Photo of Kim Phan

Kim is a privacy and data security lawyer who counsels companies in federal and state privacy and data security statutes and regulations. Her work encompasses strategic planning and guidance for companies to incorporate privacy and data security considerations throughout product development, marketing, and implementation.

The deadline for complying with certain provisions of the Standards for Safeguarding Customer Information (Safeguards Rule) has been extended to June 9, 2023. As we previously posted, on January 10, the Federal Trade Commission’s (FTC) final rule amending the Safeguards Rule under the Gramm-Leach-Bliley Act became effective. The Safeguards Rule requires nonbanking financial institutions

At the Money 20/20 fintech conference, Consumer Financial Protection Bureau (CFPB) Director Rohit Chopra announced his intent to move forward with the CFPB’s rulemaking under Section 1033 of the Consumer Financial Protection Act as part of the financial services industry’s movement toward “open banking,” a concept that involves the use of APIs that provide direct

Please join Consumer Financial Services Partner Chris Willis and his colleagues Ron Raether and Kim Phan, partners in our Privacy + Cyber Practice Group, as they discuss recent privacy and data security updates in the consumer financial services industry. Topics include:

  • The CFPB’s and FTC’s regulatory stance on privacy and data security issues;
  • The current

This blog post was republished by Westlaw Today.

On September 26, Representative French Hill (R-AR) introduced new legislation, H.R. 8985, also known as the Credit Access and Inclusion Act of 2022, to amend the Fair Credit Reporting Act and allow payment information for utility bills and phone payments to be furnished to credit

Troutman Pepper Partner Kim Phan will present “Dawn of the Web3 Era and the Legal Landscape on Blockchain, NFTs, and Metaverses” during NCVAA’s 16th Annual Conference in New York City. With the recent explosion of cryptocurrencies and other blockchain technologies, many companies are looking ahead to what this means for the next generation of the

Please join Consumer Financial Services Partner Kim Phan and her guests and colleagues Alan Wingfield and David Anthony in the second episode of a special four-part series on recent developments with the Consumer Financial Protection Bureau (CFPB). In this episode, topics include the CFPB’s position on preemption issues, Fair Credit Reporting Act (FCRA) state law

Exemption Extensions Failed. On August 31, California’s legislature ended its 2022 session without adopting legislation to extend the California Consumer Privacy Act (CCPA) employee and business-to-business (B2B) personal information exemptions. In the absence of a special legislative session, these exemptions will expire on January 1, 2023.

History of the Exemptions. Under the current exemptions, covered

Please join Consumer Financial Services Partner Chris Willis and fellow Partners Lori Sommerfield and Kim Phan, along with special guest Matt Ater from Vispero, as they discuss recent developments in website accessibility governing public accommodations under Title III of the Americans with Disabilities Act (ADA). Topics include:

  • Current litigation trends, including the recent increase in

On August 11, the Consumer Financial Protection Bureau (CFPB) published a circular, answering the question “Can entities violate the prohibition on unfair acts or practices in the Consumer Financial Protection Act (CFPA) when they have insufficient data protection or information security?” with a resounding “yes.” Specifically, the CFPB pointed to three practices — inadequate authorization,