Alight Solutions Must Comply with Subpoena Issued by DOL in Cybersecurity Incident Investigation

Alight offers recordkeeping, administration and consulting services to over 750 employee benefit plans with over 20 million members.

The U.S. Department of Labor (DOL) issued an order for Alight Solutions for documents related to a security incident that could have led to Employee Retirement Income Security Act (ERISA) violations.

Alight offers recordkeeping, administration and consulting services to over 750 employee benefit plans with over 20 million members.

Right to make. The DOL began its investigation into Alight in 2019 after discovering unauthorized distributions due to a security breach.

The DOL said before the Seventh Circuit that Alight “failed to disclose those breaches and unauthorized distributions to plan clients for months.”

Alight Solutions Must Comply with Subpoena Issued by DOL

Alight Solutions

The DOL began investigating the incidents to determine if the parties involved in the breach had violated (or could infringe) ERISA (the Employee Retirement Income Security Act of 1974).

During the investigation, Alight argued that DOL handed down a summons, which Alight believed was excessively large and burdensome. The DOL was not able to issue the subpoena.

However, the Seventh Circuit ruled that the DOL is able to issue subpoenas similar to this and conduct investigations into non-fiduciaries, regardless of whether such companies only serve ERISA plans as administrative entities.

Also ReadHow to Become a Cybersecurity Expert

The court agreed with the DOL in stating that the authority of the DOL under the law is contingent upon the requested information and its connection to the possibility of an ERISA violation. Walsh v. Alight Solutions, LLC, No. 21-3290, 2022 WL 334450 (7th Cir. Aug. 12, 2022).

In its opinion, the court ruled that “Whether or whether the Alight fiduciary is in place or not does have no bearing on the department’s investigative powers. . .]

Even if Alight has information about another company’s ERISA violations, the law allows the department to require the production of that information from Alight.

In contrast, a rule permits ERISA fiduciaries to escape the risk entirely by outsourcing their administration and recording tasks to non-fiduciary third parties while avoiding oversight by regulatory authorities.

Congress did not restrict the department’s authority to investigate this way.” Additionally, the court noted the following “As it is a fact that the U.S. Supreme Court has long recognized, the U.S. Supreme Court has long recognized,

Congress has incorporated into ERISA the requirement for loyalty and an average level of care,” which means that “the fairness of Alight’s cybersecurity services and the magnitude of any breaches is therefore important in determining whether ERISA has been breached whether from Alight its employees or employers who outsourced administration of their ERISA plans to Alight.”

Alight further argued that compliance with the subpoena could take many hours of effort. Still, the judge was not convinced with this assertion, noting that Alight did not provide evidence that compliance was burdensome enough.

The court stated that the case law supports the idea that “large production requests are not necessarily unduly burdensome,” however, the court found this to be restricted in the sense that it was a federal decision that agencies should not read this result as granting leave to issue administrative subpoenas that are overly cumbersome or that seek information not reasonably relevant to the investigation at hand.”

Follow Us on Twitter for more updates.

Back to top button

Please Disable AdBlock.

We hope you're having a great day. We understand that you might have an ad blocker enabled, but we would really appreciate it if you could disable it for our website. By allowing ads to be shown, you'll be helping us to continue bringing you the content you enjoy. We promise to only show relevant and non-intrusive ads. Thank you for considering this request. If you have any questions or concerns, please don't hesitate to reach out to us. We're always here to help. Please Disable AdBlock.