Photo of Kim Phan

Kim is a partner in the firm’s Privacy + Cyber Practice Group, where she is a privacy and data security attorney, who also assists companies with data breach prevention and response, including establishing effective security programs prior to a data breach and the assessment of breach response obligations following a breach.

On February 13, the Federal Trade Commission (FTC) released a blog post warning companies that it could be deemed an unfair or deceptive practice for a company to adopt more permissive data practices and to only inform consumers of such changes through retroactive amendments to its terms of service or privacy policy.

Join hosts Dave Gettings, Kim Phan, and Chris Willis in this special crossover episode of FCRA Focus and The Consumer Finance Podcast in the first installment of our Year in Review and a Look Ahead series. They are joined by guests Cindy Hanson and Alan Wingfield, partners at Troutman Pepper, who share their insights on the most impactful developments in background screening and credit reporting in 2023. Listen in as they discuss industry challenges and opportunities, the implications of proposed regulatory changes, and what to expect in the future. Stay tuned for the next episode of our Year in Review and a Look Ahead series on The Consumer Finance Podcast, providing valuable insights for anyone involved in consumer finance.

Join hosts Dave Gettings, Kim Phan, and Chris Willis in this special crossover episode of FCRA Focus and The Consumer Finance Podcast in the first installment of our Year in Review and a Look Ahead series. They are joined by guests Cindy Hanson and Alan Wingfield, partners at Troutman Pepper, who share their insights on the most impactful developments in background screening and credit reporting in 2023. Listen in as they discuss industry challenges and opportunities, the implications of proposed regulatory changes, and what to expect in the future. Stay tuned for the next episode of our Year in Review and a Look Ahead series on The Consumer Finance Podcast, providing valuable insights for anyone involved in consumer finance.

We are pleased to share our annual review of regulatory and legal developments in the consumer financial services industry. With active federal and state legislatures, consumer financial services providers faced a challenging 2023. Courts across the country issued rulings that will have immediate and lasting impacts on the industry. Our team of more than 140 professionals has prepared this concise, yet thorough analysis of the most important issues and trends throughout our industry. We not only examined what happened in 2023, but also what to expect — and how to prepare — for the months ahead.

In this episode of The Consumer Finance Podcast, host, Chris Willis, is joined by Partners Kim Phan and Lori Sommerfield, to discuss recent developments related to website accessibility under the Americans with Disabilities Act (ADA). In this episode, they explore the Department of Justice’s proposed rule under Title II of the ADA, which seeks to improve state and local government website and mobile app access for individuals with disabilities, and the potential significance to the private sector. They also discuss the international World Wide Web Consortium’s latest version of its Web Content Accessibility Guidelines (WCAG), 2.2, and the first working draft of WCAG 3.0. Tune in to learn more about these important updates and how they may impact your organization.

Please join Troutman Pepper Partner Dave Gettings and colleagues Tim St. George and Cindy Hanson for a highly informative discussion on federal preemption as it relates to state laws and the Fair Credit Reporting Act (FCRA). This episode provides listeners with an overview of important state and local legislation governing background screening, along with discussions about how federal preemption might affect required compliance with these state and local laws. Topics include:

The U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) recently issued a report entitled Identity-Related Suspicious Activity: 2021 Threats and Trends highlighting threat patterns and trend information derived from financial institutions’ Bank Secrecy Act (BSA) filings for the calendar year 2021. Financial institutions are required to file suspicious activity reports no later than 30 calendar days after the initial detection of facts that could constitute suspicious activity.

On December 8, the Consumer Financial Protection Bureau (CFPB) and Federal Trade Commission (FTC) (collectively, the agencies) filed an amici curiae brief urging the U.S. Court of Appeals for the Fourth Circuit to reverse a district court’s decision finding that furnishers need not investigate indirect disputes involving purely legal questions under the Fair Credit Reporting Act (FCRA).

In this episode of The Consumer Finance Podcast, Chris Willis is joined by Kim Phan, a partner in our firm’s Privacy + Cyber practice, to discuss the Securities and Exchange Commission’s new cyber risk management and incident disclosure rules for publicly traded companies. The rules, already in effect, detail the information a public company must report following a cybersecurity incident and the timeline for reporting. Chris and Kim also discuss the ongoing reporting obligations for a public company related to a cyber incident after the initial reporting phase, how the rules apply when cyber incidents involve a third party’s system, and if the SEC has struck the right balance between informing investors versus the possibility of educating hackers on a company’s cybersecurity defenses. They also address the rule’s new requirement for annual disclosures about a company’s cybersecurity risk management, strategy, and governance.

On December 13, New York Governor Kathy Hochul signed into law S4907A, which prohibits hospitals, medical providers, or ambulance services from providing negative information about medical debt to consumer reporting agencies (CRAs). The law also requires that these entities include a provision in their contracts with collection agencies prohibiting the reporting of any portion of a medical debt to a CRA. Any debt that is reported to a CRA will be deemed void. The law became effective immediately after it was signed.