In a day when even voters’ election data is being hacked andstolen, concerns are on the rise when it comes to how to protectthe data of plan participants and retirees — particularly on thepart of plan sponsors and providers, lest they be held liable fordata breaches.

The only thing that’s certain is that some techniques are moreeffective than others.

Related: Hackers said to be eyeing $5 trillion 401(k)market

In fact, the 2016 ERISA Advisory Council, which was puttogether to advise the U.S. Department of Labor, just held itsthird meeting on the subject, the better to advise fiduciaries whocould find themselves in the hotseat over compromised participantdata. The council is looking at cyber risk management strategies,with an eye toward providing guidance in the protection ofpersonally identifiable information of Employee Retirement IncomeSecurity Act plan participants and beneficiaries.

Not that it’s any surprise to the financial industry, butSecurity Intelligence reported that as datasabotage is being seen as its most recent threat, spending on datasecurity is also going up. The report said that access controls anddata monitoring are key in protecting firms’ information fromattacks that aren’t even easy to spot. To that end, firms areaugmenting existing security features to guard client data from hackers andthieves.

Related: Cybersecurity should be on plan sponsors'radar

The most recent measure to be put in place comes from retirementservices company TIAA, which has introduced voice biometricauthentication for clients, adding an extra layer of security — andclients don’t even need a password.

Related: 10 cybersecurity steps for RIAs

The voice recognition functionality allows clients to create avoiceprint that securely identifies them when they call in to speakwith a TIAA representative, transfer funds or check accountbalances. TIAA said that using the secure vocal password allowscustomers “to skip many of the various authentication steps usedtoday. The system is equipped to detect and safeguard against voicerecordings.”

Even the Social Security Administration has been getting intothe act with additional authentication measures, but its effortswere rescinded in just two weeks after a backlash from seniors whowere locked out of the system by the new security requirements.

In what surely wasn’t a well-thought-out strategy, seniors wererequired not just to log into their accounts with their usernamesand passwords, but also to provideauthentication in the form of a code that was sent to theircellphones as a text message. Failure to provide the textedcode locked seniors out of their accounts.

However, since many seniors don’t “do” texting, either becausethey don’t have cellphones to begin with, their phones aren’tcapable, the service costs more than they can afford or they lackthe physical dexterity to use the feature, there was a flood ofcomplaints to the SSA and within two weeks the additionalrequirement was withdrawn.

The agency has said it is pursuing other options for more secureauthentication and hopes to have another option available withinthe next six months.