Skip to main content

You are here


Who’s Got the Data?

Practice Management

Here are four considerations for advisors as the use of plan data in financial wellness solutions evolves.

At nearly every conference I attend, there’s a common theme: optimizing participant outcomes through broad-based wellness solutions. These solutions can involve education or guidance—both inside the plan and outside the plan—and can be as detailed as individual wealth management advice. And there’s a fundamental question that is always top of mind: how to get the data to implement these solutions.

At this point, three courts—in the Northwestern, Shell, and TIAA cases—have reached the conclusion that under ERISA, data is not a plan asset. However, this evolving consensus is only part of the data puzzle.

An advisor looking at this evolving world of services might consider a number of issues:

Employer Perspective. There is a wide range of employer views on the use of employment-related data. Some employers are focused on limiting the use of data by outside service providers, whether advisors, recordkeepers or other third parties—and whether plan-related or otherwise. Others encourage their service providers to identify creative ways to deliver financial wellness solutions through the broad use of employment-related data. Regardless of what a particular employer’s perspective may be, across the client spectrum there is a growing focus by employers on the use of data.

Advisor-Plan Contracts. Given the broader range of services on the market today, some advisors are now including contractual language addressing their use and security features for using employment-related data. Whether offering additional services inside or outside a plan, an advisor may benefit from reviewing their contracts to see if additional language on data usage might be beneficial. Furthermore, given the SEC’s focus on data security at the advisor level, such a review could also serve as a springboard for evaluating data security procedures.

Advisor-Employee Contracts. As the role of advisor has expanded, whether inside a plan or outside, today there are more and more direct-to-employee engagements where an advisor might have a direct relationship with an employee. Addressing data usage in these contracts might be beneficial as well.

Click here to browse past columns by David Levine.

Other Vendor Contracts. Importantly, data does not always reside with an employee, plan sponsor or advisor. It can also reside at third parties that may be related to plan services, such as a recordkeeper or TPA, or at completely unrelated parties, such as outside wellness vendors. Since an advisor may often serve as a “quarterback” for these services, understanding who has the data, who has access to it, how third parties with access to it receive it, how is used and how it is secured can be an important responsibility for an advisor.

State Law. While advisors tend to focus on ERISA and SEC compliance items, the laws governing data privacy and security now go beyond these core areas of the law. For example, starting in January 2023, certain carve-outs from the California Consumer Privacy Act for employment-related data are scheduled to expire, which may trigger additional compliance items for some services provided to plan sponsors and their employees.

Who Controls the Data. In the end, the core issue may come down to who controls access to the data. As such, as an advisor is evaluating its service offerings to clients, it may be beneficial to first ask who has the data, whether are they allowed to share it, and how the advisor can get access to it to support more clients.

The data landscape continues to evolve rapidly. As noted above, the courts have made strong pronouncements about the role of data under ERISA that provide a useful roadmap for advisors and plan sponsors. However, as the ERISA standard and other legal standards evolve, such as under the California Consumer Privacy Act, advisors would be well served by continuing to focus on data usage and privacy, as plaintiffs’ counsel and state and federal regulators and legislators continue to do so. 

David N. Levine is a principal with Groom Law Group, Chartered, in Washington, DC. This column originally appeared in the Winter issue of NAPA Net the Magazine.