Photo of Kim Phan

Kim Phan

Subscribe to Kim Phan's Posts

Kim is a partner in the firm’s Privacy + Cyber Practice Group, where she is a privacy and data security attorney, who also assists companies with data breach prevention and response, including establishing effective security programs prior to a data breach and the assessment of breach response obligations following a breach.

Follow:Read more about Kim PhanKim's Linkedin Profile

On December 9, the Consumer Financial Protection Bureau (CFPB or Bureau) announced the launch of a rulemaking process addressing credit reporting on survivors of domestic violence, elder abuse, and other forms of financial abuse.

On December 3, the Consumer Financial Protection Bureau (CFPB or Bureau) issued a proposed rule for public comment aimed at amending Regulation V, which implements the Fair Credit Reporting Act (FCRA). The proposed rule seeks to redefine (and, in some cases, rewrite) key terms and provisions within the FCRA, particularly focusing on the activities of purported “data brokers.”

In this episode of FCRA Focus, hosts Kim Phan and Dave Gettings welcome Mark Furletti, co-leader of Troutman Pepper’s Consumer Financial Services Regulatory practice. Mark shares his extensive knowledge on the Fair Credit Reporting Act (FCRA) and provides practical advice on how companies, especially fintechs, can operate without becoming a consumer reporting agency (CRA) under the FCRA. The discussion delves into the intricate definitions within the FCRA, common pitfalls, and best practices. Tune in to learn how to navigate the regulatory landscape and mitigate risks associated with consumer report information. Don’t miss this insightful conversation packed with tips and real-world examples.

In this episode of The Consumer Finance Podcast, Chris Willis is joined by Partner Kim Phan to discuss the latest cybersecurity guidance from the New York Department of Financial Services (NYDFS) concerning artificial intelligence (AI). Released on October 16, this guidance addresses the growing cybersecurity threats posed by AI and provides insights on how financial institutions can mitigate these risks. Kim and Chris delve into the specifics of the guidance, including the expectations for risk assessments, the importance of monitoring AI usage, and practical steps for enhancing cybersecurity measures. They also highlight the dual perspective of AI risks from both external threat actors and internal vulnerabilities, and discuss the potential benefits of integrating AI into cybersecurity strategies. Tune in to gain a comprehensive understanding of how to navigate these new guidelines and stay ahead in the evolving landscape of cybersecurity.

On October 16, the New York State Department of Financial Services (NY DFS) issued an industry letter to entities regulated by NY DFS (covered entities) providing guidance addressing the cybersecurity risks associated with the use of artificial intelligence (AI). The guidance purportedly aims to assist covered entities in understanding and assessing cybersecurity risks associated with threats arising from the use of AI by cybercriminals and the controls that may be used to mitigate those risks. The NY DFS emphasizes that this new guidance does not impose any new requirements on covered entities, but rather it provides an outline for meeting existing compliance obligations under the NY DFS Cybersecurity Regulation, 23 NYCRR Part 500, in light of the advancements in AI technology.

Yesterday, the Consumer Financial Protection Bureau (CFPB or Bureau) issued its final rule on personal financial data rights, purportedly aimed at enhancing consumer control over their financial data and promoting competition in the financial services industry. According to the Bureau’s press release, “[t]he rule requires financial institutions, credit card issuers, and other financial providers to unlock an individual’s personal financial data and transfer it to another provider at the consumer’s request for free… help[ing] lower prices on loans and improve customer service across payments, credit, and banking markets.” Later that same day, a complaint was filed challenging the Bureau’s authority.

On September 24, the Consumer Financial Protection Bureau (CFPB or Bureau) announced a significant development in its efforts to implement open banking rules in the United States. The Bureau has initiated a public comment process for the first application from an organization seeking recognition as an open banking standard-setter.

Join Kim Phan, co-host of the Troutman Pepper podcast, FCRA Focus, as she welcomes special guests from the Credit Builders Alliance (CBA). In this episode, Chief Technical Officer Elisabeth Johnson-Crawford and Manager of Bureau Services Arinze Nwadiogbu, share their insights on the challenges and strategies for smaller entities in credit reporting. Learn about the benefits of credit reporting, the legal risks involved, and the comprehensive support CBA provides to its nonprofit members. From initial setup to ongoing compliance, discover how CBA helps organizations navigate the complexities of the credit reporting system. Tune in for an in-depth discussion on FCRA compliance, alternative data, and more. Don’t miss this informative episode packed with valuable advice and practical solutions for credit reporting success.

In this episode of The Consumer Finance Podcast, Chris Willis is joined by privacy Partner Kim Phan and Rami Haddad, deputy general counsel at PRA Group. This episode delves into a range of emerging privacy issues impacting the financial services industry. The discussion covers the evolving landscape of state privacy laws, the implications of the new Colorado AI law, and the challenges posed by online tracking technologies. The episode also highlights recent updates to the FTC’s Gramm-Leach-Bliley Act Safeguards Rule and explores the ramifications of a recent SEC enforcement case related to cybersecurity. Tune in for an insightful conversation on how these developments are shaping the regulatory environment for financial institutions.

In this special crossover episode of The Consumer Finance Podcast and FCRA Focus, host Kim Phan is joined by fellow Troutman Pepper partner Stefanie Jackman and Michelle Macartney, managing partner and chief compliance officer at Bridgeforce. Together, they delve into the complexities of reporting collections activity to consumer reporting agencies. Michelle shares her extensive experience in consumer reporting compliance, offering valuable insights into the challenges and best practices for maintaining data accuracy and handling disputes. The discussion also covers the latest CFPB draft rulemaking on medical debt and its implications for consumer reporting agencies, end users, and furnishers. Tune in to learn how to navigate the intersection of FCRA and debt collection as well as discover effective compliance strategies to mitigate risks in today’s regulatory environment. Don’t miss this informative episode packed with practical tips and industry updates!