Professionals

Name / Keyword Office Practice Industry Language Show All
Practices

Antitrust

Business and Corporate

Construction

Cross-Border Business

Data Protection, Privacy and Cybersecurity

Emerging Companies

Environment, Social and Governance (ESG)

Financial Services

Government Enforcement and Investigations

Government Relations and Public Policy

Health Law

Hospitality

Immigration

Intellectual Property

Labor & Employment

Litigation

Mergers and Acquisitions

Product Liability, Class Action and Mass Tort

Real Estate

Securities

Tax

Technology

Transportation and Logistics
Industries

Automotive

Aviation

Construction

Disaster Recovery and Government Services

Drug, Device and Life Sciences

Education

Energy

Financial Services

Gaming

Governmental Entities

Health Care

Hospitality

Long Term Care

Manufacturing

Real Estate

Retail

Technology

Telecommunications

Transportation and Logistics
Experience

Featured Case Study
Community Healthcare Trust Incorporated Community Healthcare Trust Incorporated More Case Studies

Search Experience
Keywords Practice Industry
News & Events

Professionals
Practices
Industries
Experience
News & Events
Other Pages

Quick Results

View More Results

Practices

Data Protection: Payment Card Industry Security

Print Version

Baker Donelson's privacy professionals regularly advise clients on how to implement best practices to proactively ensure PCI-DSS compliance and minimize potential exposure.

Featured Video

The SEC Cyber Rules and Materiality: Show Your Work! October 31, 2023

Practice Overview

From major retailers to small businesses, all companies that accept, store, or transmit credit card data must comply with the Payment Card Industry Security Standards Council's (PCI SSC) Data Security Standards (DSS). Failure to comply with the PCI-DSS can negatively impact a company's reputation and have significant legal repercussions. As companies that are subject to PCI-DSS continue to be targets of sophisticated cyberattacks, complying with PCI-DSS remains paramount in avoiding potential data breaches and cyber incidents. As businesses collect substantial amounts of information on their customers, protecting that information has become increasingly difficult. When that data includes credit or debit card information, complying with mandatory security standards can seem even more complex. Baker Donelson has been recognized as an authorized NetDiligence Breach Coach® signifying it as a top tier law firm for Data Security, Privacy and Incident Response.

Baker Donelson's privacy professionals regularly advise clients on how to implement best practices to proactively ensure PCI-DSS compliance and minimize potential exposure. This includes working with clients to:

Assess the level of required PCI-DSS compliance
Evaluate relationships with vendors that may process credit card data on your company's behalf
Identify and direct investigations into suspected data incidents involving credit card data
Assist with regulatory reporting obligations

Whether your business has suffered a large-scale compromise, such as a ransomware attack, or is dealing with an inadvertent disclosure of an individual's credit card information, our team can help.

More than one-third of our Data Protection, Privacy and Cybersecurity attorneys are certified by the International Association of Privacy Professionals (IAPP) as Certified Information Privacy Professionals (CIPP/US, CIPP/E, CIPP/A and/or CIPP/C) and two attorneys who are Certified Information Privacy Managers (CIPM). In addition, our team includes a member certified in the Law of Data Security and Investigations (GLEG), a Fellow of Information Privacy (FIP), a Privacy Law Specialist (PLS) and another who is certified as a Payment Card Industry Professional (PCIP).

Our Financial Services Data Protection, Privacy and Cybersecurity attorneys advise businesses on all aspects of PCI DSS compliance, including:

Building and maintaining a secure network
Protecting cardholder data
Managing relationships with third-party payment processors
Maintaining a vulnerability management program
Implementing strong access-control measures
Regularly monitoring and testing networks
Maintaining an information security policy
Maintaining an incident response plan
Employee training
Leading investigations and working with industry experts to assist with detection, containment and recovery in data incidents affecting cardholder data
Assisting with assessment and drafting of any state and federal notification obligations
Managing communications with vendors, employees, customers, and other stakeholders
Responding to any state and federal government investigations that result from a cardholder data incident
Providing analysis to assist in developing post-incident remediation
Handling litigation, including class action cases, involving data incident issues

Represented national retailer managing cyber incident affecting customer credit card information, including working with forensic vendor to contain incident, conducting multi-state breach notification analysis, and notifying major credit card brands.
Advised a leading e-commerce company that was severely impacted by a phishing attack on multiple employee e-mail accounts that required assessment of regulatory issues under the Payment Card Industry Data Security Standards (PCI-DSS) and responding to regulatory investigations by state attorneys general.
Represented e-commerce startup company on all aspects of PCI-DSS compliance, including user terms and conditions, privacy policies, and negotiating contracts with third-party vendors.
Counseled retailer on complying with PCI-DSS requirements.
Assisted merchant errantly included on MATCH list.

"Top Privacy and Cybersecurity Issues to Track In 2024," Republished February 5, 2024, in CPO Magazine (January 2024)
"Show Your Work: The SEC Cyber Rules and Documenting Materiality Analysis Under NIST FIPS 199" (October 2023)
"NCUA Approves New Cyber Incident Reporting Requirements: What Credit Unions Need to Know" (February 2023)
"New Legislation Will Require Critical Sector Entities to Report Certain Cyber Incidents," republished April 7, 2022 in, CPO Magazine (March 2022)

The SEC Cyber Rules and Materiality: Show Your Work! (October 2023)
Ransomware Attacks in 2021: How to Navigate the Evolving Threat Landscape (July 2021)

Baker Donelson Authorized as Top Tier Firm by NetDiligence^® for Data Security, Privacy, and Incident Response (December 5, 2022)
Baker Donelson's Matt White Earns Certified Information Privacy Technologist Certification (August 30, 2022)
Baker Donelson Continues to Expand Its Technology & Privacy Practice with Addition of Vivien F. Peaden in Atlanta Office (August 4, 2021)
Baker Donelson's Alex Koskey Earns Payment Card Industry Professional Certification (May 17, 2021)

Matt White Discusses Use of AI Tools in Anti-Money Laundering Compliance in Global Association of Risk Professionals (November 10, 2023)
Alisa Chestler Featured in MedTech Intelligence Q&A on Overcoming Barriers to EHR Adoption in Behavioral Health (November 8, 2023)
Alex Koskey Comments on SEC's Cybersecurity Rules in Communications of the ACM (October 19, 2023)
Alisa Chestler Featured on Healthcare IT News' HIMSS TV Discussing Behavioral Health Data Interoperability (October 18, 2023)
Alisa Chestler Discusses SEC Rules Regulating Cybersecurity in Nashville Post Q&A (September 5, 2023)
Alisa Chestler Quoted in Part B News on Cybersecurity Challenges Facing Providers in the Wake of MOVEit Data Breach (August 21, 2023)
Alisa Chestler Comments on New SEC Cybersecurity Incident Disclosure Rule in VentureBeat (August 7, 2023)
Alisa Chestler Talks with Healthcare Risk Management About Impact of Proposed OCR Rule Involving Reproductive Privacy Rights on HIPAA Policies and Procedures (July 1, 2023)
Alisa Chestler Discusses Protecting Enterprise Assets Against Cybersecurity Failures in InformationWeek (June 21, 2023)
Matt White Comments on How Speed Complicates Real-Time Payment Anti-Fraud Protections in Global Association of Risk Professionals (June 16, 2023)
In Commercial Factor Q&A, Alex Koskey and Matt White Discuss Risks and Rewards of Utilizing AI in Financial Services (April 20, 2023)
Law360 Highlights Addition of Vivien Peaden to Firm's Privacy and Technology Practice (August 5, 2021)

Key Contacts

Matthew G. White, CIPP/US, CIPP/E, CIPT, CIPM, PCIP

T: 901.577.8182

Email Professional

Alexander F. Koskey, CIPP/US, CIPP/E, PCIP

T: 404.443.6734

Email Professional

View All Professionals in this Practice

Subscribe to
Publications

Related Practices

Social Profiles

Featured Media

Top Privacy and Cybersecurity Issues to Track In 2024

Publication / January 29, 2024

Matt White Discusses Use of AI Tools in Anti-Money Laundering Compliance in Global Association of Risk Professionals

News / November 10, 2023

Alisa Chestler Featured in MedTech Intelligence Q&A on Overcoming Barriers to EHR Adoption in Behavioral Health

News / November 8, 2023

Search By Last Name

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Baker Donelson is a national law firm with more than 650 attorneys and public policy advisors representing more than 30 practice areas to serve a wide range of legal needs. Clients receive knowledgeable guidance from experienced, multi-disciplined industry and client service teams, all seamlessly connected across 23 offices in Alabama, Florida, Georgia, Louisiana, Maryland, Mississippi, North Carolina, South Carolina, Tennessee, Texas, Virginia, and Washington, D.C.