Skip to Main Content

Data Protection: Financial Services

Print Version

We provide financial services clients with counsel and resources designed to address all facets of data privacy and cybersecurity, including compliance, training, incident response, regulatory investigations, and litigation.

Featured Videos

New Privacy and Cybersecurity Regulations: What Financial Institutions Need to Know to Stay Compliant June 13, 2024
Top Cybersecurity and Data Privacy Issues for Financial Institutions in 2024 January 17, 2024
The SEC Cyber Rules and Materiality: Show Your Work! October 31, 2023
Evolving Technology: Cybersecurity and Data Privacy in the Era of ChatGPT May 17, 2023
Top 10 Cybersecurity and Privacy Issues for 2023 January 25, 2023
Ethical Issues in Defensible Disposition December 16, 2022

Practice Overview

Baker Donelson's dedicated Financial Services Data Protection, Privacy and Cybersecurity Team includes more than 30 attorneys from practice areas across the Firm. Our team has experience in all areas of information management – from privacy and data security planning and design, to compliance, to data breach and litigation management. Baker Donelson has been recognized as an authorized NetDiligence Breach Coach® signifying it as a top tier law firm for Data Security, Privacy, and Incident Response.

More than one-third of our team is credentialed with the world’s largest privacy organization, the International Association of Privacy Professionals (IAPP), as well as other credentialing organizations. Our credentials include:

  • Artificial Intelligence Governance Professional (AIGP)
  • United States-focused Certified Information Privacy Professional (CIPP/US)
  • Europe-focused Certified Information Privacy Professional (CIPP/E)
  • Canadian-focused Certified Information Privacy Professional (CIPP/C)
  • Asia-focused Certified Information Privacy Professional (CIPP/A)
  • Privacy management-focused Certified Information Privacy Manager (CIPM)
  • GIAC Law of Data Security & Investigations (GLEG)
  • Fellow of Information Privacy (FIP)
  • Privacy Law Specialist (PLS)
  • Payment Card Industry Professional (PCIP)
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Security Professional (CISSP)
  • Qualified Technology Expert (QTE)
  • Certified Information Privacy Technologist (CIPT) 

We provide financial services clients with concise counsel and resources designed to address the entire information life cycle, advising on all facets of information management. The team coordinates communication between stakeholders to identify and manage risk effectively; help reduce governance and compliance expenditures through integration of legal requirements into business processes; and apply information security and privacy technology standards effectively and cost-efficiently. This approach to information security management can help organizations maximize their return on technology and related investment through cost savings, enhanced profits and innovation.

Compliance Planning and Implementation

We integrate privacy and data security compliance into an institution's overall compliance management system. We assist financial services clients in developing training programs, associated policies, and audit procedures necessary for managing compliance responsibilities and risks. This includes the creation of and continued examination of privacy and data security policies and procedures which should be designed and integrated with an understanding of the organization's data retention and destruction policies, as well as internal and external controls. We also help clients with outward facing messages including their website and e-commerce platform. We assist with preparing for and responding to state and federal regulatory exams and provide counsel to clients on how to continually improve policies and procedures for a strong compliance management system.

Vendor Management and Transactional Due Diligence

An increased scrutiny is being placed on the relationships between financial services providers and their vendors. Baker Donelson counsels both financial institutions and vendors in developing effective vendor management systems with a focus on data privacy and security issues. This includes creating proper due diligence platforms to evaluate vendor relationships, contract negotiations, and ongoing monitoring to evaluate changes in risk. Regulatory agencies are holding financial institutions accountable for the actions of their vendors, so it is critical to have a proper vendor management system in place.

Data Breach, Response, Readiness and Litigation

We assist financial services clients in the development of data incident programs, including the establishment of a response framework and incident notification procedures. Baker Donelson has represented financial institutions and their service providers of all sizes in responding to data breaches. Our experienced team helps clients to manage their overall response from the outset and incorporates litigation counsel as the need arises. Additionally, we assist with regulatory enforcement actions and investigations by financial industry regulators, including the CFPB, Federal Reserve, FDIC, OCC, SEC, FINRA, NYDFS and state attorneys general.

To learn more about our Data Incident Response team, please click here.

Information Governance

A robust privacy and information security program includes a thorough understanding of a financial services company's information life cycle. Baker Donelson's team helps clients examine their current data posture and evaluate their data needs including conducting GAP analyses, providing governance counsel, developing document retention and destruction policies and advising on the disclosure of documents in litigation (eDiscovery). We do this with a depth of experience in not only data privacy but also the financial services industry.

FinTech, Cloud Based Solutions and Emerging Technologies

Baker Donelson's team assists financial services institutions in implementing new technologies, products and solutions in compliance with applicable statutes, regulations, rules and supervisory expectations.

Email Disclaimer

NOTICE: The mailing of this email is not intended to create, and receipt of it does not constitute an attorney-client relationship. Anything that you send to anyone at our Firm will not be confidential or privileged unless we have agreed to represent you. If you send this email, you confirm that you have read and understand this notice.
Cancel Accept