputational damage and even legal action.

Protecting Member Data: A Shared Responsibility
While the primary responsibility lies with the pension administrator, data security is a shared effort.

Here's why:
  • Third-Party Vendors: Pension administrators often rely on external vendors like data analysis services to streamline operations. This creates a shared responsibility – both the administrator and the vendor must prioritize data security.
  • Evolving Threat Landscape: Cybercriminals are constantly developing new methods to exploit vulnerabilities. Staying ahead of these threats requires ongoing vigilance and collaboration.

Strategies for Enhanced Security
To mitigate the risk of data breaches, pension administrators can implement several strategies:
  • Strict Data Security Protocols: Implementing strong encryption for data at rest and in transit, following industry standards and best practices.
  • Vendor Due Diligence: Carefully vetting and selecting third-party vendors with a proven track record of robust data security practices.
  • Employee Training: Regularly educating employees on cyber threats and best practices for secure data handling.
  • Regular Security Audits: Conducting periodic assessments to identify and address potential vulnerabilities in systems and procedures.
  • Disaster Recovery Plan: Having a well-defined plan in place to respond to a breach, minimize damage, and notify participants promptly.

Building Trust Through Transparency
Transparency is crucial in building trust with plan participants. In the unfortunate event of a data breach, administrators should:
  • Prompt Notification: Communicate the nature and extent of the breach promptly, providing clear instructions on how members can protect themselves.
  • Credit Monitoring: Offer affected participants credit monitoring services to help them detect and address potentially fraudulent activity.
  • Ongoing Support: Provide resources and support to help participants understand the risks and take steps to safeguard their personal information.

Elevated Risks of Partnering with Previously Breached Agencies
Working with agencies that have already experienced data breaches poses a heightened risk to security and operational integrity. These agencies might have unresolved vulnerabilities or insufficiently addressed security gaps, making them prime targets for future attacks. Additionally, compromised data from previous breaches can be exploited by cybercriminals to engineer more sophisticated and targeted attacks.

Choosing the Right Advisors: Putting Members First
In the aftermath of a data breach, pension administrators may consider seeking external assistance. However, it's crucial to choose advisors who prioritize the members' best interests.

Here's why:
  • Alignment of Interests: Some advisors may have a vested interest in promoting specific products or services, which might not always align with the long-term goals of the pension plan.
  • Understanding Member Needs: Effective advisors should possess a deep understanding of the specific needs and financial situations of the plan participants. Generic solutions may not be the best approach.
  • Transparency and Disclosure: Choose advisors who are transparent about their fees and compensation structures. This fosters trust and ensures participants are aware of any potential conflicts of interest.

By prioritizing member-focused advisors, pension administrators can navigate challenges like data breaches while ensuring the financial security of their participants. This focus on member well-being strengthens trust and reinforces the administrator's commitment to its core responsibility.

Bio: ABL Tech is a data and technology company that specializes in helping organizations like insurance companies, pension funds, and financial institutions with mortality verification and beneficiary identification. Their services include mortality verification also known as a death audit, data analysis, and algorithms to ensure accurate records and prevent fraud. Their headquarters are in Orlando, Florida and their website is www.abltech.com 

Comments

There have been no comments made on this article. Why not be the first and add your own comment using the form below.

Leave a comment

Please complete the form below to submit a comment on this article. A valid email address is required to submit a comment though it will not be displayed on the site.

HTML has been disabled but if you wish to add any hyperlinks or text formatting you can use any of the following codes: [B]bold text[/B], [I]italic text[/I], [U]underlined text[/U], [S]strike through text[/S], [URL]http://www.yourlink.com[/URL], [URL=http//www.yourlink.com]your text[/URL]

Contributors