Tom Vincent

Tom C. Vincent II, CRCM, CIPP/US

Tom C. Vincent II brings extensive experience in regulatory compliance to his practice at GableGotwals. His background includes serving as chief compliance officer for different financial institutions, responsible for ensuring compliance with a myriad of requirements including customer protection, privacy, information security, and corporate governance.  Tom provides assistance to his clients with issues involving data security and privacy, including the establishment of privacy and cybersecurity programs, negotiation of appropriate protections for client information, breach identification, and required reporting.  Additionally, Tom has experience in investment advisory, trust and fiduciary, and insurance compliance, and has held various broker-dealer and investment advisory securities licenses.

Tom regularly presents on privacy and security issues to a variety of audiences, including attorneys, healthcare practices, financial and human resource professionals, and professional services firms.  He has also presented on trust administration and compliance topics to audiences of attorneys, bankers, and trust professionals.
As both a Certified Regulatory Compliance Manager and Certified Information Privacy Professional/United States, Tom’s hands-on industry experience helps him guide clients though the myriad of state and federal laws, regulations and requirements to ensure compliance and protect them from potential lawsuits and regulatory action.  Currently Tom serves as a member of the Board of Trustees of the Oklahoma Bar Foundation and of the Board of Directors of Tulsa Zoo Management, Inc.  Tom also serves as Co-Chair of the firm’s Diversity and Inclusion Committee and chairs its Recruiting, Retention and Development Subcommittee.

Experience includes:

  • Developed and implemented privacy and security compliance programs, including policies, training, and risk assessment processes, to meet various state, federal and international legal and regulatory requirements.
  • Development and implementation of vendor risk management programs to address privacy and security of client information, including vendor due diligence, standard contractual provisions, and monitoring/certification processes.
  • Served as HIPAA/HI-TECH Security Officer, including performing risk assessments on impacted areas, drafting the HIPAA/HI-TECH policy, and developing appropriate training materials.
  • Engaged security firms for various clients to perform penetration testing and other security assessments.
  • Review privacy and security incidents to determine reporting responsibilities across multiple states, territories, and countries, including development of required customer communications.
  • Served as a bank’s Bank Secrecy Act and Anti-Money Laundering Compliance Officer and chaired the bank’s Suspicious Activity Review Committee, working with Security, Fraud, and Supervised Assets departments to identify and report suspicious activity as required.
  • Served as Chief Compliance Officer and Corporate Secretary for a broker dealer and an institutional investment adviser to a family of mutual funds.
  • Served as an expert witness for a bank with respect to appraisal requirements under FIRREA.

Presentations include:

  • “All the Cool Kids are Doing It: Increasing Cybersecurity Awareness and Involvement Across Your Organization” (QualTech 2019), September 26, 2019
  • “Oh, THAT: The Hidden, Not-Initially-Visible and Otherwise Neglected Consequences of a Data Breach” (RNT Cyber Ethics Conference), September 25, 2019
  • “To Secure and Protect: Fulfilling the Expectations of Clients (and Others) in Commercial Real Estate and Fiduciary Transactions” (Tulsa Title and Probate Lawyers Association), June 13, 2019
  • “You Can’t Spell Cybersecurity Without HR (And Other Counterintuitive Considerations)” (DisruptHR Tulsa 3.0), September 13, 2018
  • “The Business of Compliance” (Evanta CISO Executive Summit – Dallas), November 28, 2017
  • “Bringing Your Information Security Program in Line with Your Contractual Promises, or Vice Versa” (Leo Cyber Security Law Conference, November 7 and 8, 2017)
  • “Cybersecurity for Attorneys: First Steps to Protecting Yourself Now – How Attorneys can Protect Themselves Against Cyber Insecurity” (Tulsa County Bar Association), November 8, 2017


J.D., Washington and Lee University School of Law, 1994

B.S., Southern Methodist University, 1991


Oklahoma Bar Association
Tulsa County Bar Association
American Bar Association
Institute of Certified Bankers
International Association of Privacy Professionals
Oklahoma Bankers Association