Professionals

Name / Keyword Office Practice Industry Language Show All
Practices

Antitrust

Business and Corporate

Construction

Cross-Border Business

Data Protection, Privacy and Cybersecurity

Emerging Companies

Environment, Social and Governance (ESG)

Financial Services

Government Enforcement and Investigations

Government Relations and Public Policy

Health Law

Hospitality

Immigration

Intellectual Property

Labor & Employment

Litigation

Mergers and Acquisitions

Product Liability, Class Action and Mass Tort

Real Estate

Securities

Tax

Technology

Transportation and Logistics
Industries

Automotive

Aviation

Construction

Disaster Recovery and Government Services

Drug, Device and Life Sciences

Education

Energy

Financial Services

Gaming

Governmental Entities

Health Care

Hospitality

Long Term Care

Manufacturing

Real Estate

Retail

Technology

Telecommunications

Transportation and Logistics
Experience

Featured Case Study
Community Healthcare Trust Incorporated Community Healthcare Trust Incorporated More Case Studies

Search Experience
Keywords Practice Industry
News & Events

Professionals
Practices
Industries
Experience
News & Events
Other Pages

Quick Results

View More Results

Practices

Data Protection: Financial Services

Print Version

We provide financial services clients with counsel and resources designed to address all facets of data privacy and cybersecurity, including compliance, training, incident response, regulatory investigations, and litigation.

Featured Videos

Top Cybersecurity and Data Privacy Issues for Financial Institutions in 2024 January 17, 2024

The SEC Cyber Rules and Materiality: Show Your Work! October 31, 2023

Evolving Technology: Cybersecurity and Data Privacy in the Era of ChatGPT May 17, 2023

Top 10 Cybersecurity and Privacy Issues for 2023 January 25, 2023

Ethical Issues in Defensible Disposition December 16, 2022

The CPRA is On the Way: What Your Financial Institution Needs to Do November 9, 2022

Practice Overview

Baker Donelson's dedicated Financial Services Data Protection, Privacy and Cybersecurity Team includes more than 30 attorneys from practice areas across the Firm. Members of our team are certified with the world's largest privacy organization, the International Association of Privacy Professionals (IAPP). Through IAPP, Baker Donelson attorneys have earned a number of accreditations, including those focused on privacy and security laws in the U.S. (Certified Information Privacy Professional, CIPP/US), Europe (Certified Information Privacy Professional, CIPP/E), Asia (Certified Information Privacy Professional, CIPP/A) and Canada (Certified Information Privacy Professional, CIPP/C), as well as privacy management (Certified Information Privacy Manager, CIPM). In addition, our team includes a member certified in the Law of Data Security and Investigations (GLEG), a Fellow of Information Privacy (FIP), a Privacy Law Specialist (PLS) and another who is certified as a Payment Card Industry Professional (PCIP). Our team has experience in all areas of information management – from privacy and data security planning and design, to compliance, to data breach and litigation management. Baker Donelson has been recognized as an authorized NetDiligence Breach Coach^® signifying it as a top tier law firm for Data Security, Privacy and Incident Response.

We provide financial services clients with concise counsel and resources designed to address the entire information life cycle, advising on all facets of information management. The team coordinates communication between stakeholders to identify and manage risk effectively; help reduce governance and compliance expenditures through integration of legal requirements into business processes; and apply information security and privacy technology standards effectively and cost-efficiently. This approach to information security management can help organizations maximize their return on technology and related investment through cost savings, enhanced profits and innovation.

Compliance Planning and Implementation

We integrate privacy and data security compliance into an institution's overall compliance management system. We assist financial services clients in developing training programs, associated policies, and audit procedures necessary for managing compliance responsibilities and risks. This includes the creation of and continued examination of privacy and data security policies and procedures which should be designed and integrated with an understanding of the organization's data retention and destruction policies, as well as internal and external controls. We also help clients with outward facing messages including their website and e-commerce platform. We assist with preparing for and responding to state and federal regulatory exams and provide counsel to clients on how to continually improve policies and procedures for a strong compliance management system.

Vendor Management and Transactional Due Diligence

An increased scrutiny is being placed on the relationships between financial services providers and their vendors. Baker Donelson counsels both financial institutions and vendors in developing effective vendor management systems with a focus on data privacy and security issues. This includes creating proper due diligence platforms to evaluate vendor relationships, contract negotiations, and ongoing monitoring to evaluate changes in risk. Regulatory agencies are holding financial institutions accountable for the actions of their vendors, so it is critical to have a proper vendor management system in place.

Data Breach, Response, Readiness and Litigation

We assist financial services clients in the development of data incident programs, including the establishment of a response framework and incident notification procedures. Baker Donelson has represented financial institutions and their service providers of all sizes in responding to data breaches. Our experienced team helps clients to manage their overall response from the outset and incorporates litigation counsel as the need arises. Additionally, we assist with regulatory enforcement actions and investigations by financial industry regulators, including the CFPB, Federal Reserve, FDIC, OCC, SEC, FINRA, NYDFS and state attorneys general.

To learn more about our Data Incident Response team, please click here.

Information Governance

A robust privacy and information security program includes a thorough understanding of a financial services company's information life cycle. Baker Donelson's team helps clients examine their current data posture and evaluate their data needs including conducting GAP analyses, providing governance counsel, developing document retention and destruction policies and advising on the disclosure of documents in litigation (eDiscovery). We do this with a depth of experience in not only data privacy but also the financial services industry.

FinTech, Cloud Based Solutions and Emerging Technologies

Baker Donelson's team assists financial services institutions in implementing new technologies, products and solutions in compliance with applicable statutes, regulations, rules and supervisory expectations.

"Top Privacy and Cybersecurity Issues to Track In 2024," Republished February 5, 2024, in CPO Magazine (January 2024)
"FTC Publishes Long-Awaited Proposed Updates to the Children's Online Privacy Protection Act (COPPA)," republished in Daily Business Review (January 2024)
"Show Your Work: The SEC Cyber Rules and Documenting Materiality Analysis Under NIST FIPS 199" (October 2023)
"Faking It: Protecting Your Financial Institution Against Deepfakes," republished in Corporate Counsel (September 2023)
"New SEC Rules: Public Companies Must Report Material Cybersecurity Incidents Within Four Business Days," republished August 1, 2023, in Corporate Compliance Insights (July 2023)
"MOVEit Transfer Zero-Day Vulnerability: What Companies Need to Know," republished in CPO Magazine (June 2023)
"SEC Issues Multiple Cybersecurity Rule Proposals," republished May 3, 2023, in Corporate Compliance Insights (March 2023)
"Banking in the Cloud: How Financial Institutions Can Mitigate the Regulatory and Security Risks ," republished in ABA Banking Journal (March 2023)
"VPPA Claims Are on the Rise – Latest Trend in Consumer Privacy Class Action Litigation," republished in Daily Business Review (March 2023)
"NCUA Approves New Cyber Incident Reporting Requirements: What Credit Unions Need to Know" (February 2023)
"Cybersecurity: A Whistleblower's Paradise," republished in FEDweek (April 2022)
"New Legislation Will Require Critical Sector Entities to Report Certain Cyber Incidents," republished April 7, 2022 in, CPO Magazine (March 2022)
"SEC Proposal: New Cybersecurity Risk Management Rules for Investment Advisers and Funds," republished in Corporate Compliance Insights (February 2022)
"Financial Industry Regulators Continue Crack Down on Cybersecurity" (September 2021)
"FFIEC Updates Its Guidance on Authentication and Access Controls: Key Takeaways Financial Institutions Should Implement Now" (August 2021)
"California Privacy Law Update: CCPA Amendments Announced and CPPA Board Members Appointed," republished April 8, 2021, in Corporate Compliance Insights (March 2021)
"NYDFS Surges Ahead with Cybersecurity Enforcement: Recent Fine Highlights Need for Financial Institutions to Focus on Incident Response" (March 2021)
"GDPR Evolution Continues: Article 49 Derogations in a Post-Schrems II World," republished in the Daily Business Review (March 2021)
"Key Takeaways from Recent Cyberattack Resulting in Demise of Hedge Fund" (February 2021)
"Privacy Legislation Floodgates Have Opened: Virginia Passes the Consumer Data Protection Act," republished March 17, 2021, in Corporate Compliance Insights (February 2021)
"U.S.'s First Cyber Insurance Risk Framework Issued by New York Department of Financial Services," republished in Property Casualty 360 (February 2021)
"Data Privacy Day: Top Considerations for 2021," republished in CPO Magazine (January 2021)
"Proposed NY Privacy Bill Would Increase Business Obligations and Litigation/Enforcement Exposure for Businesses, Including Financial Institutions," republished in Banking Exchange (January 2021)
"Faster and More Comprehensive Breach Notification Requirements Proposed for Banks," republished in BankBeat (January 2021)
"The Year Ahead: Privacy and Cybersecurity Issues Facing Financial Institutions in 2021," republished in Bank Beat (January 2021)
"New Ransomware Advisories from OFAC and FinCEN Create Additional Challenges for Financial Institutions" (January 2021)
"The New IoT Cybersecurity Improvement Act Becomes Federal Law ," republished January 4, 2021 in Westlaw (December 2020)
"Cyber Criminals Now Have the Keys to Your "House"" (December 2020)
"Fraudulent Unemployment Claims on the Rise: What Should Employers Do?," republished November 23, 2020, in SHRM (November 16, 2020)
"A Look Under the Hood: Massachusetts Updates Its Vehicle Right to Repair Law," republished in Auto Remarketing and Autobody News (November 2020)
"How California's New(er) Privacy Legislation Will Affect U.S. Businesses," republished November 18, 2020, in Corporate Compliance Insights (November 2020)
"HHS Releases Update to Security Risk Assessment Tool" (September 2020)
"OCC Issues Guidance on Safekeeping and Custody Services for Cryptocurrency," republished in Corporate Compliance Insights (August 2020)
"Lessons Learned from the NYDFS First Cybersecurity Regulation Enforcement Action," republished August 26, 2020, in Westlaw (July 2020)
"Human Resources and Employment Counsel Beware: Increase in Malware Attacks Raising New Concerns for Employers" (June 29, 2020)
"CCPA Final Regulations Submitted – What Does Your Business Need To Do?" (June 2020)
"Critical Guidance for Financial Institutions on Security Considerations for Cloud Computing Environments," republished in Banking Exchange (May 2020)
"Cybersecurity Concerns when Considering Furloughs" (April 6, 2020)
"Coronavirus: Privacy and Cybersecurity Considerations for Financial Institutions," republished April 17, 2020, in Westlaw Journal (March 18, 2020)
"Don't Forget About Cyber Hygiene During Coronavirus (COVID-19) Outbreak," republished in Corporate Counsel (March 3, 2020) and Beazley Academy (March 17, 2020)
"SEC Dispatches on Cybersecurity" (February 2020)
"Data Privacy Day 2020 – What Actions Businesses Can Take," (January 2020); republished in Corporate Counsel (February 2020)
"California Privacy Regulations Released: Guidance and the Addition of New Requirements" (October 2019)
"A New York State of Mind: The SHIELD Act" (September 2019)
"Cybersecurity Preparedness: Standardization is Key," republished October 2019, in Westlaw Journal Bank & Lender Liability (August 2019)
"Florida Employee Privacy Alert: No Expectation of Privacy for Contents of Employee's Flash Drive Attached to Work Computer," (July 2019); republished in the Daily Business Review (August 2019)
"Privacy & Cybersecurity Due Diligence – No Longer Optional: Company Fined $124 Million for Pre-Merger Compromise" (July 2019)
"The New York Privacy Act: A Consumer Privacy Bill to Monitor Closely," (June 2019); republished in Westlaw Journal Bank & Lender Liability (July 2019)
"Department of Homeland Security Issues Report on Microsoft Office 365" (May 2019)
"SEC Issues Risk Alert on Regulation S-P," republished June 2019, in Westlaw Journal Bank & Lender Liability (May 2019)
"Identity Theft Protections for Minors Signal New Area of Privacy Obligations for Companies" (April 2019)
"FERC Imposes Cybersecurity Standards on Third-Party Utility Vendors" (February 2019)

Top Cybersecurity and Data Privacy Issues for Financial Institutions in 2024 (January 2024)
The SEC Cyber Rules and Materiality: Show Your Work! (October 2023)
Evolving Technology: Cybersecurity and Data Privacy in the Era of ChatGPT (May 2023)
Top 10 Cybersecurity and Privacy Issues for 2023 (January 2023)
Ethical Issues in Defensible Disposition (December 2022)
The CPRA is On the Way: What Your Financial Institution Needs to Do (November 2022)
Cybersecurity and Privacy – Trending Topics for Financial Institutions (September 2022)
The New GLBA Safeguards Rule – What Financial Institutions Need to Know (November 2021)
Breaking Down a Ransomware Attack: Recent Observations, How Ransom Negotiations Work, and What You Need to Know (October 2021)
Year-End Privacy and Security Trends: What Financial Institutions Need to Know (September 2021)
Crisis Communications During a Data Incident: Essentials for Your Organization (August 2021)
Ransomware Attacks in 2021: How to Navigate the Evolving Threat Landscape (July 2021)
Session Replay Technology and State Wiretap Class Actions: The Emerging Class Action Trend of 2021 (July 2021)
An Overview of HIPAA Issues for Financial Institutions and Best Practices for Your Vendor Management Program (June 2021)
Additional Incident Response Considerations – Protecting the Attorney-Client Privilege and Involving Your Board of Directors (May 2021)
State and Federal Privacy Regulation in 2021: What is on the Horizon? (April 2021)
Enterprise Cyber Risk Management for Financial Services Organizations (April 2021)
The California Privacy Rights Act and Financial Institutions (March 2021)
How To Prepare for a Cybersecurity Incident (February 2021)
2021 Privacy Landscape (January 2021)
Cybersecurity for Financial Institutions: Essential Information on Cyber Incidents and Regulatory Issues (November 2020)
COVID-19: Cybersecurity and Data Privacy Considerations for Financial Institutions (April 2020)
Coronavirus (COVID-19): What Your Business Should Do Right Now (March 2020)
Privacy, Cybersecurity, and the CCPA: What Does it Mean for Your Franchise? (March 2020)
California Consumer Privacy Act Essentials for Broker-Dealer and Investment Advisory Firms (December 2019)
California Consumer Privacy Act Essentials for Financial Institutions (November 2019)
M&A and Cyber Risk: The Intersection Between Growth and Risk (May 2019)

Baker Donelson's Aldo M. Leiva Appointed Vice Chair of ABA International Law Section's Cyber Committee (August 23, 2023)
Baker Donelson Authorized as Top Tier Firm by NetDiligence^® for Data Security, Privacy, and Incident Response (December 5, 2022)
Baker Donelson's Matt White Earns Certified Information Privacy Technologist Certification (August 30, 2022)
Baker Donelson Attorneys Elected to American College of Bankruptcy Foundation Leadership Roles (April 7, 2022)
Baker Donelson's Alex Koskey Earns Payment Card Industry Professional Certification (May 17, 2021)

Eve Cann Talks with Law360 About Firm's New Fort Lauderdale Office Space (January 26, 2024)
Eve Cann Discusses Baker Donelson's Fort Lauderdale Office Move in South Florida Business Journal (January 23, 2024)
Layna Rush Discusses What to Expect After a HIPAA Violation in Healthcare Risk Management (December 1, 2023)
Layna Rush Comments on OCR's Security Risk Assessment Tool in Healthcare Risk Management (December 1, 2023)
Matt White Discusses Use of AI Tools in Anti-Money Laundering Compliance in Global Association of Risk Professionals (November 10, 2023)
Alex Koskey Comments on SEC's Cybersecurity Rules in Communications of the ACM (October 19, 2023)
Layna Rush Quoted in Healthcare Risk Management on How a Hospital Cyberattack Can Critically Affect Other Hospitals in the Community (September 1, 2023)
Alisa Chestler Discusses Protecting Enterprise Assets Against Cybersecurity Failures in InformationWeek (June 21, 2023)
Matt White Comments on How Speed Complicates Real-Time Payment Anti-Fraud Protections in Global Association of Risk Professionals (June 16, 2023)
Layna Rush Discusses Cyber Liability Insurance vs. Data Breach Insurance in CSO Magazine (June 14, 2023)
In Commercial Factor Q&A, Alex Koskey and Matt White Discuss Risks and Rewards of Utilizing AI in Financial Services (April 20, 2023)
Layna Rush Shares Best Practices for Cyberattack Response Planning in Healthcare Risk Management (April 1, 2023)
Newly Elected Nashville Shareholders Bert Chollet, Andy Droke and Ryan Richards Featured in Nashville Post (April 18, 2022)
Aldo Leiva Featured in Dairy Foods Magazine Offering Advice for Manufacturing Industry on Mitigating Cybersecurity Risk (April 5, 2022)
Layna Rush Comments in Tech Target on Impact of Potential Litigation and Regulatory Action from Data Breaches (January 20, 2022)
Layna Rush Quoted in Commercial Risk on Data Breach Response for the Vaccine Supply Chain (October 12, 2021)
Aldo Leiva Discusses Impact of Session Replay Lawsuit Dismissal in Daily Business Review (September 14, 2021)
Aldo Leiva Comments on Cuban-American Legal Community's Efforts to Help Cuban Activists in Daily Business Review (August 16, 2021)
Aldo Leiva Quoted in Daily Business Review on Growth in Commercial Litigation Regarding Session Replay Software (August 12, 2021)
Aldo Leiva Featured on Dairy Foods Podcast Discussing Ransomware Threats (June 14, 2021)
Layna Rush Discusses Whistleblower Exception That Allows Reporting HIPAA Violations with PHI in Healthcare Risk Management (May 14, 2021)

Key Contacts

Matthew G. White, CIPP/US, CIPP/E, CIPT, CIPM, PCIP

T: 901.577.8182

Email Professional

Alexander F. Koskey, CIPP/US, CIPP/E, PCIP

T: 404.443.6734

Email Professional

View All Professionals in this Practice

Subscribe to
Publications

Related Practices

Related Industry

Financial Services

Social Profiles

Featured Media

Top Privacy and Cybersecurity Issues to Track In 2024

Publication / January 29, 2024

Eve Cann Talks with Law360 About Firm's New Fort Lauderdale Office Space

News / January 26, 2024

Eve Cann Discusses Baker Donelson's Fort Lauderdale Office Move in South Florida Business Journal

News / January 23, 2024

Search By Last Name

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Baker Donelson is a national law firm with more than 650 attorneys and public policy advisors representing more than 30 practice areas to serve a wide range of legal needs. Clients receive knowledgeable guidance from experienced, multi-disciplined industry and client service teams, all seamlessly connected across 23 offices in Alabama, Florida, Georgia, Louisiana, Maryland, Mississippi, North Carolina, South Carolina, Tennessee, Texas, Virginia, and Washington, D.C.