Kim Phan

Washington, DC

Kim Phan counsels clients on privacy and data security law in areas including the Gramm-Leach-Bliley Act (GLBA), the Fair Credit Reporting Act (FCRA), the Telephone Consumer Protection Act (TCPA), and other federal and state privacy and data security statutes and regulations, including the California Consumer Privacy Act (CCPA). Her work in this area encompasses strategic planning and guidance for companies to incorporate privacy and data security considerations throughout product development, marketing, and implementation. She also assists companies with data breach prevention and response, including establishing effective data security programs prior to a breach and the assessment of breach response obligations following a breach.

Kim writes and speaks frequently about privacy and data security issues for a variety of industries, including consumer financial services, retail, hospitality, higher education, and utilities.


Representative Matters

Privacy & Data Security

  • Provided guidance to numerous companies in responding to security incidents and data breaches
  • Negotiated security requirements for a vendor agreement to provide cloud storage services
  • Counseled a major credit card company in establishing employee training on social media interactions with consumers
  • Conducted online behavioral advertising assessments of websites in order to update and enhance the online privacy policies of various financial institutions
  • Assisted a national lender in establishing a Gramm-Leach-Bliley Act Privacy Rule compliance program, including drafting annual privacy notices

Professional Highlights

Professional Activities

International Association of Privacy Professionals

American Bar Association, Consumer Financial Services Committee

National Asian Pacific American Bar Association-Asian Pacific American Bar Association, Financial Services Network

Recognition & Accomplishments

Chambers FinTech Legal USA, Data Protection & Cyber Security, 2020-2021

The Legal 500, Fintech, 2020-2021

Named a Top 50 Receivables Professionals of the Year by Receivables Advisor, 2019 

Recognized as one of the 25 Most Influential Women in Collections by Collection Advisor, 2016

Named to Lawyers of Color's Inaugural Hot List for 2013, recognizing 100 attorneys younger than 40

Speaking Engagements

"Compliance Considerations for your Websites and Online Resources," ACA webinar, June 24, 2021

"Social Media Opportunities and Pitfalls for Your Company—Setting Guardrails and Guidelines," ACA webinar, June 17, 2021

"Recent Federal and State Privacy/Data Security Developments," ACA webinar, June 10, 2021

"Data Protection and Privacy Challenges," Legal Issues & Regulatory Compliance Conference, Mortgage Bankers Association, May 26, 2021

Board Memberships & Community Service

Board Member and Immediate Past President, Vietnamese American Bar Association of the Greater Washington, D.C. Area (VABA-DC)

Board Member and Chair of the Social Committee, National Conference of Vietnamese American Attorneys


Kim is a frequent contributor to two Ballard Spahr blogs: CyberAdviser, focused on the latest news and developments in privacy and cybersecurity law, and Consumer Finance Monitor.

“Legal Frontiers in Digital Media,” MLRC Bulletin, Media Law Resource Center, June 2021

"NYDFS penalizes mortgage company for cyber breach," Ballard Spahr Consumer Finance Monitor blog, March 4, 2021

"FTC brings GLBA Safeguards Rule enforcement action against mortgage vendor," Ballard Spahr Consumer Finance Monitor blog, December 22, 2020



George Mason University, Antonin Scalia Law School (J.D. 2006)
Notes Editor, Federal Circuit Bar Journal
President, Student Bar Association
11th Circuit Lt. Governor, American Bar Association

University of Pennsylvania (B.A., cum laude, 2001)
Benjamin Franklin Scholar


District of Columbia


U.S. District Court for the Eastern District of Virginia

U.S. Supreme Court