Regardless of what industry you are in, the protection of your customers' personal information is of increasing concern.  For the financial services industry, this concern is paramount and must be properly addressed both internally and with all third party vendors given access to customer data. 
 
A recent case in point -- the Royal Bank of Scotland ("RBS") learned that a computer containing personal information of more than 1 million of the bank's credit card applicants had been sold on eBay for 77 pounds sterling. In some cases, the information included customers' signatures, mothers' maiden names, account numbers and passwords.  The discovery was made by the successful bidder, who promptly notified the authorities.  The computer was apparently traced back to Graphic Data, an archiving firm utilized by RBS.  Graphic Data is currently undertaking an investigation into how the computer was removed from its secure site and ended up on eBay.
 
Best practices to help avoid this type of situation include carrying out proper due diligence into third party vendors' information security policies and practices as well as including appropriate contract clauses in vendor contracts addressing risks and responsibilities in the event of a security breach.  For an article with more information, go here.

For more information about legislation or litigation involving technology, intellectual property protection of information technology assets or any other Information Technology law issue, contact your Miller Canfield attorney or Kathy Ossian, Leader of our Information Technology Team, or call her direct at 313.496.7644.