The U.S. Department of Labor (DOL) issued an order for Alight Solutions for documents related to a security incident that could have led to Employee Retirement Income Security Act (ERISA) violations.
Alight offers recordkeeping, administration and consulting services to over 750 employee benefit plans with over 20 million members.
Right to make. The DOL began its investigation into Alight in 2019 after discovering unauthorized distributions due to a security breach.
The DOL said before the Seventh Circuit that Alight “failed to disclose those breaches and unauthorized distributions to plan clients for months.”
Alight Solutions Must Comply with Subpoena Issued by DOL
The DOL began investigating the incidents to determine if the parties involved in the breach had violated (or could infringe) ERISA (the Employee Retirement Income Security Act of 1974).
During the investigation, Alight argued that DOL handed down a summons, which Alight believed was excessively large and burdensome. The DOL was not able to issue the subpoena.
However, the Seventh Circuit ruled that the DOL is able to issue subpoenas similar to this and conduct investigations into non-fiduciaries, regardless of whether such companies only serve ERISA plans as administrative entities.
Also Read: How to Become a Cybersecurity Expert
The court agreed with the DOL in stating that the authority of the DOL under the law is contingent upon the requested information and its connection to the possibility of an ERISA violation. Walsh v. Alight Solutions, LLC, No. 21-3290, 2022 WL 334450 (7th Cir. Aug. 12, 2022).
In its opinion, the court ruled that “Whether or whether the Alight fiduciary is in place or not does have no bearing on the department’s investigative powers. . .]
Even if Alight has information about another company’s ERISA violations, the law allows the department to require the production of that information from Alight.
In contrast, a rule permits ERISA fiduciaries to escape the risk entirely by outsourcing their administration and recording tasks to non-fiduciary third parties while avoiding oversight by regulatory authorities.
Congress did not restrict the department’s authority to investigate this way.” Additionally, the court noted the following “As it is a fact that the U.S. Supreme Court has long recognized, the U.S. Supreme Court has long recognized,
Congress has incorporated into ERISA the requirement for loyalty and an average level of care,” which means that “the fairness of Alight’s cybersecurity services and the magnitude of any breaches is therefore important in determining whether ERISA has been breached whether from Alight its employees or employers who outsourced administration of their ERISA plans to Alight.”
Alight further argued that compliance with the subpoena could take many hours of effort. Still, the judge was not convinced with this assertion, noting that Alight did not provide evidence that compliance was burdensome enough.
The court stated that the case law supports the idea that “large production requests are not necessarily unduly burdensome,” however, the court found this to be restricted in the sense that it was a federal decision that agencies should not read this result as granting leave to issue administrative subpoenas that are overly cumbersome or that seek information not reasonably relevant to the investigation at hand.”
- The Top Three Benefits of Learning Cloud Security Skills
- 10 Best ways to Increase Cyber Company Security
- Unveiling 5 Essential Insights of Azure Data Lake
- The Importance of Cyber Security Solutions for Data Security and Compliance
- The Role of Data Analytics in improving Dairy Farm Milk Production
Follow Us on Twitter for more updates.