CPX26 AGENDA

Practical Best Practices for Privacy Compliance

This session will cut through the noise to provide real talk about prioritizing, building, and refining your privacy program that is right sized to risk and resources. In particular, of all the state privacy enforcement actions that have occurred in the past two years, an outsized emphasis continues to focus on targeted and personalized advertising and non-compliance related to these activities. The discussion will walk through common mistakes and some less well-known ones, and how to address them (and minimize your CIPA wiretapping risk while you're at it). The discussion will then turn to other common enforcement issues and mitigation measures, from sensitive data and inferences, to privacy notices and rights, as well as big picture practical approaches for both engaging with your business teams and how to effectively demonstrate a strong privacy compliance story inside and out and how to adjust that messaging to have the most impact for your audience.

CCPA Cyber Audits: What to Do and Why You Have Less Time Than You Think

The California Privacy Protection Agency’s updated CCPA regulations introduce new cybersecurity audit requirements that significantly raise the bar for organizational security and governance. These changes require covered businesses to move beyond high-level policies and demonstrate mature, risk-based cybersecurity programs that can withstand regulatory scrutiny.

This session provides a practical, implementation-focused overview of the new cybersecurity audit requirements under the updated CCPA regulations. Attendees will gain clarity on which organizations are in scope, what regulators are likely to expect from an audit, and how to align existing security, privacy, and compliance efforts to meet the new standards efficiently.

Data Breach Response and the Impact on Class Actions

The number of class actions filed against companies following a data breach or attack has increased dramatically over the last few years. With the risk of suffering a data event and facing follow-on class action litigation at an all-time high, it is imperative that companies be prepared with a coordinated response and strategy. Relying on real world examples, this session will focus on steps to take during the initial breach response that can mitigate litigation and regulatory risk and exposure down the road.

Beyond Consent: Operationalizing AI Governance in Marketing and Data Privacy Programs

As AI technologies become embedded in marketing and data-driven decision-making, organizations face mounting pressure to ensure responsible use of personal data. This session will explore how companies can move beyond checkbox compliance to build AI governance frameworks that integrate with existing privacy and security programs. Drawing from real-world examples and regulatory trends, we will outline:

• How AI intersects with marketing compliance and consumer privacy rights
• Key risks posed by AI in profiling, personalization, and automated decision-making
• Strategies for updating privacy notices, consent flows, and DSAR processes to reflect AI use
• Building cross-functional governance models that align legal, marketing, and IT teams
• Practical steps to prepare for emerging regulations like the EU AI Act and U.S. state laws

Attendees will leave with actionable insights on how to operationalize responsible AI in a way that supports innovation while mitigating legal and reputational risks. This session is ideal for professionals navigating the intersection of marketing, compliance, and emerging technologies.

The BBB's Relationship with State and Federal Regulators

Very often overlooked in the compliance arena is the role the BBB plays in providing information and otherwise cooperating with state and federal regulators as it relates to various consumer protection investigations or enforcement actions. While the BBB is a private, nonprofit organization and not a government agency, it does cooperate and share information with state and federal regulators to assist such regulators in their consumer protection initiatives. Attendees will learn the tactics needed to best optimize their standing with the BBB, lowering the likelihood of the BBB drawing the attention of regulators to such a company.

Ask the Attorney Panel

In this interactive session, get real answers to your toughest marketing compliance and data privacy questions straight from the attorneys who shape the industry.

Marketing Compliance Regulatory Update

2025 was a busy year from a regulatory standpoint. There were a lot of starts and stops at the federal level including the Click-to-Cancel Rule being vacated, the One-to-One Consent Rule being struck down, and the McLaughlin decision opened up the TCPA for interpretation by the courts. At the state level, Texas SB140 went into effect and then was quickly clarified, and the Washington Commercial Electronic Mail Act drove litigation.

Join us for this session where will review the impact of these key changes in 2025 and discuss what should be on your radar for the rest of 2026 including:

• The FCC’s NPRM on caller ID, STIR/SHAKEN, and Potential Rule Changes
• The recent delay of the FCC’s Revoke-All rule
• Potential changes at the state level that could lead to enforcement

Text Messages – Why is This So Complicated?

Over the past few years, wireless carriers have started enforcing rules related to text messaging and they have also created rules for 10DLC. During this session we will discuss:

• How did we get here? Why have the carriers gone above and beyond what the law requires?
• What is 10DLC compliance?
• What types of information should companies expect to provide to get their campaigns approved?
• Why should you stop using the term deliverability regarding text messages?
• How can companies maximize the ROI of their text message campaigns?

AI Considerations for Customer Interactions

AI adoption continues at an incredible rate. Companies are implementing AI in a variety of areas including using it to support customer interactions. While the benefits of AI are powerful, there are risk and compliance factors that companies must consider. During the session we will look at how AI is being used to support customer interactions and highlight the potential risks associated with the technology including:

• AI Generated Voice and Video
• AI Text
• AI Chat
• AI Call Recording Analysis

TCPA Litigation Trends and NPRM Review

Lessons Learned from False Advertising Class Actions

False advertising lawsuits continue to test how companies make claims about their products and services. These cases often hinge on what a “reasonable consumer” would believe and how evidence like surveys and expert testimony shapes outcomes. Our panel will explore the latest trends, highlight common pitfalls, and share practical steps to reduce risk, strengthen defenses, and resolve disputes efficiently.

The panel will cover:

• What courts are focusing on: how courts assess whether claims are misleading, and how evidence—like consumer surveys and expert testimony—affects early motions and class certification.
• Common trouble spots: environmental/sustainability statements, “Made in USA” claims, pricing and discount practices, and health/performance representations across websites, emails, and social media.
• Preventing lawsuits: steps to support claims with solid proof, write clear disclosures, and oversee content from customers or paid promoters to avoid misleading messages.
• Defending and settling cases: approaches for early challenges, managing experts and damages theories (e.g., “price‑premium”), and negotiating practical fixes to marketing practices.