Article
Timely reporting of data breaches embraces HR operations
The Federal Trade Commission (“FTC”) now requires enterprises to report publicly security incidents. Under the FTC’s rule, failing to disclose a breach to affected parties could constitute an unfair or deceptive trade practice under Section 5 of the FTC Act
Human Resources should supervise vendors carefully
Some service providers including recordkeepers and health plan providers have failed to notify participants of breaches in plans they administer until participants pressed them for a response, often months after the incidents occurred.
Under the FTC’s rule plan sponsors may find themselves embroiled in the aftermath of cyber incidents involving their service providers before it’s too late to comply. Constant monitoring of vendors is more vital than ever.
