Confidentiality and the ASPPA Code of Conduct

Breaking the duty of confidentiality down into smaller pieces, we need to understand what is confidential information and to whom we owe the duty of confidentiality. All references to the ASPPA Code of Conduct are to the newly adopted revised ASPPA Code of Conduct effective July 1, 2013. The revised ASPPA Code of Conduct is available on the ASPPA website.

Precept 5 of the ASPPA Code of Conduct provides as follows:

The ASPPA Code of Conduct defines confidential information as:

 

To be confidential information, the information must be both not in the public domain and we must become aware of the information while rendering professional services. There is no universal definition of what it means for information to be “in the public domain.” However, in considering whether the information is in the public domain, we would want to consider how many people have access to the information. As an example, after a Form 5500 is filed the information on the Form 5500 would generally be considered the public domain because the information is posted on the EBSA website and is available to everyone. The information on a Form 5500-EZ would generally not be in the public domain because the information is not available to the public.  

If we are friends with our clients, it may be hard to differentiate when information is being shared with us in the course of a professional assignment.  For example, if a client shares information with us at a social event, is the information obtained through a professional assignment?  When sharing information with us, most clients probably expect that our treatment of confidential information is the same whether we are told in social setting or at the office.

If we determine that we are in receipt of confidential information, we must then determine to whom we owe a duty of confidentiality. Precept 5 indicates that we owe a duty to “Principals.” The ASPPA Code of Conduct defines a Principal as:

First, we owe a duty of confidentiality to our clients. On most days this is easy to understand, but sometimes it gets complicated. For example, assume that a 401(k) plan client contact tells Service Provider A that he is dissatisfied with Service Provider B. Service Provider A and Service Provider B have a great working relationship, and Service Provider A and Service Provider B work together on a regular basis to service their mutual clients. Additionally, Service provider A and Service Provider B refer business to each other. Overall, Service Provider A may attach much more economic value to its relationship with Service Provider B than its relationship to this particular 401(k) plan. 

Service provider A may want to alert Service Provider B to the client's dissatisfaction so that Service Provider B can address the client’s concerns and rehab the relationship. Service Provider A may actually believe that it is in his 401(k) client's best interest to do so. However, Service Provider A owes a duty of confidentiality to his 401(k) client and this duty trumps any loyalty to Service Provider B and what Service Provider A believes is best. Before Service Provider A discusses the matter with Service Provider B, Service Provider A must determine whether the information that the client is dissatisfied is confidential. If the information is confidential, then Service Provider A cannot discuss the 401(k) client’s comments with Service Provider B unless the client confirms that he may.

 

Second, we owe a duty of confidentiality to prospective clients. Because the definition of Principal includes a prospective client as a Principal and Precept 5 extends the duty of confidentiality to Principals, we owe a duty of confidentiality to prospective clients. If the prospective client shares confidential information with us in sales process, we need to keep that information confidential unless authorized to disclose the information.

 

Third, in certain circumstances we have a duty of confidentiality to our employer. The definition of Principal includes our employer when we work on our employer’s retirement plan, so the Precept 5 duty of confidentiality applies. Any information that is shared with us by our employer so that we can provide services to our employer’s retirement plan is confidential.  

 

When we have a duty of confidentiality, we may disclose the information when either authorized by the Principal or required to so by law. Many confidentiality issues can be handled through appropriate contract drafting or clarifying with Principals what information they expect us to treat as confidential. While retirement professionals have certain obligations to promptly to respond to IRS, DOL and PBGC requests, under the ASPPA Code of Conduct, we may only release information without the Principal’s consent or when required to do so. So when information is requested by a government agency, we should either request the client to consent to the release of the information or get clarity that we are required by law to release the information. This may require the assistance of an attorney.

In close situations, we should also remember that we have a duty to act with integrity under Precept 10.  So, even if we can construct a hyper-technical argument that particular information is not confidential, we may have an overriding obligation to act with integrity.

Many confidentiality issues can be solved by raising our awareness of our duty of confidentiality and stopping to consider whether we can disclose the information before sharing the information. Just a short pause before speaking or typing can often prevent an imprudent disclosure.