Bio

Kim Phan is a privacy, data security, and regulatory compliance attorney who provides strategic guidance to companies throughout their business cycle. From product development, marketing, and implementation to breach prevention and response, she provides practical and forward-thinking advice that helps clients to mitigate risk and achieve their goals. Kim has worked with clients across all major industry sectors, and offers particular depth in consumer financial services, retail, hospitality, higher education, and energy. Kim provides comprehensive advice on federal and state privacy and data security statutes and regulations, helping organizations to incorporate privacy and data security best practices throughout all aspects of their business, including the development and deployment of artificial intelligence. Her experience ranges from helping clients establish effective data governance programs to preparing for, assessing, and responding to data breaches. With an extensive background in e-commerce and mobile issues, Kim regularly counsels clients on updating and enhancing website privacy policies, adapting website functions for accessibility in compliance with the Americans with Disabilities Act (ADA), and establishing employee training on social media interactions with consumers. Kim’s regulatory compliance practice centers on helping clients with a wide range of state and federal investigations, enforcement actions, and other interactions. She regularly handles matters involving the Consumer Financial Protection Bureau (CFPB), the Federal Trade Commission (FTC), and other federal regulatory agencies. Kim has successfully represented multiple national companies through the FTC investigatory process, resulting in “no-action” letters, and has counseled clients through state attorneys general and departments of consumer protection investigations.