In-House Role - Data Protection & Privacy Lawyer - Global Investment Bank - Contract opportunity

My client is a Tier 1 Investment Bank looking to hire an experienced data protection and privacy lawyer on an initial contract basis.

Key Responsibilities with include -

Jurisdictional coverage will include Europe, Middle East and Africa (EMEA), Asia Pacific including Japan (APAC) and South America focusing on the following specific areas:

1. Privacy/Data Protection:

• Advising in relation to the Privacy/Data Protection compliance program in co-ordination with various stakeholders.
• Monitoring legal and regulatory requirements on international, federal and state levels in relation to privacy and data protection.
• Development and maintenance of privacy/data protection policies and procedures.
• Conducting risk and impact assessments of operational practices for consistency with legal, regulatory, policy and procedural requirements.
• Advising on requirements in respect of retention and disposal of personal data.
• Advising on restrictions for marketing, including use of direct marketing or “spam” to ensure compliance with e-mail and telemarketing laws globally.

1. Data Location/Data Transfers/Data Disclosure

• Advising on legal and regulatory restrictions in respect of personal data location, cross border data transfers and personal data access restrictions/requirements globally.
• Reviewing and advising on notifications and consents in employee and third party documentation, (including customer terms, website terms, notices and policies), to ensure compliance with privacy and data protection requirements.
• Reviewing and advising on arrangements with affiliates and third party service providers who process personal data globally to ensure compliance with privacy/data protection requirements.

1. Monitoring

• Advising on restrictions on surveillance, (including use of CCTV) and monitoring including electronic communications, (e.g. email, sms, IM, telephone and mobile phone), user/personnel activity as well as the use of tracking, such as cookies or similar technology.
• Advising on use of big data analytics, including profiling, predictive analysis and interactions data.

1. Requests for Data

• Advising on jurisdictional restrictions in relation to personal data requests.
• Responsible for developing responses in respect of subject access requests, (i.e. individuals exercising their rights under applicable law to access copies of their personal data being processed by the Firm);
• Responsible for developing responses in respect of requests to access data by other third parties, (e.g. foreign regulators or governmental authorities in the context of reviews or investigations).
• Responsible for developing responses to international, federal and state governmental and external client in respect of general inquiries regarding privacy, data security, consumer protection and business continuity.

1. Information and IT Security

• Monitoring and advising on international legal and regulatory requirements in respect of Information Security and IT/Cyber Security.
•    Development of policies and procedures for safeguarding of Firm and client information consistent with legal and regulatory requirements.
•    Review and advising on information/IT/cyber security incidents, including cyber security/data leakage events, escalation, remediation and notification obligations to regulators and third parties to ensure compliance with applicable laws and regulations.
•    Providing input in respect of Information and IT Security training.