[25450]
August 31, 2011
TO: PENSION MEMBERS No. 46-11BANK, TRUST AND RECORDKEEPER ADVISORY COMMITTEE No. 51-11
TRANSFER AGENT ADVISORY COMMITTEE No. 71-11
TECHNOLOGY COMMITTEE No. 8-11
PRIVACY ISSUES WORKING GROUP No. 4-11 RE: ICI WRITTEN STATEMENT TO ERISA ADVISORY COUNCIL ON PRIVACY AND SECURITY ISSUES
The Institute submitted the attached written statement for the September 1 meeting of the ERISA Advisory Council. [1] The council is studying, as one of the issues of the 2011 term, the impact of changes in technology on privacy and security issues affecting employee benefit plans. [2]; Our statement focuses on the experiences of the mutual fund industry and offers comments on lessons to be applied to retirement plans from the experience of fund companies.
Our statement first discusses in broad terms the regulatory framework under which mutual funds develop their policies and procedures for data privacy and security, with a focus on Regulation S-P. The statement then describes how the mutual fund industry is meeting the challenge of ensuring privacy and security of its customer data. Finally, we offer comments on lessons for retirement plans based on the experience of fund companies.
Our submission makes three key points:
- The regulatory framework under which funds design their security programs – such as Regulation S-P – works well because it is not prescriptive and provides funds broad discretion to tailor their security programs to their business and the needs of their investors.
- Technology and the security threats that mutual funds face change rapidly, and regulators must provide flexibility to allow financial institutions to adapt their policies and procedures to changing conditions.
- The fund industry has developed strong procedures and safeguards that rely on layered defenses, robust auditing, and a commitment from senior management. While fund companies’ procedures share common elements, there is no “one-size-fits-all” approach that is best for every fund company and its investors.
Anna Driggs
Associate Counsel Martin A. Burns
Director - Institutional Operations & Service
endnotes
[1] The ERISA Advisory Council – an Advisory Council on Employee Welfare and Pension Benefit Plans to the Department of Labor – is a council created by ERISA to provide advice and recommendations to the Secretary of Labor.; Historically, each year, the council focuses on three to four issues that it determines are important to the administration of ERISA. For each issue, the council defines the issue to investigate, takes testimony from witnesses, and submits a report of findings and recommendations to the Secretary. More information about the council is available at http://www.dol.gov/ebsa/aboutebsa/erisa_advisory_council.html.
[2] For more information about the council’s project, including an objective and scope, see http://www.dol.gov/ebsa/pdf/2011ACIssuePaper1.pdf.