Another regulator has started policing cybersecurity. A few weeks after the U.S. Department of Labor (DOL) issued its first cybersecurity guidance addressing retirement and employee health plans, the agency began requesting documents from companies about their efforts to guard their retirement plans. The guidance provides companies with the types of questions the DOL investigators will ask during its routine audits of plans, according to the agency. This article describes the DOL’s recent investigatory approach and analyzes its three-part guidance, with insight from Morgan Lewis attorneys. See “Expect Continuing Regulatory Focus on Cybersecurity and Data Protection in 2021
” (Feb. 3, 2021).