Harmon v. Shell, 2021 WL 1232694 (S.D. Tex. 2021)
A federal trial court has dismissed breach of fiduciary duty and related claims against a 401(k) plan recordkeeper that allegedly shared participant data with its affiliates for marketing purposes. The class action lawsuit asserted that the recordkeeper shared a wide range of information—including contact information, Social Security numbers, account balances, contribution and investment history, age, and marital status—with its affiliates so the affiliates could sell various nonplan financial products and services to plan participants. The participants argued that their data was a “plan asset” under ERISA, that the recordkeeper’s authority or control over that asset made it an ERISA fiduciary, and that use of the asset for the recordkeeper’s own benefit and the benefit of its affiliates breached the recordkeeper’s obligation to act for the exclusive benefit of participants and constituted a prohibited transaction.
The trial court dismissed all of the participants’ claims against the recordkeeper. The court first observed that ERISA gives the DOL the authority to define what is a plan asset, and neither of the DOL’s plan asset regulations make any mention of participant data. The court then noted that the participants had not cited any cases concluding that releasing or allowing someone to use confidential information constitutes a breach of fiduciary duty under ERISA. Quoting an earlier case involving nearly identical claims, the court endorsed the idea that the courts consider ordinary notions of property rights under non-ERISA law when deciding what is a plan asset, and while participant data may have value, it does not constitute a plan asset under those ordinary notions. Finding no reason to depart from the holdings of the few other cases on point, the court dismissed the participants’ breach of fiduciary duty and prohibited transaction claims and their request for injunctive relief.
EBIA Comment: While there are now several cases finding that participant data does not constitute a plan asset, the issue is far from settled. The issue has not yet been addressed in the federal circuit courts, and the DOL’s silence on the issue may yet be broken. To date, the courts have taken into account the absence of DOL support for treating participant data as a plan asset, so any DOL guidance supporting that characterization, or otherwise recognizing data protection obligations (for example, see our Checkpoint article regarding the DOL’s views on cybersecurity), could change things considerably. Even in the absence of DOL guidance, however, different—possibly more egregious—facts might produce different outcomes. For example, would the courts so readily dismiss the characterization of participant data as a plan asset if the data were sold to an unrelated third party? That might more clearly demonstrate and quantify the data’s monetary value, altering whether it can be perceived as property. Pending clarification of the issue, plan sponsors and plan administrators should consider their contractual relationships and clarify service providers’ data-related obligations and any limits on the non-plan use of participant data. For more information, see EBIA’s 401(k) Plans manual at Sections XXIV.B (“Who Is an ERISA Fiduciary?”), XXIV.F (“Fiduciary Duty #1: Exclusive Benefit Rule”), and XXIV.L (“Prohibited Transactions”).
Contributing Editors: EBIA Staff.