Kim Phan

Connect: Read more about Kim Phan
Firm/Organization: Ballard Spahr LLP
Blogs: Consumer Finance Monitor, CyberAdviser, Health Care Reform Dashboard

Latest Articles

Following the speedy enactment of the California Consumer Privacy Act (CCPA or Act) in June 2018, business and consumer advocates alike have been pressuring California lawmakers to clarify the many ambiguities raised by the Act’s sweeping requirements. California lawmakers recently responded to these calls for greater clarity by proposing a slate of amendments to address some of the more controversial provisions of the CCPA, including the definition of “personal information”, requirements regarding information sharing, and…
The Denmark Data Protection Authority (DPA) ruled on April 11, 2019 that affirmative consent is required when companies record customer telephone calls. Because voice recordings constitute personal data under the European Union’s (EU) General Data Protection Regulation (GDPR), international companies that communicate via telephone with EU customers will need to take steps to ensure GDPR compliance. In this case, Denmark’s largest telecommunications company, TDC A/S, provided disclosures to its customers that calls may be recorded…
The decision last week by the U.S. Court of Appeals for the D.C. Circuit on petitions seeking review of the Federal Communications Commission’s 2015 Declaratory Ruling and Order implementing the Telephone Consumer Protection Act (TCPA) represents a partial victory for the industry. In the decision, the D.C. Circuit reversed the FCC’s guidance on the definition of an automatic telephone dialing system going back to 2003, leaving only the TCPA’s statutory definition. That definition does not, on…
On February 28th, the Federal Trade Commission (FTC) released a report that offers several recommendations on ways to improve the security of mobile devices. In a press release accompanying the report, Tom Pahl, the Acting Director of the FTC’s Bureau of Consumer Protection, stated that “more needs to be done to make it easier for consumers to ensure their devices are secure.” The FTC’s recommendations center around the ongoing need to patch vulnerabilities. However, the complexity of the…
Lyft recently confirmed that it is investigating whether its employees were accessing its customer database without appropriate authorization to obtain personal information, including rides taken by Facebook CEO Mark Zuckerberg. The investigation was announced less than six months after Uber entered into a Federal Trade Commission (FTC) consent order to resolve allegations of similar behavior by its own employees. The investigation demonstrates the importance of revisiting internal compliance measures in the wake of legal developments…
Last week, the Office of the Comptroller of the Currency (OCC) released its semiannual risk report highlighting credit, operational, and compliance risks to the federal banking system. The report focuses on issues that pose threats to those financial institutions regulated by the OCC and is intended to be used as a resource by those financial institutions to address the key concerns identified by the OCC. Specifically, the OCC placed cybersecurity and anti-money laundering (AML) issues among the…
The FTC has released its annual report summarizing its activity during 2017 relating to privacy and data security issues.  In its self-declared role as “the nation’s primary privacy and data security enforcer,” the FTC outlines 10 privacy cases and 4 data security cases that it brought in 2017, including Uber Technologies (transportation service), Vizio (television manufacturer), Blue Global (lead generator), Upromise (college rewards program), ACDI Group (an alleged debt buyer), TaxSlayer (tax preparation service), and…