CPX26 AGENDA

The BBB's Relationship with State and Federal Regulators

Very often overlooked in the compliance arena is the role the BBB plays in providing information and otherwise cooperating with state and federal regulators as it relates to various consumer protection investigations or enforcement actions. While the BBB is a private, nonprofit organization and not a government agency, it does cooperate and share information with state and federal regulators to assist such regulators in their consumer protection initiatives. Attendees will learn the tactics needed to best optimize their standing with the BBB, lowering the likelihood of the BBB drawing the attention of regulators to such a company.

Beyond Consent: Operationalizing AI Governance in Marketing and Data Privacy Programs

As AI technologies become embedded in marketing and data-driven decision-making, organizations face mounting pressure to ensure responsible use of personal data. This session will explore how companies can move beyond checkbox compliance to build AI governance frameworks that integrate with existing privacy and security programs. Drawing from real-world examples and regulatory trends, we will outline:

• How AI intersects with marketing compliance and consumer privacy rights
• Key risks posed by AI in profiling, personalization, and automated decision-making
• Strategies for updating privacy notices, consent flows, and DSAR processes to reflect AI use
• Building cross-functional governance models that align legal, marketing, and IT teams
• Practical steps to prepare for emerging regulations like the EU AI Act and U.S. state laws

Attendees will leave with actionable insights on how to operationalize responsible AI in a way that supports innovation while mitigating legal and reputational risks. This session is ideal for professionals navigating the intersection of marketing, compliance, and emerging technologies.

Data Breach Response and the Impact on Class Actions

The number of class actions filed against companies following a data breach or attack has increased dramatically over the last few years. With the risk of suffering a data event and facing follow-on class action litigation at an all-time high, it is imperative that companies be prepared with a coordinated response and strategy. Relying on real world examples, this session will focus on steps to take during the initial breach response that can mitigate litigation and regulatory risk and exposure down the road.

Beyond the Checkbox: Smarter Tech Vendor Selection and Oversight

In an era of escalating regulatory scrutiny and third-party risk, selecting and overseeing technology vendors is no longer a procurement exercise; it’s a compliance imperative. This session will equip attendees with a practical framework for evaluating vendors through a privacy and security lens, grounded in real-world due diligence questions that go beyond standard checklists. The session will explore sample questions that reveal maturity in data governance, AI use, and subcontractor controls, and suggest oversight strategies post-contract from audit rights to breach notification triggers. Attendees will leave with a toolkit of actionable questions and oversight practices that can be adapted to any vendor lifecycle stage.

Ask the Attorney Panel

Marketing Compliance Regulatory Update

2025 was a busy year from a regulatory standpoint. There were a lot of starts and stops at the federal level including the Click-to-Cancel Rule being vacated, the One-to-One Consent Rule being struck down, and the McLaughlin decision opened up the TCPA for interpretation by the courts. At the state level, Texas SB140 went into effect and then was quickly clarified, and the Washington Commercial Electronic Mail Act drove litigation.

Join us for this session where will review the impact of these key changes in 2025 and discuss what should be on your radar for the rest of 2026 including:

• The FCC’s NPRM on caller ID, STIR/SHAKEN, and Potential Rule Changes
• The recent delay of the FCC’s Revoke-All rule
• Potential changes at the state level that could lead to enforcement

TCPA Litigation Trends and NPRM Review

AI Considerations for Customer Interactions

AI adoption continues at an incredible rate. Companies are implementing AI in a variety of areas including using it to support customer interactions. While the benefits of AI are powerful, there are risk and compliance factors that companies must consider. During the session we will look at how AI is being used to support customer interactions and highlight the potential risks associated with the technology including:

• AI Generated Voice and Video
• AI Text
• AI Chat
• AI Call Recording Analysis

Lessons Learned from False Advertising Class Actions

False advertising lawsuits continue to test how companies make claims about their products and services. These cases often hinge on what a “reasonable consumer” would believe and how evidence like surveys and expert testimony shapes outcomes. Our panel will explore the latest trends, highlight common pitfalls, and share practical steps to reduce risk, strengthen defenses, and resolve disputes efficiently.

The panel will cover:

• What courts are focusing on: how courts assess whether claims are misleading, and how evidence—like consumer surveys and expert testimony—affects early motions and class certification.
• Common trouble spots: environmental/sustainability statements, “Made in USA” claims, pricing and discount practices, and health/performance representations across websites, emails, and social media.
• Preventing lawsuits: steps to support claims with solid proof, write clear disclosures, and oversee content from customers or paid promoters to avoid misleading messages.
• Defending and settling cases: approaches for early challenges, managing experts and damages theories (e.g., “price‑premium”), and negotiating practical fixes to marketing practices.