Photo of Kim Phan

Kim is a privacy and data security lawyer who counsels companies in federal and state privacy and data security statutes and regulations. Her work encompasses strategic planning and guidance for companies to incorporate privacy and data security considerations throughout product development, marketing, and implementation.

On March 15, the Consumer Financial Protection Bureau (CFPB) issued a Request for Information (Request) seeking public comment on the business practices of data brokers and how they impact the daily lives of consumers. Specifically, the CFPB is interested in hearing details about the types of data that data brokers collect and sell, as well

On February 9, the U.S. Department of Education (ED) released an announcement about updates that postsecondary institutions must make to their cybersecurity and data protection policies in order to comply with the Federal Trade Commission’s amended Standards for Safeguarding Customer Information (Safeguards Rule), a component of the Gramm-Leach-Bliley Act (GLBA). The effective date for most

As previously reported here, on May 25, 2022, the Consumer Financial Protection Bureau (CFPB or Bureau) published a blog post, examining what it described as the “practice of suppressing payment data” by credit card issuers in connection with their credit reporting. In its blog post, the CFPB alleged its research conducted in 2020

As discussed here, on October 27, 2022, the CFPB released an Outline of Proposals and Alternatives Under Consideration for public comments on the CFPB’s Section 1033 rulemaking. The window for providing written feedback closed on January 25, 2023. Below we have highlighted some of the submissions by industry and consumer groups.

The proposed rules

On January 4, the Consumer Financial Protection Bureau (CFPB) issued its 2022 Fall Rulemaking Agenda containing pre-rule, proposed rule, and final rules under consideration. The CFPB releases regulatory agendas twice a year in voluntary conjunction with a broader initiative led by the Office of Budget and Management to publish a Unified Agenda of Regulatory and

The deadline for complying with certain provisions of the Standards for Safeguarding Customer Information (Safeguards Rule) has been extended to June 9, 2023. As we previously posted, on January 10, the Federal Trade Commission’s (FTC) final rule amending the Safeguards Rule under the Gramm-Leach-Bliley Act became effective. The Safeguards Rule requires nonbanking financial institutions

At the Money 20/20 fintech conference, Consumer Financial Protection Bureau (CFPB) Director Rohit Chopra announced his intent to move forward with the CFPB’s rulemaking under Section 1033 of the Consumer Financial Protection Act as part of the financial services industry’s movement toward “open banking,” a concept that involves the use of APIs that provide direct

Please join Consumer Financial Services Partner Chris Willis and his colleagues Ron Raether and Kim Phan, partners in our Privacy + Cyber Practice Group, as they discuss recent privacy and data security updates in the consumer financial services industry. Topics include:

  • The CFPB’s and FTC’s regulatory stance on privacy and data security issues;
  • The current

This blog post was republished by Westlaw Today.

On September 26, Representative French Hill (R-AR) introduced new legislation, H.R. 8985, also known as the Credit Access and Inclusion Act of 2022, to amend the Fair Credit Reporting Act and allow payment information for utility bills and phone payments to be furnished to credit