Photo of Kim Phan

Kim is a privacy and data security lawyer who counsels companies in federal and state privacy and data security statutes and regulations. Her work encompasses strategic planning and guidance for companies to incorporate privacy and data security considerations throughout product development, marketing, and implementation.

When using artificial intelligence (AI) or complex credit models, can lenders rely on the checklist of reasons provided in Regulation B sample forms for adverse action notices? According to today’s guidance issued by the Consumer Financial Protection Bureau (CFPB or Bureau), the answer to that question is, in many circumstances, no.

Join us for the second episode in a special three-part series covering the CFPB’s intention to propose new rules under the Fair Credit Reporting Act (FCRA). In this episode, Troutman Pepper Partners Chris Willis, Dave Gettings, Kim Phan, Ron Raether, and Ethan Ostroff discuss the regulation of credit header data and the potential impact on

Join us for the second episode in a special three-part series covering the CFPB’s intention to propose new rules under the Fair Credit Reporting Act (FCRA). In this episode, Troutman Pepper Partners Chris Willis, Dave Gettings, Kim Phan, Ron Raether, and Ethan Ostroff discuss the regulation of credit header data and the potential impact on the FCRA and consumer reporting agencies, as well as users and data brokers.

Join us for the first episode in a special three-part series covering the CFPB’s intention to propose new rules under the Fair Credit Reporting Act (FCRA). In this episode, Troutman Pepper Partners Chris Willis, Dave Gettings, Ethan Ostroff, and Kim Phan explore the historical events that led us to this point, the next steps in the rulemaking process, the expected timeline for a final rule, how the CFPB is coordinating with the FTC and other regulators, and the expected proposed rulemaking regarding credit header data and data brokers.

Join us for the first episode in a special three-part series covering the CFPB’s intention to propose new rules under the Fair Credit Reporting Act (FCRA). In this episode, Troutman Pepper Partners Chris Willis, Dave Gettings, Ethan Ostroff, and Kim Phan explore the historical events that led us to this point, the next steps in the rulemaking process, the expected timeline for a final rule, how the CFPB is coordinating with the FTC and other regulators, and the expected proposed rulemaking regarding credit header data and data brokers.

In this episode of The Crypto Exchange, Troutman Pepper Partner Ethan Ostroff welcomes his colleagues Kim Phan and Addison Morgan to discuss the recent enforcement actions brought by the Federal Trade Commission (FTC) against Celsius Network and its co-founders. In addition to permanently banning Celsius Network from consumers’ assets, the FTC also fined the company a near record-breaking $4.7 billion.

At a White House Roundtable on protecting Americans from allegedly harmful “data broker” practices, Consumer Financial Protection Bureau (CFPB or Bureau) Director Rohit Chopra announced the Bureau’s intention to expand the reach of the Fair Credit Reporting Act (FCRA) to data brokers. He stated, “Next month, the CFPB will publish an outline of proposals and alternatives under consideration for a proposed rule. We’ll soon hear from small businesses, which will help us craft the rule.”

Please join Troutman Pepper Partner Chris Willis and his colleague Kim Phan as they discuss the new California Privacy Rights Act (CPRA) and the creation of the California Privacy Protection Agency (CPPA), California’s first state agency focused exclusively on privacy. They also dive into the CPPA’s recent amendments to the California Consumer Privacy Act (CCPA), discussing the timeline, overview, and technical guidance for companies. And with 23 topical areas of regulation — what we can expect from the CPRA’s next set of rules.

Do companies that use workplace surveillance tools to make hiring and firing decisions risk violating the Fair Credit Reporting Act (FCRA)? According to the Consumer Financial Protection Bureau (CFPB or Bureau) in a recent comment, the answer to that question is yes. The Bureau’s official comment comes in response to a request for information

Please join Troutman Pepper Partners Chris Willis and Kim Phan for an in-depth discussion about the Securities and Exchange Commission’s (SEC’s) recent record retention enforcement actions. Chris and Kim explore the uptick in enforcement actions over the last year, the claims made in these cases, the SEC-imposed requirements and penalties on these companies, what we can expect going forward from the financial services regulators, and what financial institutions should do now to get ahead of these types of enforcement actions.