Many U.S. employers offer their employees financial wellness programs to complement retirement planning and investment advice. This may include emergency savings plans and household budgeting tips, for example. Many of these employers utilize their retirement plan service providers for those trainings. Not only do those companies have the knowledge and expertise in this area, but they also have access to employee data that can yield information on the service needs and funding goals of those employees.

However, some recent lawsuits argue that when these third-party retirement plans use a plan participant’s data to sell them other financial products (e.g., high-interest credit cards, life insurance, etc.), employers are breaching the fiduciary duty to avoid conflict-of-interest transactions. This litigation has focused on classifying personal information and investment preferences as a “plan asset” similar to the money invested in the plan. If that classification is accepted by the courts, then employers would have a fiduciary duty to protect and secure the data and limit who has access to it. To date, no federal court has ruled that those data should be considered a plan asset.

In 2018, the U.S. Court of Appeals for the Seventh Circuit in Divane v. Northwestern University held that although the data may have an economic value they were not an asset under “ordinary notions of property rights.” Additionally, early this year, the U.S. Court for the Southern District of Texas in Harmon v. Shell Oil Co. looked to the Employee Retirement Income Security Act’s (ERISA) use of “plan assets” to mean financial investment alone. Decisions like this in Harmon may mean that data-as-a-plan-asset is unlikely. However, on June 2, 2021, the U.S. District Court for the Southern District of New Jersey will hear oral argument on a motion to dismiss in Berkelhammer v. ADP TotalSource Group Inc. involving the same issues noted above. Notably, four  university annuity 403(b) plan excessive-fees cases have settled and expressly prohibited the use of such data for cross-selling unless the participant explicitly inquires about other financial products.

The issue of retirement-plan data sharing is not settled yet; we will monitor this area as courts issue more opinions in this space. It could be time for plan sponsors to work with service providers to determine exactly how data will be handled through the contractual terms since the law is still gray.

Photo of Kathryn Rattigan Kathryn Rattigan

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security…

Kathryn Rattigan is a member of the Business Litigation Group and the Data Privacy+ Cybersecurity Team. She concentrates her practice on privacy and security compliance under both state and federal regulations and advising clients on website and mobile app privacy and security compliance. Kathryn helps clients review, revise and implement necessary policies and procedures under the Health Insurance Portability and Accountability Act (HIPAA). She also provides clients with the information needed to effectively and efficiently handle potential and confirmed data breaches while providing insight into federal regulations and requirements for notification and an assessment under state breach notification laws. Prior to joining the firm, Kathryn was an associate at Nixon Peabody. She earned her J.D., cum laude, from Roger Williams University School of Law and her B.A., magna cum laude, from Stonehill College. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.