California Attorney General Issues CCPA FAQs

With the California Consumer Privacy Act (CCPA) now in effect (January 1, 2020) and enforceable by California’s Attorney General (“AG”) (July 1, 2020), the AG has published Frequently Asked Questions (FAQs). Designed to aid consumers in exercising their rights under the CCPA, the FAQs also contain helpful reminders for businesses and service providers regarding their obligations … Continue Reading

Is Personal Information of Retirement Plan Participants an ERISA Plan Asset?

By Joseph J. Lazzarotti on July 9, 2020 Posted in: California Consumer Privacy Act, Employee Benefit Plans, Financial Services, Identity Theft, Information Risk, Third Party Service Providers, Workplace Privacy, Written Information Security Program

A little more than one year ago, we reported on a settlement (Cassell et al. v. Vanderbilt University, et al.) involving the alleged wrongful use of personal information belonging to retirement plan participants, claimed to be “plan assets.” This year, similar claims have been made against Shell Oil Company in connection with its 401(k) plan. Retirement … Continue Reading

University Settles Claims Involving Use of Retirement Plan Participant Data For Cross-Selling by Recordkeeper

By Joseph J. Lazzarotti on May 7, 2019 Posted in: Data Security, Employee Benefit Plans, Information Management, Information Risk, Third Party Service Providers, Workplace Privacy

Wrongful use of retirement plan participant data was among the claims made by a class of 40,000 participants against the plan sponsor and others in Cassell et al. v. Vanderbilt University et al. Specifically, the plan participants claimed that the University inter alia breached its “loyalty and prudence” duty by failing to protect confidential employee … Continue Reading