Skip to Main Content

Data Protection: Financial Services

Print Version

We provide financial services clients with counsel and resources designed to address all facets of data privacy and cybersecurity, including compliance, training, incident response, regulatory investigations, and litigation.

Featured Videos

Year-End Privacy and Security Trends: What Financial Institutions Need to Know September 15, 2021
Crisis Communications During a Data Incident: Essentials for Your Organization August 18, 2021
Ransomware Attacks in 2021: How to Navigate the Evolving Threat Landscape July 21, 2021
Session Replay Technology and State Wiretap Class Actions: The Emerging Class Action Trend of 2021 July 14, 2021
An Overview of HIPAA Issues for Financial Institutions and Best Practices for Your Vendor Management Program June 16, 2021
Additional Incident Response Considerations – Protecting the Attorney-Client Privilege and Involving Your Board of Directors May 19, 2021

Practice Overview

Baker Donelson's dedicated Financial Services Data Protection, Privacy and Cybersecurity Team includes more than 30 attorneys from practice areas across the Firm. Members of our team are certified with the world's largest privacy organization, the International Association of Privacy Professionals (IAPP). Through IAPP, Baker Donelson attorneys have earned a number of accreditations, including those focused on privacy and security laws in the U.S. (Certified Information Privacy Professional, CIPP/US), Europe (Certified Information Privacy Professional, CIPP/E), and Canada (Certified Information Privacy Professional, CIPP/C), as well as privacy management (Certified Information Privacy Manager, CIPM). In addition, a team member is certified in the Law of Data Security and Investigations (GLEG) and another is certified as a Payment Card Industry Professional (PCIP). Our team has experience in all areas of information management – from privacy and data security planning and design, to compliance, to data breach and litigation management.

We provide financial services clients with concise counsel and resources designed to address the entire information life cycle, advising on all facets of information management. The team coordinates communication between stakeholders to identify and manage risk effectively; help reduce governance and compliance expenditures through integration of legal requirements into business processes; and apply information security and privacy technology standards effectively and cost-efficiently. This approach to information security management can help organizations maximize their return on technology and related investment through cost savings, enhanced profits and innovation.

Compliance Planning and Implementation

We integrate privacy and data security compliance into an institution's overall compliance management system. We assist financial services clients in developing training programs, associated policies, and audit procedures necessary for managing compliance responsibilities and risks. This includes the creation of and continued examination of privacy and data security policies and procedures which should be designed and integrated with an understanding of the organization's data retention and destruction policies, as well as internal and external controls. We also help clients with outward facing messages including their website and e-commerce platform. We assist with preparing for and responding to state and federal regulatory exams and provide counsel to clients on how to continually improve policies and procedures for a strong compliance management system.

Vendor Management and Transactional Due Diligence

An increased scrutiny is being placed on the relationships between financial services providers and their vendors. Baker Donelson counsels both financial institutions and vendors in developing effective vendor management systems with a focus on data privacy and security issues. This includes creating proper due diligence platforms to evaluate vendor relationships, contract negotiations, and ongoing monitoring to evaluate changes in risk. Regulatory agencies are holding financial institutions accountable for the actions of their vendors, so it is critical to have a proper vendor management system in place.

Data Breach, Response, Readiness and Litigation

We assist financial services clients in the development of data incident programs, including the establishment of a response framework and incident notification procedures. Baker Donelson has represented financial institutions and their service providers of all sizes in responding to data breaches. Our experienced team helps clients to manage their overall response from the outset and incorporates litigation counsel as the need arises. Additionally, we assist with regulatory enforcement actions and investigations by financial industry regulators, including the CFPB, Federal Reserve, FDIC, OCC, SEC, FINRA, NYDFS and state attorneys general.

To learn more about our Data Incident Response team, please click here.

Information Governance

A robust privacy and information security program includes a thorough understanding of a financial services company's information life cycle. Baker Donelson's team helps clients examine their current data posture and evaluate their data needs including conducting GAP analyses, providing governance counsel, developing document retention and destruction policies and advising on the disclosure of documents in litigation (eDiscovery). We do this with a depth of experience in not only data privacy but also the financial services industry.

FinTech, Cloud Based Solutions and Emerging Technologies

Baker Donelson's team assists financial services institutions in implementing new technologies, products and solutions in compliance with applicable statutes, regulations, rules and supervisory expectations.

Email Disclaimer

NOTICE: The mailing of this email is not intended to create, and receipt of it does not constitute an attorney-client relationship. Anything that you send to anyone at our Firm will not be confidential or privileged unless we have agreed to represent you. If you send this email, you confirm that you have read and understand this notice.
Cancel Accept