Sonnenschein Nath & Rosenthal LLP - Data Protection - Services for Financial Institutions

Search

Only in Internet, Communications & Data Protection
Advanced Search

Marc Zwillinger
888.858.6429 202.408.9171

Christian Genetski
888.858.6429 202.408.6463

Randy Sabett
888.858.6429 202.408.6830

Shane McGee
888.858.6429 202.408.9216

Data Protection Attorneys & Professionals

Services for Financial Institutions

Sonnenschein's Information Security and Internet Enforcement practice regularly provides counsel and advice to financial institutions including banks, investment banks, savings and loan associations and credit unions. Some of the services most requested by financial institutions are incident prevention and response and anti-phishing measures.

Prevention and response related to unauthorized acquisition of customer data

Under the new interagency guidance on response programs for unauthorized access to customer information issued by the banking regulatory agencies, regulated financial institutions now have a clear affirmative duty to protect customer information against unauthorized access or use.

Our Information Security group helps financial institutions create, maintain and implement effective and comprehensive information security programs to fulfill this duty. More specifically, the new interagency guidance requires an incident response program that safeguards data and provides notice to customers regulators and law enforcement when an incident has occurred.

Since the effective date of the regulations, Sonnenschein has helped a number of financial institutions implement these programs, and has drafted and reviewed customer notices, supervised investigations, conducted in-house training and managed subsequent inquiries into suspected breaches.

Phising response and enforcement

Many of our Firm's financial institution customers have had their websites spoofed by third-parties in an effort to trick customers into disclosing financial information to those who would seek to profit by it. Through both our own in-house monitoring program, or services of third parties with whom we partner, we have created monitoring programs to detect phishing sites, identify perpetrators, and provide effective takedown services when a site is detected.

These services range from requesting the webhost and domain name service provider to disable access to the site, to more full-scale investigations of the wrongdoers by obtaining legal process to access mail accounts to which passwords and other user information may be sent, determining the identity of wrongdoers and victims, and making appropriate referrals for law enforcement.