Walsh v. Alight Solutions, LLC, No. 21-3290 (7th Cir. 2022)Annotate this Case
Alight provides recordkeeping services for employee healthcare and retirement benefit plans, some of which are governed by ERISA, 29 U.S.C. 1001–1461 The Department of Labor investigated Alight, following a discovery that Alight processed unauthorized distributions of plan benefits due to cybersecurity breaches, and sent Alight an administrative subpoena duces tecum, seeking documents in response to 32 inquiries, including broad demands, such as “[a]ll documents and communications relating to services offered to ERISA plan clients.” Alight produced some documents but objected to several inquiries, citing its duty to keep certain information confidential. The Department petitioned for enforcement of the subpoena. Alight produced additional materials but redacted most of the documents to remove client identifying information, preventing the Department from discerning potential ERISA violations. Alight asked the court to quash or limit the subpoena and permit redactions. Alight’s legal consultant projected full compliance would require “thousands of hours of work.” The Department clarified or narrowed its requests.
The Seventh Circuit affirmed an order granting the Department’s petition to enforce the subpoena with some modifications. The court rejected Alight’s arguments that the subpoena is unenforceable because the Department lacks authority to investigate the company because it is not a fiduciary under ERISA, or cybersecurity incidents generally; that the subpoena’s demands are too indefinite and unduly burdensome, and that the district court abused its discretion by denying Alight’s request for a protective order to limit production of certain sensitive information.