Counsel - Data Protection and Privacy

BNP Paribas   •  

San Francisco, CA

Less than 5 years

Posted 178 days ago

This job is no longer available.

What sets Bank of the West apart from other banks is our team members–they embody the optimistic spirit of the West. There is a spirit here that drives us to do more. Our team of more than 10,000 employees is vital to the success of our Bank. They reflect our modern western values—straightforward, entrepreneurial and optimistic. We seek to create a corporate culture that fosters and rewards excellence, encourages creative thinking and respects diversity – an environment where team members are engaged, supportive of one another and enthusiastic about serving our customers. Bank of the West offers the stability of a company that has a 135 year history and is part of BNP Paribas, a European leader in global banking and financial services and one of the 6 strongest banks in the world. We offer opportunities across our diverse business lines – Retail Banking, Commercial Banking, National Finance, and Wealth Management.

Job Description Summary

Provides legal counsel to the Bank’s business units and support functions on all aspects of data protection and privacy, including satisfying legal requirements to ensure the security and confidentiality of customer information and protect against unauthorized access, issuing appropriate privacy notice disclosures about the Bank’s use of customer information and information sharing practices, complying with applicable regulatory and industry guidance to promote data security, and satisfying legal requirements in the event of a data compromise.  Has in-depth knowledge of federal and state laws and regulations regarding data protection and privacy.

Essential Job Functions


·    Provide legal advice regarding all issues concerning privacy, data protection, data-sharing, and information systems

·    Serve as lead attorney to support activities of the Bank’s Information Security team, and closely collaborate with the Bank’s support functions on privacy-related issues

·    Advise on privacy and data security-related provisions of third party contracts

·    Advise on potential application of EU and other cross-border data security laws to the Bank’s activities

·    Work with the Bank’s Security, Corporate Compliance, Risk, Information Technology, HR Departments in responding to any federal or state regulatory investigations concerning privacy-related matters

·    Monitoring newly enacted privacy laws and regulations, including participating in regulatory development impact assessments, and advising the business units on best practices to comply with legal and regulatory requirements

·    Ensure that corporate data collection, storage and protection programs are consistent and comply with legal requirements

·    Advise on privacy policies for Bank activities, ensuring adoption of industry best practices

·    Advise on the sharing of confidential supervisory information (CSI)

·    Advise on the sufficiency of cybersecurity insurance

·    Advise on notification and other obligations in connection with security and privacy incidents and incident response programs

·    Advise the business units on physical security standards under the FFIEC Guidance and applicable federal laws



Required Experience

·    Juris Doctor degree from an accredited law school

·    Thorough knowledge of federal privacy and data protection laws, including the Gramm-Leach-Bliley Act, the Federal Trade Commission Act, the Health Insurance Portability and Accountability Act (HIPAA), and general familiarity with state data breach notification laws

·    4+ years experience providing legal counsel on data protection and privacy-related laws and regulations

·    Experience with providing legal support to business units which may be impacted by  European Union data protection and privacy laws

·    Business-oriented professional with the ability to suggest practical and innovative solutions around legal issues in support of strategic business initiatives and objectives

·    Candidate must be a member of the California State Bar or otherwise qualified to practice law in California as registered in-house counsel

·    Excellent academic and employment credentials

·    Excellent interpersonal skills, with an ability to communicate with multiple levels within an organization

·    Keeps informed of legislative and regulatory proposals related to privacy or data protection

·    A high-level of professionalism and outstanding business judgment

·    Experience with vendor relationship management and contract negotiations

·    Experience with technology solutions or systems used to safeguard privacy and data protection

·    Experience in a dynamic in-house environment preferred