Photo of Kim Phan

Kim Phan

Subscribe to Kim Phan's Posts

Kim is a partner in the firm’s Privacy + Cyber Practice Group, where she is a privacy and data security attorney, who also assists companies with data breach prevention and response, including establishing effective security programs prior to a data breach and the assessment of breach response obligations following a breach.

Follow:Read more about Kim PhanKim's Linkedin Profile

Please join Consumer Financial Services Partner Chris Willis and his colleagues Ron Raether and Kim Phan, partners in our Privacy + Cyber Practice Group, as they discuss recent privacy and data security updates in the consumer financial services industry. Topics include:

  • The CFPB’s and FTC’s regulatory stance on privacy and data security issues;
  • The current landscape of privacy legislation; and
  • Emerging trends in privacy and data security litigation, including the status of litigation under the California Consumer Privacy Act, and how businesses can protect themselves going forward.

This blog post was republished by Westlaw Today.

On September 26, Representative French Hill (R-AR) introduced new legislation, H.R. 8985, also known as the Credit Access and Inclusion Act of 2022, to amend the Fair Credit Reporting Act and allow payment information for utility bills and phone payments to be furnished to credit

Troutman Pepper Partner Kim Phan will present “Dawn of the Web3 Era and the Legal Landscape on Blockchain, NFTs, and Metaverses” during NCVAA’s 16th Annual Conference in New York City. With the recent explosion of cryptocurrencies and other blockchain technologies, many companies are looking ahead to what this means for the next generation of the

Please join Consumer Financial Services Partner Kim Phan and her guests and colleagues Alan Wingfield and David Anthony in the second episode of a special four-part series on recent developments with the Consumer Financial Protection Bureau (CFPB). In this episode, topics include the CFPB’s position on preemption issues, Fair Credit Reporting Act (FCRA) state law infringement, and the CFPB’s general position on state interactions and enforcement.

Exemption Extensions Failed. On August 31, California’s legislature ended its 2022 session without adopting legislation to extend the California Consumer Privacy Act (CCPA) employee and business-to-business (B2B) personal information exemptions. In the absence of a special legislative session, these exemptions will expire on January 1, 2023.

History of the Exemptions. Under the current exemptions, covered

Please join Consumer Financial Services Partner Chris Willis and fellow Partners Lori Sommerfield and Kim Phan, along with special guest Matt Ater from Vispero, as they discuss recent developments in website accessibility governing public accommodations under Title III of the Americans with Disabilities Act (ADA). Topics include:

  • Current litigation trends, including the recent increase in ADA website accessibility lawsuits filed in federal and state courts;
  • Insights into the DOJ’s recent website accessibility guidance and enforcement efforts;
  • Recommendations for companies to achieve website accessibility compliance under the ADA;
  • Technological solutions for website accessibility; and
  • Elements of an effective ADA risk management program.

On August 11, the Consumer Financial Protection Bureau (CFPB) published a circular, answering the question “Can entities violate the prohibition on unfair acts or practices in the Consumer Financial Protection Act (CFPA) when they have insufficient data protection or information security?” with a resounding “yes.” Specifically, the CFPB pointed to three practices — inadequate authorization,

On July 29, New York State’s Department of Financial Services (NYDFS) released draft amendments (Draft Amendments) to its Part 500 Cybersecurity Regulation for financial service companies that, among others things: (1) contain significant changes regarding ransomware; (2) propose a new class comprising larger entities, which will be subject to increased obligations for their cybersecurity programs;

Eight national banking trade groups — the American Bankers Association, Consumer Bankers Association, Credit Union National Association, Housing Policy Council, Independent Community Bankers of America, National Association of Federally-Insured Credit Unions, National Bankers Association, and The Clearing House Association — petitioned the Consumer Financial Protection Bureau (CFPB) to extend its supervision to “data aggregators.” This

An amendment to the National Defense Authorization Act passed by the House in July would create a “systemically important entity” designation, applying new regulations and offering priority aid to certain critical infrastructure companies. But the American Bankers Association and Bank Policy Institute say the amendment as applied to financial institutions would duplicate existing regulations under