Financial Information and Privacy Law


Privacy and data security are critically important in the financial services industry. The types of information held by financial institutions are among the most sensitive and highly regulated. Sidley advises clients on the full range of federal and state privacy and information practices matters affecting financial institutions.

In this rapidly changing environment, our lawyers represent and advise clients with respect to:

  • The Gramm-Leach-Bliley Act and its implementing regulations, including financial institutions’ privacy policies, information sharing practices and data safeguarding.
  • The Fair Credit Reporting Act, and its FACT Act amendments, which regulates the use of credit reports, identity theft prevention and other privacy-related practices.
  • The CAN-SPAM Act and federal and state telemarketing laws.
  • The Right to Financial Privacy Act.
  • Federal and state data security and data breach laws.
  • New legislative proposals, including proposals that would significantly expand privacy regulation at the federal level.
  • Regulatory and administrative developments, particularly given the divided jurisdiction among the FTC, CFPB and other agencies.
  • Cross-border issues relating to conflicting requirements of different domestic privacy regimes.

Because information is easily moved and because financial institutions increasingly operate across national borders—or use service providers who do—it is important to consider cross-border issues. This is particularly true because privacy laws, and even the basic understanding of privacy issues, vary tremendously among jurisdictions, most notably between the U.S. and the EU. Working with lawyers in our London and Brussels offices, we advise on transborder data transfers and other international privacy issues.

Representative Matters

  • Data Breach & Inadvertent Disclosure. Represented financial institutions following the discovery of data breaches or the inadvertent release of protected information. These situations require prompt action and consideration of numerous state and federal legal obligations, as well as practical concerns.
  • Data Breach Litigation. Represented a major lender against which a class action was filed following a highly publicized accidental release of information. We were able to secure the early dismissal of this case based on the lack of any damages, among other deficiencies.
  • Litigation on Receipt Truncation. Represented multiple defendants in litigation alleging violations of the prohibition in the FACT Act that credit card receipts contain truncated card account and expiration date information.
  • Privacy Policies. Assisted numerous clients with preparing their privacy policies, using the federal agencies’ new model form and considering the issues involved in data sharing under privacy policies.
  • Affiliate Sharing. Represented a large diversified financial services company, with insurance, securities and banking operations, regarding their affiliate information sharing practices, including with respect to a common data base and affiliate cross-marketing initiatives.
  • FTC Enforcement of FCRA. Represented several large companies faced with enforcement actions or investigations from the FTC regarding Fair Credit Reporting Act compliance.
  • Firm Offer of Credit Litigation. Defended a series of cases challenging the propriety under the FCRA of “firm offers of credit” extended to consumer. A favorable decision in one of these cases began the end of a series of cases that had plagued the entire consumer credit industry.
  • Telephone Consumer Protection Act. Defended numerous class action lawsuits involving the use of blast-faxing, text messaging and the restrictions on the use of autodialers.

Privacy and data security are critically important in the financial services industry. The types of information held by financial institutions are among the most sensitive and highly regulated. Sidley advises clients on the full range of federal and state privacy and information practices matters affecting financial institutions.

In this rapidly changing environment, our lawyers represent and advise clients with respect to:

  • The Gramm-Leach-Bliley Act and its implementing regulations, including financial institutions’ privacy policies, information sharing practices and data safeguarding.
  • The Fair Credit Reporting Act, and its FACT Act amendments, which regulates the use of credit reports, identity theft prevention and other privacy-related practices.
  • The CAN-SPAM Act and federal and state telemarketing laws.
  • The Right to Financial Privacy Act.
  • Federal and state data security and data breach laws.
  • New legislative proposals, including proposals that would significantly expand privacy regulation at the federal level.
  • Regulatory and administrative developments, particularly given the divided jurisdiction among the FTC, CFPB and other agencies.
  • Cross-border issues relating to conflicting requirements of different domestic privacy regimes.

Because information is easily moved and because financial institutions increasingly operate across national borders—or use service providers who do—it is important to consider cross-border issues. This is particularly true because privacy laws, and even the basic understanding of privacy issues, vary tremendously among jurisdictions, most notably between the U.S. and the EU. Working with lawyers in our London and Brussels offices, we advise on transborder data transfers and other international privacy issues.

Representative Matters

  • Data Breach & Inadvertent Disclosure. Represented financial institutions following the discovery of data breaches or the inadvertent release of protected information. These situations require prompt action and consideration of numerous state and federal legal obligations, as well as practical concerns.
  • Data Breach Litigation. Represented a major lender against which a class action was filed following a highly publicized accidental release of information. We were able to secure the early dismissal of this case based on the lack of any damages, among other deficiencies.
  • Litigation on Receipt Truncation. Represented multiple defendants in litigation alleging violations of the prohibition in the FACT Act that credit card receipts contain truncated card account and expiration date information.
  • Privacy Policies. Assisted numerous clients with preparing their privacy policies, using the federal agencies’ new model form and considering the issues involved in data sharing under privacy policies.
  • Affiliate Sharing. Represented a large diversified financial services company, with insurance, securities and banking operations, regarding their affiliate information sharing practices, including with respect to a common data base and affiliate cross-marketing initiatives.
  • FTC Enforcement of FCRA. Represented several large companies faced with enforcement actions or investigations from the FTC regarding Fair Credit Reporting Act compliance.
  • Firm Offer of Credit Litigation. Defended a series of cases challenging the propriety under the FCRA of “firm offers of credit” extended to consumer. A favorable decision in one of these cases began the end of a series of cases that had plagued the entire consumer credit industry.
  • Telephone Consumer Protection Act. Defended numerous class action lawsuits involving the use of blast-faxing, text messaging and the restrictions on the use of autodialers.
News & Insights