Bank of America is seeking an enterprise level information governance, privacy/data protection attorney.
In-depth knowledge of, and experience analyzing and applying laws and corporate policies related to information use, privacy and data protection.
Ability to stay abreast of emerging and evolving information use and privacy-related laws, regulations and cultural norms around the world and a facility with the intersections and dependencies of rapidly evolving legislative regimes.
Analyzing and applying laws and advising regarding regulations and corporate policies related to:
The EU General Data Protection Regulation and other international privacy laws and regulations, including EMEA, APAC and LATAM
International transfer of data across borders, standard contractual clauses and other transfer mechanisms;
US privacy laws, including GLBA, RFPA and US state privacy laws (e.g., CCPA);
FCC and FTC consumer privacy rules, including TCPA, email marketing and UDAAP;
The Fair Credit Reporting Act (FCRA) and its application to financial institutions, including requirements added to the FCRA by the FACT Act;
Biometrics, Geo-location, e-Commerce, D&I, AI, information security incident response and pandemic related/return to office matters;
Collection and use of Data and Personation Information, analytics and issues associated with governance of the information life cycle;
HIPAA and related regulations.
Proficiency with analyzing business practices around telemarketing, email marketing, affiliate sharing, data analytics, secondary use of consumer reports, credit scores, fraud scores, bankruptcy scores, and other model-based scores, and adverse action matters
Proficiency with online and mobile privacy laws, and privacy notice and disclosure requirements
Knowledge of, and practical experience with, data breach notification laws and regulations
Good understanding of the regulatory and associated legal frameworks and governing bodies that impact upon the collection and processing of personal information in the US and abroad, including the CFPB, OCC, Federal Reserve, European Commission, European Court of Justice, European Data Protection Authorities and other similar frameworks and organizations around the world, including self-regulatory regimes like the Direct Marketing Association and CTIA
Familiarity with privacy issues arising in the employment context, both in the US and internationally. Appreciation of the intersections of privacy law and employment law.
Proficiency advising risk and compliance managers and other corporate support functions and attorneys in the above areas, and supporting them in the development of practical operational processes that control risk and ensure compliance
Proficiency analyzing, drafting and negotiating information related contractual terms and conditions with third parties such as vendors and corporate/institutional clients, consistent with corporate policies and standards.
Demonstrated ability to work closely with risk and compliance, lines of business, other corporate functions and attorneys to identify risks and develop strategies for privacy/data protection, information use and cross border data movement initiative implementation and compliance.
Required Skills & Experiences:
Minimum of 5 -10+ years relevant experience at a major law firm or corporate legal department.
Deep knowledge of privacy/data protection around the world, including cross border data movement and human resources/employee privacy.
Experience in global financial services and with financial regulators is a plus.
Ability to field issues across a diverse set of legal fields.
Strong interpersonal, organizational and problem-solving skills.
Ability to present complex issues in a clear and concise manner and provide succinct results-oriented legal advice.
Ability to work in a fast-paced, demanding and collaborative environment with many stakeholders.
Independent, self-starter capable of prioritizing conflicting demands and handling multiple assignments simultaneously.
Strong influencing and leadership skills, including decisiveness on both legal and business issues.