Skip navigation
computer-personal-data-security.jpg kelvn/iStock/Getty Images Plus

The Retirement Privacy Dilemma

Data is critical to the proper administration of retirement plans. But who owns it?

A court case decided last March, Harmon v. Shell Oil Co., reignited a unique thought into our collective thinking about the breach of fiduciary duty under ERISA. At the heart of this case—and other similar lawsuits—is the use of plan and participant data and the questions of whether such data is an “asset” of the plan and who has authority over it. Before we begin to unpack these questions, it is useful to consider why this question is coming up now. 

Data has been critical to proper administration of retirement and health plans as long as there have been employment-based benefits.  Employers need to give service providers information on their employees to assist in the administration of a plan. And the maintenance of the plan itself generates all kind of data. Meanwhile, the era of inexpensive electronic storage has allowed more and more data to be retained indefinitely.

Data, in turn, is critical to help solve ongoing challenges employers face. Take, for example, non-discrimination testing—a brilliant concept built into our retirement system, which demonstrates that the plan does not discriminate in favor of highly compensated individuals and incentivizes senior management to get rank and file employees both into the plan and contributing as much as they can. To do this, company executives typically rely on their service providers to increase participation and contribution rates. This has served us well since the introduction of the 401(k).

Separate and apart from meeting the demands of the nondiscrimination testing, employers have increasingly seen assisting employees in achieving a secure retirement as a critical goal in and of itself. Benefits managers take pride in making sure employees take full advantage of the 401(k) and other financial benefit programs the employer offers.

However, in recent years, service providers’ efforts to get more employees into a plan have run into the reality of competing financial demands. An ever-increasing number of potential plan participants want help determining if their next dollar should go into their 401(k), used to pay off student loan debt, be deposited into an HSA or some other financial demand. Employers have turned to their service providers for help on this, and in turn service providers have responded with financial wellness programs. 

The term “financial wellness” is relatively new, but the concept has been around for as long as individuals have needed financial guidance. Historically, wealthy individuals would hire a personal financial advisor to assist them in making complicated financial decisions. Now with the demand for personal financial guidance expanding to all employees, the individual financial advisor model does not scale. Technology offers a cost-effective solution, but it collides with growing concerns of personal privacy. Using core data and AI, those offering financial advice can provide a mass market solution. But making this work for employees at reasonable cost hinges on the use of core data. 

The growing need to use data to provide solutions leads to questions that we hear posed constantly: Who owns the data of a 401(k) plan? Does the plan own the data? Does the employer own the data? Does the plan participant own the data?

In this new data driven world, reasonable arguments are being expressed for each scenario above. But none of these seem quite right. Although the plan belongs to the employer, and much of the data is simply employment data, it does not seem consistent with ERISA to say the employer “owns” it. If the plan “owns” the data, that seems to fly in the face of the privacy rights we think of participants having in what is, after all, information about them. But if the participant owns that data, that creates a lot of obstacles for administering the plan. (We have recently had to fight off efforts in the states that would give participants the rights to have data deleted, as the states are mandating for data held by internet companies.) 

This question of “ownership” of data is intertwined with a very complex and nuanced legal topic—whether data is a “plan asset” for ERISA purposes. In Harmon v. Shell Oil, the plaintiffs argued that because the plan’s recordkeeper had possession of various pieces of plan and participant data, the recordkeeper was effectively a fiduciary. Moreover, since the recordkeeper had shared this data with some of its affiliates, who had used that data for, allegedly, marketing, the recordkeeper breached its fiduciary duty. The plaintiffs’ legal argument turned, at its heart, on whether the data was an “asset” of the plan.

Plan assets have a very special place in the regime Congress set up in ERISA.  They are inviolate—they must be held in trust and must never be used for any purpose other than providing benefits and defraying reasonable expenses. They cannot be commingled with other assets, and they are subject to regular audit and public reporting regimes.  Once an employer contributes assets to the plan, the employer generally cannot get those assets back, and any earnings and interest generated by plan asset must themselves be held as plan assets.  Regulators, ERISA counsel and courts have spent decades trying to create a workable set of rules for what constitutes a plan asset and what does not.

Importantly, plan assets are not limited to tangible property such as a stock or a bond. Plans can own valuable intangible rights, such as the claim against a third party for damages. As it has become clear in our modern economy that data of various kinds is important and has real value, some have asked the question of whether plan and participant data is a plan asset.  This unresolved legal question was an opening for the class action plaintiff firm that brought the Harmon case.

The district judge in the Harmon case ruled against the plaintiffs, finding that the data in the recordkeeper’s possession was not a plan asset and – poof – the entire case fell apart. This is the second district judge to reach this conclusion. Interestingly, the first one was in the fee litigation that recently reached the U.S. Supreme Court, Hughes v. Northwestern University.  In 2018 the district court in that case swatted down plaintiffs’ “data as a plan asset” claim.  (The Supreme Court decision dealt with a different issue.) 

In the Harmon case, the court based its decision that plan data is not a plan asset by looking to a Department of Labor regulation that lays out rules for determining what constitutes plan assets in the context of pooled investments such as mutual funds, separate accounts and unregistered investments such as limited partnerships. To date, the DOL has never squarely addressed the question of data as a plan asset.

Some see these court rulings as a temporary answer that could be easily changed by the DOL if it was so inclined. But such a change would likely trigger several unintended consequences.  Here are a few:

  1. Data is not like any other plan “asset” that exists today. Unlike a stock, bond, mutual fund share or even the right to bring legal claims, plan data can be copied an unlimited number of times.  If it is a plan asset, is the copy a plan asset and the copy of the copy?
  2. If data is a plan asset, it would need to be held as an asset of the trust, meaning the trustee would always need to be in control of the data.  It cannot be in the possession of anyone but the plan trustee.    
  3. Anyone who has any “discretion” over data would be a fiduciary. So, if a participant were to provide their data to a financial advisor, that advisor would become a fiduciary.
  4. If data is a plan asset in a 401(k), the same would be true for IRA data, which is similarly subject to the prohibited transaction rules in the Internal Revenue Code. If an IRA owner were to allow an advisor or account aggregator such Mint access to data on their IRA to provide other financial solutions, that would generate an expensive excise tax owed to the IRS.
  5. In a 401(k) or similar defined contribution plan, all plan assets must be allocated to the accounts of the participants or used to pay for plan expenses.  (Think the assets generated in a forfeiture account or ERISA budget account.) How would this data be valued and put it in an account?
  6. Like other plan assets, plan data would need to be “distributed” to participants upon the plan termination.
  7. Participant quarterly benefit statements, and the schedule of assets on the Form 5500, would need to show the value of the data as a plan asset.  How would a plan even begin to determine the value for reporting purposes?

In short, it clearly is not correct to examine data under the traditional ERISA analysis of plan assets. But it also feels wrong to say that data is not valuable or that fiduciaries should not treat it with care.

The truth is that we need a much more nuanced way of thinking of plan data than we might expect from class action plaintiff lawyers.  Current legal analysis does not get us to where we need to be. As an industry, we need a legal framework that respects the duties fiduciaries owe participants, respects the privacy needs of participants, allows participants to use their own information without derailing plan administration, and allows data to be used to improve outcomes through better financial wellness solutions.

Recent guidance related to cybersecurity from the Department of Labor has offered what, in our view, is a good starting point. In discussing tips for plan sponsors in hiring a service provider, DOL recommended the contract with the provider include clear provisions on the use of and sharing of information and confidentially. In other words, by laying out in the contract when and how data will be used, the fiduciary ensures data is used for only appropriate purposes, and the service provider has clear guidelines for what it can and cannot do. This also allows for flexibility as financial wellness programs are developed and we find new ways to help participants achieve retirement security. And it allows the plan fiduciary and service provider to work out privacy and cybersecurity concerns in a flexible way.

By looking to the contractual obligations between the parties, we also can make sense of the plan asset conundrum. As noted earlier, a plan can “own” intangible assets such as rights in a contract. In fact, DOL has said what the plan “owns” is really based on ordinary notions of property rights (a very specific legal concept). And what the plan “owns” is whatever contractual rights it negotiates with its service provider.  In negotiating that contract, and what it says or doesn’t say about plan data, the fiduciary must act prudently and solely in the interest of participants. But the fiduciary would not be required to start with the premise that the data is a “plan asset,” which is an unworkable dead end. We can do better for plan participants, who look to all of us for help in achieving financial security. 

Tim Rouse is Executive Director, SPARK Institute. Mike Hadley is a Partner at Davis & Harman.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.