Skip to main content

Privacy and Data Security

What financial services firms know about their customers has become a heavily regulated aspect of doing business. We have been active for two decades in representing our financial services clients on matters relating to customer privacy.

We counsel financial institutions on the rapidly growing body of federal and state privacy laws affecting their operations, including developing privacy notices, negotiating data protection agreements with business partners, and setting up internal databases to ensure appropriate safeguards on access to, and disclosure of, personal information. We also work with clients on the privacy rules adopted pursuant to the HIPAA and on international privacy requirements, including the restrictions imposed by the Data Protection Directive of the EU. Our privacy experience includes protection of financial information, including electronic data. As a complement to this advice, we work closely with clients on the security aspects of information privacy, which involve technical considerations that are integral to any program of privacy compliance.

We represent clients in diligence on privacy and data security matters and contracts negotiations with data systems vendors.

As another core aspect of our Privacy and Data Security practice, Arnold & Porter's Data Breach Rapid Response team, which has members from across the firm, helps clients develop appropriate data breach response plans and, when breaches occur, works with clients to mitigate damage, to provide required notices to affected individuals, and to rapidly fortify defenses to potential legal challenges so as to minimize both short-term and long-term losses.