Photo of Kim Phan

Kim Phan

Subscribe to Kim Phan's Posts

Kim is a partner in the firm’s Privacy + Cyber Practice Group, where she is a privacy and data security attorney, who also assists companies with data breach prevention and response, including establishing effective security programs prior to a data breach and the assessment of breach response obligations following a breach.

Follow:Read more about Kim PhanKim's Linkedin Profile

In this episode of Payments Pros, Carlin McCrory is joined by colleague Kim Phan to discuss the Consumer Financial Protection Bureau’s (CFPB) recent developments regarding Section 1033 of the Consumer Financial Protection Act (CFPA). This summer, the CFPB initiated a new rulemaking process, inviting industry comments on its final rule concerning personal financial data rights. With a deadline of October 21 for public comments, industry participants are encouraged to weigh in on access to consumer financial information.

Key point: Plaintiffs’ attorneys have started sending a wave of letters asserting opt-out and access rights under California’s Shine the Light law.

Over the last three months, businesses have been receiving requests from California residents seeking to exercise their rights under California’s Shine the Light law, Cal. Civ. Code § 1798.83. These requests are sent by attorneys who purport to represent a California resident who is a “customer” of, and has an “established business relationship” with, the business receiving the request. The requests seek an accounting of the customer’s personal information disclosed to third parties for direct marketing purposes within the past year.

On September 5, President Trump signed into law the Homebuyers Privacy Protection Act (HPPA) (H.R. 2808). This bipartisan legislation, sponsored by Representatives John Rose (R-TN) and Ritchie Torres (D-NY), aims to safeguard homebuyers’ personal financial information.

On August 21, the Consumer Financial Protection Bureau (CFPB or Bureau) took a significant step forward in its reconsideration of the Section 1033 open banking final rule, originally issued in November 2024, by issuing an Advance Notice of Proposed Rulemaking (ANPR). This move follows the Bureau’s announcement that it would be reopening the rulemaking process when it requested a stay to the original rule amidst legal challenges.

In a significant turn of events, the Consumer Financial Protection Bureau (CFPB or Bureau) has decided to initiate a new rulemaking process concerning its final rule on personal financial data rights under Section 1033 of the Consumer Financial Protection Act of 2010 (1033 rule). This decision comes amidst ongoing legal challenges, notably from Forcht Bank, N.A.; Kentucky Bankers Association; and the Bank Policy Institute, which filed a lawsuit immediately after the 1033 rule was finalized challenging it.

In this episode of Moving the Metal: The Auto Finance Podcast, hosts Brooke Conkle and Chris Capurso are joined by colleagues Kim Phan and Aileen Ng for a deep dive into the Federal Trade Commission’s (FTC) Safeguards Rule under the Gramm-Leach-Bliley Act, focusing on its impact on the auto-finance industry. The discussion covers the recent FAQs published by the FTC to aid auto dealers in compliance, the evolving cybersecurity requirements, and the contrasting regulatory approaches between the Trump and Biden administrations. The episode explores how auto dealers fit into the Safeguards Rule, the implications of their relationships with original equipment manufacturers and service providers, and the notification requirements in the event of a data breach. Additionally, the conversation addresses various financing scenarios and how they trigger the Safeguards Rule. Tune in for a comprehensive understanding of these regulations and practical insights for auto dealers navigating these complex legal landscapes.

In this special crossover episode between FCRA Focus and The Consumer Finance Podcast, Kim Phan, Dave Gettings, Chris Willis, and Cindy Hanson explore the recent withdrawal of Consumer Financial Protection Bureau (CFPB) guidance affecting the Fair Credit Reporting Act (FCRA). This episode provides a comprehensive analysis of how these changes impact key areas such as preemption, background screening, permissible purpose, artificial intelligence, and state attorneys general enforcement actions. The discussion highlights the implications for consumer reporting agencies, furnishers, end-users, and the broader regulatory landscape, offering valuable insights for professionals navigating these evolving challenges. Tune in to understand the potential shifts in compliance and enforcement.

In this special crossover episode between FCRA Focus and The Consumer Finance Podcast, Kim Phan, Dave Gettings, Chris Willis, and Cindy Hanson explore the recent withdrawal of Consumer Financial Protection Bureau (CFPB) guidance affecting the Fair Credit Reporting Act (FCRA). This episode provides a comprehensive analysis of how these changes impact key areas such as preemption, background screening, permissible purpose, artificial intelligence, and state attorneys general enforcement actions. The discussion highlights the implications for consumer reporting agencies, furnishers, end-users, and the broader regulatory landscape, offering valuable insights for professionals navigating these evolving challenges. Tune in to understand the potential shifts in compliance and enforcement.

In this episode of FCRA Focus, hosts Kim Phan and Dave Gettings are joined by Eric Ellman, president of the National Consumer Reporting Association (NCRA), for an insightful discussion on the current landscape of tenant screening and mortgage reporting resellers. Eric shares his thoughts on the challenges these industries face, including increased litigation and regulatory pressures at the state level. The conversation delves into the unique role of resellers in the consumer reporting ecosystem and the legal ambiguities affecting them. Eric also discusses the NCRA’s advocacy efforts to address these issues and highlights the potential for growth through technology and artificial intelligence. Tune in to understand the complexities and opportunities within the tenant screening and reseller sectors, all while enjoying Eric’s sartorial flair.

In this crossover episode of The Consumer Finance Podcast and Regulatory Oversight, Chris Willis, Kim Phan, and Stephen Piepgrass provide insights on a new joint privacy task force among several state AGs, known as the Consortium of Privacy Regulators. The consortium recently outlined goals to share state resources and align enforcement priorities regarding consumer harm and privacy rights. In response to an anticipated shift of regulatory scrutiny from federal agencies to state leaders, this episode focuses on specific steps financial services companies should consider when dealing with consumer privacy, data, complaints, and inquiries to ensure compliance and mitigate potential investigations and enforcement actions.