We previously outlined the requirements of the Connecticut data breach law when it was amended in 2015, including the requirement to implement a comprehensive information security program (CISP).

The law requires that Third Party Administrators (TPAs) and Pharmacy Benefit Managers (PBMs) must implement a CISP by October 1, 2017, and certify to the Connecticut Insurance

Most employers are generally aware of their fiduciary status as a “plan sponsor” of an ERISA-governed retirement plan (e.g., 401(k) and 403(b) plans). In fact, the employer’s hiring of a service provider is in and of itself a fiduciary function for which the plan sponsor is liable and at risk for any imprudent selection made.