Our Cybersecurity and Financial Privacy team counsels banks, creditors, credit unions, and other financial institutions and their service providers, including vendors and processors, on a variety of cyberspace, cybersecurity, and financial privacy issues. We advise our clients on data breach prevention, response, litigation management, and resiliency, as well as a wide variety of related federal and state regulatory requirements. We help our clients offer online products and services through the entire lifecycle of the project, including the RFP process, vendor management and contracting, regulatory compliance and disclosures, electronic contracting, information security, and coordination with existing client policies and procedures.
Bradley attorneys have years of experience in working collaboratively with clients in the financial services industry. Several of our attorneys have served as bankers or bank regulators. We understand not merely the applicable laws and regulatory requirements, but more significantly, we understand our clients’ businesses. We work on a daily basis with banks and other financial service providers of all sizes, with respect to both their brick-and-mortar operations and their online services. This enables us to deliver solid, practical advice and counsel to help clients manage their cybersecurity and privacy risks successfully.
We draft a variety of consumer credit, deposit, online and mobile banking, and credit and debit card agreements designed to satisfy our clients’ regulatory requirements and commitment to preserving the confidentiality of their consumer customers’ financial privacy. Our attorneys also draft business retail agreements, such as treasury management agreements, international and domestic wire transfer agreements, ACH agreements, loan and leasing agreements, and other transactional documents intended to allocate cyber risk and financial privacy risk fairly between our clients and their clients, and to facilitate coordination of the parties’ efforts.
Bradley counsels financial services clients that have experienced a data breach from the point of discovery through the entire response and resiliency process. We work on an expedited and proactive basis by assembling team members from various disciplines and practice groups to navigate the complex regulatory, contractual, and law enforcement requirements; advise our clients regarding their cyber-insurance coverages; and guide them through their obligations to their customers and vendors, including notice and risk mitigation efforts. We work with their forensic investigators to ascertain the scope and effect of the breach and to protect the privileged nature of their work. We also work with their human resources, marketing, and public relations departments to ensure that a proactive, yet consistent, message is conveyed to potentially affected individuals. Our team includes litigators who work at every stage in the response process to manage and mitigate the liability risks posed by the breach. We also guide our clients through the aftermath of response, to ensure resiliency of systems, process, and policies designed to strengthen their cybersecurity management going forward.
We regularly advise and counsel financial services clients on a variety of privacy and information security risk assessment and mitigation processes, including the identification of, protection from, detection of, response to, and recovery from data security risks. Our lawyers work with our clients on internal processes and procedures designed to mitigate cyber risk and privacy threats at all levels of bank operations. In addition, we help develop customer-facing privacy policies and disclosures, including website privacy policies and GLBA and FCRA notices.
On a day-to-day basis, we assist clients with compliance involving a broad range of regulatory matters in connection with cybersecurity for the financial services industry, such as:
Our team drafts and negotiates service provider agreements on behalf of banks, creditors, and financial service clients to help them satisfy regulatory obligations and manage vendor risk, including SaaS, cloud computing, software licensing, bank core outsourcing, payment processing, credit card receivables and securitizations, and other information technology and service provider contracts. We draft related confidentiality, information security, independent contractor, web development and hosting, and business associate agreements intended to shore up our clients’ ability to protect the privacy and security of their proprietary and customer information. We also advise clients on the management of third-party risk through cyber-insurance coverage.