The collection and use of information, including personal data, lies at the heart of the operations of financial institutions.  As data rich organisations, subject to stringent sector-specific regulations and standards concerning the use of information, financial institutions are at the forefront of developments in information management.

We advise on the full scope of regulatory issues that affect financial institutions' use of data, including data protection, privacy, confidentiality, information sharing, data and cyber security, cyber security, and information access regimes.

Our Privacy and Information Law Group is a market-leading practice that is consistently ranked in the Top Tier for data protection in the legal directories.  We have a truly international team of specialist lawyers and are rated by buyers of our services as the "go to firm" for expertise, commerciality and client care. Our clients recognise us as thought leaders, and trust us to advise them on the most complex of problems.

Having worked with some of the world's most distinguished financial institutions, advising them on all types of privacy, data protection and security projects, we have a unique perspective of how data protection issues are dealt with by these organisations.

We can support financial institutions on all aspects of privacy, data protection and security law, from the development of data protection strategies through to strategy execution, analysis of risk and risk mitigation.  We are also adept at handling troublesome regulatory problems, disputes and litigation.


Notable deals / highlights

  • We advised Europa Partnership in relation to subject access request matters, and in respect of a complaint received by the Information Commissioner's Office.

  • We conducted an international data transfer analysis for American Express, which included devising a data protection compliance strategy aimed at legitimising the sharing of personal data amongst subsidiaries globally and with vendors.

  • We advised OneSavings Bank on the conversion of Kent Reliance Building Society into the OneSavings Bank, which included full audit of all consumer facing and internal governance documentation, data transfer agreements with offshore datacentres, and website compliance reviews.

  • We advised Barclays on several data protection projects, including advising on Barclays Group's internet cookies compliance programme; advising on the terms of use for Barclays "Pingit" m-Payments service; and providing "General Counsel" support on a secondment basis to the in-house data protection team at Braclaycard during an internal restructuring process.

  • We advised RBS on a series of e-money programmes, including launch of mobile banking services on iPhone, e-money development and rollout programme and alliance agreement with Google Payment Royal Bank of Scotland; on the data protection implications affecting a proposed export of credit card-related data to a USA-based partner; and on RBS's electronic money services agreements.

  • We advised WorldPay on the design and implementation of its compliance programme (including staff training) in respect of data privacy requirements for its global merchant acquiring business.  This included advising on data collection requirements for card-holders and merchants, mapping data-flows at each part of the payment process (including card-holder authentication, transaction authorisation and fraud monitoring), advising on transferring payment card data to payment gateways and card schemes and advising WorldPay on its PCI-DSS compliance programme.