Kim Phan counsels clients on privacy and data security law in areas including the Gramm-Leach-Bliley Act (GLBA), the Fair Credit Reporting Act (FCRA), the Telephone Consumer Protection Act (TCPA), and other federal and state privacy and data security statutes and regulations, including the California Consumer Privacy Act (CCPA). Her work in this area encompasses strategic planning and guidance for companies to incorporate privacy and data security considerations throughout product development, marketing, and implementation. She also assists companies with data breach prevention and response, including establishing effective data security programs prior to a breach and the assessment of breach response obligations following a breach.
Kim writes and speaks frequently about privacy and data security issues for a variety of industries, including consumer financial services, retail, hospitality, higher education, and utilities.
Privacy & Data Security
- Provided guidance to numerous companies in responding to security incidents and data breaches
- Negotiated security requirements for a vendor agreement to provide cloud storage services
- Counseled a major credit card company in establishing employee training on social media interactions with consumers
- Conducted online behavioral advertising assessments of websites in order to update and enhance the online privacy policies of various financial institutions
- Assisted a national lender in establishing a Gramm-Leach-Bliley Act Privacy Rule compliance program, including drafting annual privacy notices
- Assisted a major credit company in conducting a comprehensive unfair, deceptive, or abusive acts or practices (UDAAP) assessment of card member rewards programs.
- Represented a national consumer products retailer throughout the company's response to an FTC enforcement investigation, resulting in a "no-action" letter.
- Counseled a national consumer reporting agency in preparation for CFPB examination, including conducting risk assessments of consumer products and services, updating policies and procedures, and establishing a compliance management system to address federal consumer financial laws, including the FCRA.
- Submitted public comments on behalf of an industry trade association in response to the CFPB's proposed rule on larger participants in the debt collection market
International Association of Privacy Professionals
American Bar Association, Consumer Financial Services Committee
National Asian Pacific American Bar Association-Asian Pacific American Bar Association, Financial Services Network
Recognition & Accomplishments
Chambers FinTech Legal USA, Data Protection & Cyber Security, 2020-2021
The Legal 500, Fintech, 2020
Named a Top 50 Receivables Professionals of the Year by Receivables Advisor, 2019
Recognized as one of the 25 Most Influential Women in Collections by Collection Advisor, 2016
Named to Lawyers of Color's Inaugural Hot List for 2013, recognizing 100 attorneys younger than 40
"The Age of Consent: Managing Consumer Communication Preferences in a Clear and Conspicuous Way," ACA IGNITE, March 25, 2021
“Use of Connected Car Data by Auto Finance Companies," 2021 Vehicle Finance Conference, Operations and Regulatory Compliance Committee Meeting, American Financial Services Association, February 18, 2021
"FCRA & Covid-19: Legislation & Regulatory Update," Risk & BSA Conference, CCUL Risk Management Resources, January 8, 2021
"What to Expect in 2021: Privacy and Data Security," Ballard Spahr webinar, January 8, 2021
"ACA Huddle CFPB Rule Series Part Two: Credit Reporting 101," ACA International, January 6, 2021
Board Memberships & Community Service
Board Member and Immediate Past President, Vietnamese American Bar Association of the Greater Washington, D.C. Area (VABA-DC)
"NYDFS penalizes mortgage company for cyber breach," Ballard Spahr Consumer Finance Monitor blog, March 4, 2021
"FTC brings GLBA Safeguards Rule enforcement action against mortgage vendor," Ballard Spahr Consumer Finance Monitor blog, December 22, 2020
Co-author, "Federal Agencies Consider Requiring Reporting of Computer Security Incident," Ballard Spahr CyberAdviser blog, December 21, 2020
George Mason University, Antonin Scalia Law School (J.D. 2006)
Notes Editor, Federal Circuit Bar Journal
President, Student Bar Association
11th Circuit Lt. Governor, American Bar Association
University of Pennsylvania (B.A., cum laude, 2001)
Benjamin Franklin Scholar
District of Columbia
U.S. District Court for the Eastern District of Virginia
U.S. Supreme Court