Photo of Kim Phan

Kim is a privacy and data security lawyer who counsels companies in federal and state privacy and data security statutes and regulations. Her work encompasses strategic planning and guidance for companies to incorporate privacy and data security considerations throughout product development, marketing, and implementation.

Troutman Pepper Partner Kim Phan will present “Dawn of the Web3 Era and the Legal Landscape on Blockchain, NFTs, and Metaverses” during NCVAA’s 16th Annual Conference in New York City. With the recent explosion of cryptocurrencies and other blockchain technologies, many companies are looking ahead to what this means for the next generation of the

Please join Consumer Financial Services Partner Kim Phan and her guests and colleagues Alan Wingfield and David Anthony in the second episode of a special four-part series on recent developments with the Consumer Financial Protection Bureau (CFPB). In this episode, topics include the CFPB’s position on preemption issues, Fair Credit Reporting Act (FCRA) state law

Exemption Extensions Failed. On August 31, California’s legislature ended its 2022 session without adopting legislation to extend the California Consumer Privacy Act (CCPA) employee and business-to-business (B2B) personal information exemptions. In the absence of a special legislative session, these exemptions will expire on January 1, 2023.

History of the Exemptions. Under the current exemptions, covered

Please join Consumer Financial Services Partner Chris Willis and fellow Partners Lori Sommerfield and Kim Phan, along with special guest Matt Ater from Vispero, as they discuss recent developments in website accessibility governing public accommodations under Title III of the Americans with Disabilities Act (ADA). Topics include:

  • Current litigation trends, including the recent increase in

On August 11, the Consumer Financial Protection Bureau (CFPB) published a circular, answering the question “Can entities violate the prohibition on unfair acts or practices in the Consumer Financial Protection Act (CFPA) when they have insufficient data protection or information security?” with a resounding “yes.” Specifically, the CFPB pointed to three practices — inadequate authorization,

On July 29, New York State’s Department of Financial Services (NYDFS) released draft amendments (Draft Amendments) to its Part 500 Cybersecurity Regulation for financial service companies that, among others things: (1) contain significant changes regarding ransomware; (2) propose a new class comprising larger entities, which will be subject to increased obligations for their cybersecurity programs;

Eight national banking trade groups — the American Bankers Association, Consumer Bankers Association, Credit Union National Association, Housing Policy Council, Independent Community Bankers of America, National Association of Federally-Insured Credit Unions, National Bankers Association, and The Clearing House Association — petitioned the Consumer Financial Protection Bureau (CFPB) to extend its supervision to “data aggregators.” This

An amendment to the National Defense Authorization Act passed by the House in July would create a “systemically important entity” designation, applying new regulations and offering priority aid to certain critical infrastructure companies. But the American Bankers Association and Bank Policy Institute say the amendment as applied to financial institutions would duplicate existing regulations under

On March 1, the Consumer Financial Protection Bureau (CFPB) released a report highlighting the effect of medical collections on consumer credit reports. The CFPB found that medical collections tradelines appeared on 43 million credit reports, and past-due medical debt is more prevalent among Black and Hispanic individuals. That same month, the three nationwide consumer reporting

Please join Troutman Pepper Partners Kim Phan and James Kim as they discuss the firm’s expanded capabilities in the fintech world, recent compliance issues for fintech companies, the CFPB’s dormant authority to supervise certain nonbank entities and its potential impact on fintech companies, as well as the CFPB’s trend to name individuals in enforcement actions.

Kim Phan, a partner in the firm’s Privacy + Cybersecurity Practice Group, counsels fintech companies in federal and state privacy and data security statutes and regulations throughout product development, marketing, and implementation. Kim ranks high in Chambers and The Legal 500 for her privacy and data security work with fintech companies. As a partner in the Consumer Financial Services Practice Group, James Kim leverages his experience as a former CFPB senior enforcement attorney to provide the industry knowledge and expertise that fintechs and financial institutions require when launching new products or facing regulatory scrutiny. Chambers ranks James highly for his work in fintech and consumer finance enforcement and investigations.