Kim Phan

Washington, DC

Kim Phan counsels clients on privacy and data security law in areas including the Gramm-Leach-Bliley Act (GLBA), the Fair Credit Reporting Act (FCRA), the Telephone Consumer Protection Act (TCPA), and other federal and state privacy and data security statutes and regulations, including the California Consumer Privacy Act (CCPA). Her work in this area encompasses strategic planning and guidance for companies to incorporate privacy and data security considerations throughout product development, marketing, and implementation. She also assists companies with data breach prevention and response, including establishing effective data security programs prior to a breach and the assessment of breach response obligations following a breach.

Kim writes and speaks frequently about privacy and data security issues for a variety of industries, including consumer financial services, retail, hospitality, higher education, and utilities.


Representative Matters

Privacy & Data Security

  • Provided guidance to numerous companies in responding to security incidents and data breaches
  • Negotiated security requirements for a vendor agreement to provide cloud storage services
  • Counseled a major credit card company in establishing employee training on social media interactions with consumers
  • Conducted online behavioral advertising assessments of websites in order to update and enhance the online privacy policies of various financial institutions
  • Assisted a national lender in establishing a Gramm-Leach-Bliley Act Privacy Rule compliance program, including drafting annual privacy notices

Professional Highlights

Professional Activities

International Association of Privacy Professionals

American Bar Association, Consumer Financial Services Committee

National Asian Pacific American Bar Association-Asian Pacific American Bar Association, Financial Services Network

Recognition & Accomplishments

Chambers FinTech Legal USA, Data Protection & Cyber Security, 2020-2021

The Legal 500, Fintech, 2020-2021

Named a Top 50 Receivables Professionals of the Year by Receivables Advisor, 2019 

Recognized as one of the 25 Most Influential Women in Collections by Collection Advisor, 2016

Named to Lawyers of Color's Inaugural Hot List for 2013, recognizing 100 attorneys younger than 40

Speaking Engagements

"Cybersecurity for the Student Loan Industry: Preventing and Responding to Incidents," Education Finance Council, September 28, 2021

"Legal Update: Identity & Access Management," CISO Executive Network, Philadelphia Chapter, September 22, 2021

"Data Privacy and Security," Mortgage Bankers Association, Regulatory Compliance Conference, September 13, 2021

Board Memberships & Community Service

Board Member and Immediate Past President, Vietnamese American Bar Association of the Greater Washington, D.C. Area (VABA-DC)

Board Member, past Chair of the Social Committee, Secretary for the 2021-2022 Board, National Conference of Vietnamese American Attorneys


Kim is a frequent contributor to two Ballard Spahr blogs: CyberAdviser, focused on the latest news and developments in privacy and cybersecurity law, and Consumer Finance Monitor.

Co-author, "Five Outsourcing Tips for the ARM Industry," RMAI Insights Magazine, October 2021

“Legal Frontiers in Digital Media,” MLRC Bulletin, Media Law Resource Center, June 2021

"Credit Reporting: Adapting to Regulatory Expectations," RMA Insights, Fall 2017



George Mason University, Antonin Scalia Law School (J.D. 2006)
Notes Editor, Federal Circuit Bar Journal
President, Student Bar Association
11th Circuit Lt. Governor, American Bar Association

University of Pennsylvania (B.A., cum laude, 2001)
Benjamin Franklin Scholar


District of Columbia


U.S. District Court for the Eastern District of Virginia

U.S. Supreme Court