The steady drumbeat of news concerning data breaches has employers asking what legal obligations they have to protect sensitive data held to administer their employee benefit plans. Twenty years after the passage of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) established that plans and their sponsors must protect health plan data, the law continues to evolve, both for health plans and other employee benefits. Join us as Ogletree Deakins attorneys Tim Verrall, Vance Drawdy, and Stephen Riga outline the federal and state laws governing benefit plans and the data they hold and discuss methods for improving plan data security.