Our Website Uses Cookies
We and the third parties that provide content, functionality, or business services on our website may use cookies to collect information about your browsing activities in order to provide you with more relevant content and promotional materials, on and off the website, and help us understand your interests and improve the website.
For more information, please contact us or consult our Privacy Notice.
Your binder contains too many pages, the maximum is 40.
We are unable to add this page to your binder, please try again later.
This page has been added to your binder.
From helping to draft key legislation, to participating in key rulemaking proposals and policy initiatives, to counseling clients in complying with implementing requirements and representing clients in litigation, investigations and agency examinations, Covington’s financial privacy lawyers have been at the center of the development of comprehensive and workable rules to protect the privacy of personal financial information. By providing testimony, advice, and representation, we are thought leaders on these critical policy and business issues.
Firm lawyers were extensively involved in the legislative process that produced the Gramm-Leach-Bliley Act (“GLB”), governing general financial institution privacy, and the Fair and Accurate Credit Transactions Act (“FACTA”), the 2003 legislation that overhauled the Fair Credit Reporting Act (“FCRA”) and made permanent its federal preemptions. We also worked closely with the federal regulatory agencies that issued detailed regulations implementing these laws. Indeed, two of our lawyers led the implementation team sport key rulemaking proceedings at the Federal Reserve Board and Federal Trade Commission.
We regularly advise clients regarding compliance with GLB, FACTA, FCRA and their underlying regulations. Likewise, we assist our clients in understanding and complying with the many state laws and regulations that have emerged in recent years governing financial privacy and identity theft. We have also advised UK and European financial institutions on the privacy implications of complying with EU money-laundering rules and access requests.
Our lawyers regularly assist both financial and non-financial companies in responding to data security breaches, as well as in developing programs to avoid such breaches. We also have negotiated with federal and state regulators on behalf of clients to mitigate potential penalties and enforcement actions related to data security breaches. We have deep experience with regulatory authorities at every level, which is played an important role in our ability to achieve favorable results for our clients.
Fair Credit Reporting Act (FCRA)
Advising several of the largest bank holding companies in the U.S. on compliance with the FCRA. Advising major consumer reporting agencies and trade associations on the requirement of the FCRA. Successfully representing numerous consumer reporting agencies and financial services providers in CFPB and FTC supervisory and enforcement actions relating to FCRA. Representing numerous firms in connection with the acquisition of FCRA-regulated businesses, including due diligence and preparation of merger and acquisition documents.
Gramm-Leach-Bliley Act (GLBA) and State Financial Privacy Laws
We have advised the largest and most sophisticated banks, consumer reporting agencies, and financial services companies on the collection, use and disclosure of nonpublic personal information under GLBA, that California Financial Information Privacy Act, and similar laws, including the development and implementation of privacy notices.
Global compliance
Serving as global privacy and data security counsel to a global e-commerce business, including advising on financial services privacy and information security-related aspects of certain mobile payments and mobile wallet services and international data transfers
PCI DSS Standards
Advised online retailers regarding compliance with the Payment Card Industry standards for the storage, processing, and transmission of credit cardholder data.
Health privacy litigation
Advised a large pharmaceutical company in connection with litigation involving the alleged infringement of patient privacy by a pharmacy chain that collects personal information about prescription drug users.
April 19, 2018
WASHINGTON—The BTI Consulting Group has named Covington lawyers Andrew Smith, Jonathan Sperling, and Allan Topol to its 2018 “Client Service All-Stars” list, which recognizes “the leaders in superior client service.” Mr. Smith, based in Washington, advises clients on retail financial services, credit reporting, privacy, technology, and e-commerce issues. He ...
March 16, 2018, Inside Privacy
By Bruce Bennett, Carlo Kostka, Charlotte Hill, Craig Pollack, Dan Cooper, Gemma Nash, Kristof Van Quathem, Mark Young, and Sophie Bertin The EU Payment Services Directive (PSD2), which took effect on January 13, 2018, puts an obligation on banks to give Third Party Providers (TPPs) access to a customer’s payment account data, provided the customer expressly...… ...
Rising Star: Covington & Burling's Elizabeth Canter
August 2, 2017, Law360
Libbie Canter was named a "Rising Star" by Law360, recognizing her as a top lawyer under 40 in Privacy & Cybersecurity law. In its profile of Canter, Law360 highlights her advisory role on significant transactions, including Microsoft’s $8.5 billion acquisition of video call service Skype.
Proposed Restrictions on Mexican Remittances Could Hinder Fintechs, Probably Not Banks
May 11, 2017, Forbes
Michael Nonaka is quoted in a Forbes article regarding the prospect of President Trump's taxing remittances for a Mexico border wall, and the possibility of an increase in the use of digital currencies as a result. In discussing banks and payment companies' experience in this field, Nonaka indicates that these institutions have taken the proposed rules in ...
Spring 2017, The Business Lawyer
Spring 2017, The Business Lawyer
December 5, 2016, Inside Privacy
On December 1, 2016, the Commission on Enhancing National Cybersecurity released its Report on Securing and Growing the Digital Economy. In its Report, the Commission, established in February 2016 by President Obama, provided detailed short- and long-term recommendations to strengthen cybersecurity in the public and private sectors. The Commission took a ...
October 20, 2016, Covington Alert
On October 19, 2016, the Board of Governors of the Federal Reserve System (Federal Reserve), Office of the Comptroller of the Currency (OCC), and Federal Deposit Insurance Corporation (FDIC) (collectively the “Agencies”) released a joint Advance Notice of Proposed Rulemaking (ANPR) requesting public comment on enhanced cybersecurity standards that would apply to ...
September 15, 2016, Inside Privacy
On September 13, 2016, New York Governor Andrew Cuomo announced a proposed regulation that would require financial service institutions to develop and implement cybersecurity programs to prevent and mitigate cyber-attacks. The proposed regulation will be subject to a 45-day comment period once it is published in the New York State Register. The regulation will ...
August 31, 2016, Inside Privacy
The Federal Trade Commission (“FTC” or “Commission”) is soliciting public comments on its Standards for Safeguarding Customer Information (“Safeguards Rule”) as part of the systematic review of all FTC rules and guides on a 10-year schedule. The Safeguards Rule was promulgated by the Commission pursuant to the Gramm-Leach-Bliley Act’s (“GLBA”) directive for ...
June 15, 2016, Inside Privacy
By Ciarra Chavarria and Keir Gumbs On June 8, 2016, the Securities and Exchange Commission announced that Morgan Stanley Smith Barney LLC (“Morgan Stanley”) had agreed to pay $1 million as a penalty for charges relating to its “failures to protect customer information.” Morgan Stanley’s settlement with the SEC came several months after a federal...… Continue ...
May 17, 2016, Inside Privacy
The EU Network and Information Security (NIS) Directive now looks likely to enter into force in August of this year. Member States will then have 21 months to implement it into national law before the new security and incident notification obligations will start to apply to the following entities: designated* “operators of essential services” within...… ...
May 5, 2016, Data Guidance
Michael Nonaka is quoted in this Data Guidance article regarding the Payment Card Industry Security Standards Council’s latest version of its data security standard. According to Nonaka, "PCI DSS version 3.2 does not reflect sweeping changes to the requirements in prior versions, but it is indicative of the data security priorities being expressed by card ...
October 22, 2014, Inside Privacy
By Ani Gevorkian On Monday, the Consumer Financial Protection Bureau (CFPB) finalized a rule that promotes more effective privacy disclosures and saves the financial services industry around $17 million dollars. The new rule permits financial institutions that restrict data-sharing to post their annual privacy notices online rather than delivering them to ...
September 25, 2014, Inside Privacy
This week, the Government Accountability Office (“GAO”) released a report recommending eleven actions the Consumer Financial Protection Bureau (“CFPB”) should take to enhance the privacy and security of its ongoing data collections. The report also provides a detailed look at the increasingly large volume of information that CFPB collects, and how the agency’s ...
September 8, 2014, Inside Privacy
A New York federal judge last week affirmed his earlier dismissal of a civil action alleging that a restaurant chain willfully violated the Fair and Accurate Credit Transactions Act (“FACTA”). FACTA requires businesses that accept credit cards to redact from customers’ receipts the card’s expiration date and all but the last five digits of the...… Continue ...
August 20, 2014, Inside Privacy
The Federal Trade Commission (“FTC”) has approved final orders settling charges against Fandango and Credit Karma that the companies misrepresented the security of their mobile apps and failed to protect the transmission of consumers’ sensitive personal information. The FTC specifically alleged that, although the companies made security promises to consumers ...