Your retirement plan has a list of your financial assets, a history of your investment choices, and insight into how much money you’ll have in your golden years, but that personal data isn’t safeguarded the same way your savings are.
Should it be?
The 1974 law governing employee benefits plans is silent on how that information should be handled when it’s transferred to a third-party vendor like a record keeper. Courts are being asked if the data constitutes a plan asset that imposes specific obligations on the person or people who manage the plan under the Employee Retirement Income Security Act.
If the courts agree, it could drastically add to the list of people who could be held liable for a breach of fiduciary duty and lead to increased litigation.
“It’s an emerging argument in litigation, and it may end up being an emerging issue depending on how courts rule,” said Jeffrey Robertson, an attorney at Barran Liebman LLP in Portland, Ore., who represents plan sponsors.
Selling to Marketers
Benefits attorneys say it’s not clear what responsibilities plan professionals have when it comes to handling participants’ financial data.
“What’s not so clear is the extent to which people in possession of the data can benefit from it,” said Roberta Casper Watson, a partner at the Wagner Law Group in Tampa, Fla., who heads the firm’s health and welfare practice group.
“Assuming they don’t undermine the individual’s own credit history and so forth, can they sell it to people to market products? That’s sort of the new frontier being explored,” she said.
Participants in Shell Oil Co.’s 401(k) plan filed a lawsuit Jan. 24 against the company and its record keeper for doing just that.
The participants say Shell allowed the plan’s record keeper, Fidelity Investments Institutional Operations Co., to use their confidential information to aggressively market financial products and services that were not part of the plan.
“Plan participants have an expectation that their confidential plan participant data will be protected by the plan sponsor and not disclosed outside of the plan for non-plan purposes, such as allowing the plan’s record keeper to proactively solicit participants to invest in retail financial products and services,” attorneys for the participants said in their complaint.
Benefits attorneys say it’s striking how little law exists on which to form a basis for these new theories of liability.
In a 2013 advisory opinion, the Labor Department said that “assets of an employee benefit plan generally are to be identified on the basis of ordinary notions of property rights.”
“There’s no specific language in the statute or any of ERISA’s regulations that speak to the uses for participant plan data like this,” said Brian Netter, partner at Mayer Brown LLP who co-chairs the ERISA litigation practice. “So there’s a sense in which the litigation is occurring on a blank slate.”
Fidelity Investments denied that it improperly used participant plan data for its own benefit.
“Fidelity simply does not engage in the type of unauthorized solicitation of plan participants described in the complaint,” Fidelity spokesman Michael Aalto said in a statement to Bloomberg Law. “We fully intend to mount a strong defense against this frivolous lawsuit.”
Not a Plan Asset
A federal judge in Illinois ruled in 2018 that participant data—including contact information, choice of investments, and employment status—was not a plan asset in a lawsuit against Northwestern University’s retirement plan.
Plan participants alleged Northwestern breached its fiduciary duties by failing to stop its record keeper from using participant data to market products, among other things.
“Plaintiffs cite no case in which a court has held that such information is a plan asset for purposes of ERISA,” said Judge Jorge L. Alonso of the U.S. District Court for the Northern District of Illinois. “This court does not intend to be the first.”
The plan participants have appealed that ruling to the U.S. Court of Appeals for the Seventh Circuit. Arguments were heard in May.
“We are all waiting for the courts to determine what the standards are,” Robertson, of Barran Liebman, said.
Attorneys at the St. Louis-based Schlichter Bogard & Denton are representing the plan participants in the case against Shell Oil and Fidelity Investments, as well as the participants in the Northwestern case.
More and more record keepers are attempting to use the sale of participant data to replace revenue lost from reductions in retirement plan fees, Jerry Schlichter, the firm’s founding and managing partner, said.
Schlichter’s firm was the first to bring cases targeting high plan fees in retirement plans and win big settlements, like $55 million from ABB Inc.’s pension plan in 2019. The firm also recently got settlements of $14.5 million from Vanderbilt University and $14 million from Johns Hopkins University over allegations that they mismanaged their respective retirement plans. As part of the class settlements, both schools agreed to prohibit record keepers from marketing their products and services to plan participants.
Because Schlichter’s excessive fee cases emboldened other firms to bring similar claims, some attorneys wonder if the next wave of litigation will be over participant data. It depends on what the appeals court says the standard is in the Northwestern case, Robertson said.
“If it’s a plan asset, it has the potential to be a burgeoning area because I don’t believe a lot of plan sponsors, attorneys, or anyone else have ever considered the participant data a plan asset,” he said.
While courts have a role to play in ensuring fiduciaries are following the practices of the industry, some attorneys say the judiciary shouldn’t be getting ahead of industry and crafting new rules.
“Insofar as the problem here is created by new technology and new uses of information, it has to be government via Congress or the Department of Labor to step in and create new rules,” Netter said.
It would be helpful to plan participants if the Labor Department stepped in, but record keepers should be stopped in the interim from using participants’ very sensitive information to make money, Schlichter said.
“This practice is becoming more common, and we consider it a fiduciary breach,” he said.