Photo of Kim Phan

Kim is a partner in the firm’s Privacy + Cyber Practice Group, where she is a privacy and data security attorney, who also assists companies with data breach prevention and response, including establishing effective security programs prior to a data breach and the assessment of breach response obligations following a breach.

Join us for a special crossover episode of The Consumer Finance Podcast and Regulatory Oversight, where Chris Willis, Kim Phan, and Gene Fishel delve into the evolving world of state AI legislation. As AI becomes a pivotal tool in the financial services industry, understanding the implications of new laws is crucial. This episode focuses on Colorado’s comprehensive AI law and its potential influence on other states, exploring key issues such as algorithmic discrimination, privacy, and cybersecurity. Gain insights into best practices for compliance and learn how state attorneys general are stepping up enforcement in the absence of federal action. Don’t miss this informative discussion bridging consumer finance and regulatory oversight.

In this episode of FCRA Focus, hosts Kim Phan and Dave Gettings bring you the latest updates from the regulatory and litigation sides of the house. Dave shares his insights on the challenges and litigation surrounding identity theft investigations, offering practical tips for furnishers to navigate these complex issues. Kim provides an overview of the Consumer Financial Protection Bureau’s renewed supervision efforts and what it means for Fair Credit Reporting Act compliance. Tune in for an engaging discussion filled with valuable information and practical advice.

On March 18, President Donald Trump dismissed the two Democratic commissioners from the Federal Trade Commission (FTC). The removal of Commissioners Alvaro Bedoya and Rebecca Kelly Slaughter has sparked significant controversy and legal challenges.

Join host Kim Phan and special guests David Anthony, Stefanie Jackman, and Mark Furletti as they delve into the significant Fair Credit Reporting Act (FCRA) developments of 2024 and provide insights on what to expect in 2025. This episode covers a range of topics, including the impact of the outgoing Biden Administration and the incoming Trump Administration on FCRA regulations, the Consumer Financial Protection Bureau’s recent rulemaking activities, and the ongoing legal challenges. Tune in to understand the evolving landscape of consumer reporting laws and regulation and how it may affect your business. Don’t miss this comprehensive review and analysis from Troutman Pepper Locke’s seasoned legal professionals.

On January 30, the Consumer Financial Protection Bureau (CFPB or Bureau) released its updated list of consumer reporting companies for 2025. The list includes nationwide consumer reporting companies as well as several other companies that focus on specific market areas, consumer segments, and types of users. According to the CFPB, consumers can use the list to know about the kinds of personal financial information that is collected for credit and other consumer reports, request their consumer reporting data, dispute inaccuracies, and block access to their credit reporting data through security freezes. 

On January 8, the Consumer Financial Protection Bureau (CFPB) officially recognized Financial Data Exchange, Inc. (FDX) as the first standard-setting body under the Personal Financial Data Rights promulgated rule under Section 1033 of the Dodd-Frank Act. This rule, released in October 2024, requires depository and nondepository entities to make available to consumers and authorized third parties certain data relating to consumers’ accounts, establish obligations for third parties accessing a consumer’s data, and provide basic standards for data access.

On January 3, the Federal Trade Commission (FTC) issued a press release announcing that accessiBe Inc. and accessiBe Ltd. (collectively, accessiBe) agreed to pay $1 million to settle allegations of deceptive advertising practices in violation of the FTC Act. Specifically, the FTC’s complaint alleged that accessiBe misrepresented the artificial intelligence (AI) capabilities of its website accessibility tool, accessWidget, to make websites compliant with the Web Content Accessibility Guidelines (WCAG). The FTC further alleged that accessiBe paid for reviews on third-party websites that were formatted to appear as the opinions of impartial authors and publications and failed to disclose material connections to such online reviewers.

In this episode, Brooke Conkle and Chris Capurso, attorneys in the firm’s Consumer Financial Services Practice Group, are joined by Kim Phan, a partner in the firm’s Privacy and Cyber Practice Group. They delve into the latest trends in privacy and their significant impact on the auto finance industry. The discussion covers the evolving landscape of data security, the implications of connected cars and the Internet of Things, and the challenges and opportunities presented by AI. Kim also shares insights on how recent legislative changes and the new administration may shape the future of privacy regulations. Tune in for a comprehensive analysis of these critical issues and their potential ramifications for the auto finance sector.

On December 9, the Consumer Financial Protection Bureau (CFPB or Bureau) announced the launch of a rulemaking process addressing credit reporting on survivors of domestic violence, elder abuse, and other forms of financial abuse.