Bloomberg Law
Free Newsletter Sign Up
Bloomberg Law
Advanced Search Go
Free Newsletter Sign Up

Your 401(k) Data Is Fair Game for Cross-Selling, for the Moment

May 11, 2021, 4:32 PM

Emerging litigation and calls for regulatory oversight are catching up to a retirement industry that increasingly relies on participant data to market financial wellness programs.

A growing number of U.S. employers are offering workers financial wellness programs that complement retirement planning and investment help with more basic tools, such as emergency savings and household budgeting. Many employers turn to their retirement plan service providers to do that work; those companies have the expertise and, importantly, access to employee data that can inform service needs and funding goals.

But several recent lawsuits contend that, when those third-party providers use a participant’s data to sell them other financial products like high-interest credit cards or life insurance, their employers are breaching a fiduciary duty to avoid conflict-of-interest transactions. Those lawsuits are running up against a Democratic administration primed to redefine the roles of a fiduciary and crack down on cybersecurity breaches.

“Your computer is just there, and people don’t think about it in the same way that they think about pens and pencils in their drawer that are tangible and that they can touch,” said Joseph Lazzarotti, a principal at Jackson Lewis P.C. in Berkeley Heights, N.J. “I think people aren’t really understanding how prolific and ubiquitous data is and is becoming. I think that should be a big part of the concern.”

Data as a Plan Asset

Most litigation over retirement plan data has centered on classifying identifying information and investment preferences for participants in defined contribution-type plans. If that data is a “plan asset” just like the dollars and cents workers invest, their employers would have a fiduciary obligation to carefully monitor who has access to it and how they use it, too.

No federal court has ruled that data is a plan asset. The U.S. Court of Appeals for the Seventh Circuit in Divane v. Northwestern University in 2018 said that although data can hold economic value, it doesn’t meet the definition of an asset under “ordinary notions of property rights.”

Earlier this year, a judge with the U.S. District Court for the Southern District of Texas in Harmon v. Shell Oil Co. relied on the Employee Retirement Income Security Act and regulatory use of the phrase “plan assets,” which consistently have meant financial investments alone, the court said.

That may be enough to cut short future data-as-a-plan-asset plaintiffs facing dismissal motions, said Catherine Reagan, an associate at Trucker Huss APC in San Francisco. Oral arguments on an outstanding motion to dismiss are scheduled before the U.S. District Court for the Southern District of New Jersey on June 2 for what Reagan called the next major case, Berkelhammer v. ADP TotalSource Group Inc.

Yet, at least four university annuity 403(b) plan excessive-fees cases have ended in settlements expressly prohibiting the use of data for cross-selling purposes unless the participants ask about other financial products a firm sells. Those have some plan sponsors worried.

Retirement data-sharing isn’t a settled matter of law, said Joan Neri, counsel for employee plan sponsors and service providers at Faegre Drinker Biddle & Reath LLP in Florham Park, N.J. She’s telling her clients to address the uncertainty head-on, negotiating the ways data can and can’t be used from the start.

“I have plan sponsor clients who ask the question and want to know what to do and what are the best practices,” she said in an interview. “We come up with a checklist using service provider agreements and disclosures. We’re helping employers navigate this space.”

Labor Department Acts

With current case law on their side, recordkeepers and data custodians may be tapping a burgeoning market for financial products outside traditional 401(k)s and 403(b)s, Neri said. A PricewaterhouseCoopers survey this month says more than 87% of employees want help with their personal finances. Covid-19 has only exacerbated that need, driving three-quarters of workers who said their finances were impacted by the pandemic to seek jobs that offer additional financial benefits.

“I think that there is a willingness and a desire to provide these financial wellness services because it not only enhances an employer’s understanding of where retirement benefits fall within their entire benefit package, but it is also an employee benefit that employees value and certainly need,” Neri said. “There’s an expectation now that those additional services will be provided.”

The U.S. Labor Department’s Employee Benefits Security Administration issued cybersecurity guidance for the first time last month, complete with tips for plan sponsors hiring outside providers with strong cybersecurity practices and ways to “monitor their activities.” That guidance even has best practices for recordkeepers managing their data risks.

EBSA’s Acting Assistant Secretary Ali Khawar told the ERISA Advisory Council last month that the agency’s cybersecurity guidance was “just the beginning from an interpretive standpoint.” He asked the council to investigate plan sponsor insurance options to protect against third parties who misuse plan participant data.

The agency didn’t respond to requests for comment.

To contact the reporter on this story: Austin R. Ramsey in Washington at

To contact the editors responsible for this story: Martha Mueller Neff at; Jay-Anne B. Casuga at