Privacy and data security issues remain a constant and complicated concern for most financial services companies. High profile data security breaches, such as the recent breach at Zappos.com compromising 24 million customer account records and Global Payments, Inc. compromising over 1 million credit card numbers, seem to be a staple in the daily headlines.
Customer information is an invaluable resource for financial services companies in an increasingly competitive marketplace. As continuing innovations in technology make it easier for financial services companies to track, collect, maintain, and use customer information, companies must ensure that they manage this asset in compliance with the requirements under the Gramm-Leach-Bliley Act, other U.S. laws, and, if applicable, non-U.S. laws. They must also implement measures to mitigate the risk of unauthorized access to and loss of sensitive customer data.
A particular concern in the current regulatory environment is the recent focus by the Consumer Financial Protection Bureau on the oversight of business relationships with third party service providers, including those service providers that may have access to customer information. Financial services companies must monitor and ensure that their service providers protect the confidentiality and security of this information and that such providers cooperate in breach investigations. State laws may also mandate cooperation between data owners and service providers in connection with breaches of personal information in the care of the provider. Companies that have experienced a data breach and are doing business in multiple states must ensure that they comply with differing and evolving breach notification laws in each state. In addition to maintaining compliance in a continuously evolving legal landscape, companies may also be required to comply with certain standards or best practices promulgated by various industry groups.
Companies that fail to protect sensitive customer information face serious public relations issues and potential legal exposure. Our Financial Services Litigation and Compliance Group has the knowledge and industry experience to help financial services companies understand and comply with the various laws, standards, and other requirements that regulate the collection, use, sharing, and protection of customer information.
We advise financial services companies on all aspects of privacy and data security compliance, from the creation of privacy compliance programs and formal policies to negotiating privacy and data security protections in service provider agreements. We have provided privacy compliance services for a diverse array of financial services companies, including motor vehicle dealers, nationwide retailers, and depository financial institutions. We also work with companies that have experienced a data breach to ensure the company’s response plan meets all applicable requirements and minimizes the risk of public relations issues and exposure to litigation and regulatory actions.
We focus on the following core privacy and data security areas:
- Consumer and Employee Privacy
- Financial Privacy
- Gramm-Leach-Bliley Act and Fair Credit Reporting Act
- Data Safeguards and Security
- Data Breach Prevention, Response, and Notification
- Identity Theft Risks and Mitigation
- Online Advertising and Marketing
- Data Sharing Programs
- Direct Marketing Programs
- Privacy and Data Security Program Assessments and Reviews
- Payment Card Data Security
- Data Breach and Consumer Protection Litigation
- Data Retention Policies
- Data Sharing, Joint Marketing, and Service Provider Agreements