Events

Loading Events

« All Events

Privacy + AI Lab

October 10 @ 9:00 am 6:00 pm

Privacy + AI Lab

Presented by the CLA Privacy Law Section

Where: The Faculty Club, UC Berkeley, Minor Ln, Berkeley, CA 94720

When: October 10, 2025

Earn up to 6.0 Hours of MCLE. Includes 6.0 Hours Technology in the Practice of Law. 

This interactive, full-day conference is designed for senior privacy and AI practitioners. In partnership with the BCLT and hosted at the prestigious UC Berkeley Faculty Club, this event provides a unique opportunity to engage in advanced legal topics.

Through a series of hands-on workshops led by expert facilitators, attendees will participate in practical, innovative, and cross-functional discussions on critical areas such as risk assessments, cybersecurity audits, AI, and ADMT regulations. The conference is designed to equip professionals with actionable insights and best practices to navigate the evolving privacy and AI law landscape globally. Additionally, attendees will receive certifications of participation.

Join us for a day of in-depth learning, networking with industry leaders, and engaging in critical thinking to tackle real-world scenarios and develop effective solutions.

Schedule | AccommodationsSponsorship | SponsorPricing

Schedule

8:00 a.m. – 9:00 a.m. | Registration and Breakfast

Session 1 | Concurrent Sessions

9:00 a.m. – 10:30 a.m. | Concurrent Session | Privacy Tabletop: Responding to a Mobile SDK Inquiry
1.5 Hours MCLE; 1.5 Hours Technology in the Practice of Law

In this interactive, scenario-based workshop, participants will take part in a live tabletop simulation centered around a privacy inquiry involving a third-party SDK integrated into a company’s mobile app. Designed to mirror real-world dynamics, the exercise challenges attendees to navigate cross-functional roles spanning legal, compliance, and business teams.

As the situation evolves in real time, small groups will assess regulatory and reputational risks, make key response decisions, and collaborate to present a coordinated action plan. This workshop emphasizes strategic thinking, internal alignment, and practical problem-solving in the face of emerging third-party data risks.

Speakers:

  • Andrew Folks
  • Daniel M. Goldberg
9:00 a.m. – 10:30 a.m. | Concurrent Session | Practical Guide to Managing AI Disputes and Government Investigations
1.5 Hours MCLE; 1.5 Hours Technology in the Practice of Law

Participants will engage in interactive case studies and scenario-based discussions to discuss the key takeaways from notable AI disputes and government investigations and walk away with a checklist and a sample risk framework to: (A) identify the AI litigation and government investigations risks and (B) action on compliance, governance and business operations changes to reduce litigation and regulatory risks.

Speakers:

  • Stacey Schesser
  • Jeewon Serrato
9:00 a.m. – 10:30 a.m. | Concurrent Session | Navigating Regulatory Audits: Children’s Data
1.5 Hours MCLE; 1.5 Hours Technology in the Practice of Law

This interactive workshop will explore regulatory frameworks governing children’s data, with a focus on the European Union and United Kingdom, while identifying global trends in regulator approaches. Participants will review GDPR Article 8 on children’s consent, the UK’s Age Appropriate Design Code (AADC), and emerging international themes in youth data protection.

To apply these concepts in practice, attendees will examine a fictional mobile app to identify compliance gaps and align them with specific regulatory expectations. The session will also highlight enforcement trends from the UK Information Commissioner’s Office (ICO) and other global regulators, helping participants anticipate areas of scrutiny and strengthen their child-focused privacy programs.

Speakers:

  • Chris Jeffery
  • Dajin Lie
  • Lucy Lyons
9:00 a.m. – 10:30 a.m. | Concurrent Session | A Comparison of Privacy Disputes and Investigations: Health Data Case Studies, Common Areas of Risk and Key Mitigation Strategies
1.5 Hours MCLE; 1.5 Hours Technology in the Practice of Law

This interactive workshop will guide participants through real-world enforcement scenarios and litigation risks related to health data practices. Through scenario-based discussions, breakout sessions, and live polling, attendees will examine recent enforcement actions from the Office for Civil Rights (OCR), the Federal Trade Commission (FTC), and various state regulators.

The session will compare regulatory focus areas across jurisdictions and provide strategic insights for navigating the complex U.S. enforcement landscape. Participants will also discuss approaches for harmonizing health data practices in light of evolving regulatory expectations, ensuring compliant and defensible data collection, use, and disclosure frameworks.

Speakers:

  • Jennifer Mitchell
  • Lynn Sessions

Session 2 | Concurrent Sessions

10:40 a.m. – 12:10 p.m. | Concurrent Session | Privacy Risk Assessments in the Real World: Health Advertising Case Studies
1.5 Hours MCLE; 1.5 Hours Technology in the Practice of Law

This advanced-level workshop is tailored for seasoned privacy professionals seeking to benchmark and refine their risk assessment practices across global regulatory frameworks, including EU/UK GDPR DPIAs and U.S. assessment requirements. Operating under Chatham House Rule, the session fosters open, candid peer-to-peer discussion.

Prior to the workshop, participants will be asked to submit sanitized examples of real-world privacy assessments. Facilitators will analyze these submissions to develop a set of “Assessment Study Results,” which will highlight key trends, challenges, and best practices from across the cohort.

During the session, participants will engage in guided discussion of the study findings, share personal insights, and explore practical strategies for navigating assessment hurdles. Attendees will leave with study materials, benchmarking data, and the opportunity to contribute to a forthcoming article in CLA’s Privacy Journal.

Speakers:

  • Aaron Burstein
  • Chris Tarbell
10:40 a.m. – 12:10 p.m. | Concurrent Session | How to Conduct an AIMLIA: A Hands‑On Workshop for AI/ML Impact Assessments
1.5 Hours MCLE; 1.5 Hours Technology in the Practice of Law

This interactive workshop walks participants step‑by‑step through conducting an AI/ML Impact Assessment (AIMLIA)—a structured framework for identifying legal, ethical, and operational risks in machine learning systems. Designed for attorneys, privacy professionals, and in‑house counsel, the session demystifies AI risk reviews by applying the AIMLIA method to a live mock use case.

Participants will explore how to identify and mitigate red flags, align system components with U.S. legal frameworks (such as CCPA/CPRA, GLBA, and FTC guidance), and address cross‑border compliance obligations under the EU AI Act and GDPR. The session focuses on translating regulatory expectations into practical workflows—building defensible records, flagging risks early, and communicating findings to both legal and technical teams.

This is a workshop for people who want to do the work—not just talk about it.

Speakers:

  • Joshua Heiman
  • Chiara Wirz
10:40 a.m. – 12:10 p.m. | Concurrent Session | Privacy Risk Assessment Study
1.5 Hours MCLE; 1.5 Hours Technology in the Practice of Law

This advanced-level workshop is tailored for seasoned privacy professionals seeking to benchmark and refine their risk assessment practices across global regulatory frameworks, including EU/UK GDPR DPIAs and U.S. assessment requirements. Operating under Chatham House Rule, the session fosters open, candid peer-to-peer discussion.

Prior to the workshop, participants will be asked to submit sanitized examples of real-world privacy assessments. Facilitators will analyze these submissions to develop a set of “Assessment Study Results,” which will highlight key trends, challenges, and best practices from across the cohort.

During the session, participants will engage in guided discussion of the study findings, share personal insights, and explore practical strategies for navigating assessment hurdles. Attendees will leave with study materials, benchmarking data, and the opportunity to contribute to a forthcoming article in CLA’s Privacy Journal.

Speakers:

  • Linsey Krolik
  • Jennifer Sheridan
10:40 a.m. – 12:10 p.m. | Concurrent Session | Mind the Risk Gap: Building and Balancing DPIA and Risk Assessment Requirements
1.5 Hours MCLE; 1.5 Hours Technology in the Practice of Law

In an increasingly complex risk landscape, standardized risk assessments fall short. This interactive workshop empowers participants to craft risk assessment requirements uniquely suited to their organization’s needs. By examining a variety of frameworks, methodologies, and industry best practices, attendees will gain insight into what approaches succeed, which fall short, and the reasons behind their effectiveness.

Speakers:

  • James Fenelon
  • Felix Hilgert
12:25 p.m. – 1:25 p.m. | Lunch

Session 3 | Concurrent Sessions

1:35 p.m. – 3:05 p.m. | Concurrent Session | Notice and Transparency
1.5 Hours MCLE; 1.5 Hours Technology in the Practice of Law

This interactive workshop will explore the evolving notice and transparency requirements under emerging AI regulations and existing privacy laws. Through a series of real-world hypotheticals, participants will examine how these legal frameworks apply to technologies such as chatbots, generative AI systems, and companion bots.

The session will highlight key differences and overlaps between AI and privacy law requirements, and provide practical tips for meeting legal obligations related to user disclosures, consent, and accountability. Attendees will leave with a clearer understanding of how to design and communicate compliant AI-driven products and services.

Speakers:

  • Shruti Bhutani Arora
  • Divya Gupta
1:35 p.m. – 3:05 p.m. | Concurrent Session | Navigating AI Legislation: An In-Depth Look at the Colorado AI Act and the EU AI Act
1.5 Hours MCLE; 1.5 Hours Technology in the Practice of Law

Participants will engage in interactive case studies and scenario-based discussions designed to empower attendees with a clear understanding of the evolving world of AI legislation. Through real world case studies and guided discussions, attendees will explore key legal and regulatory frameworks that shape how AI is developed, developed and governed. You will leave the session with a solid grasp of international and local AI-related laws, as well as hands on experience examining legal implications through scenarios involving data governance, accountability and transparency. 

Speakers:

  • David Stauss
  • Mark Webber
1:35 p.m. – 3:05 p.m. | Concurrent Session | Consumer Health Data and Precise Geolocation Disclosures and Consent Requirements
1.5 Hours MCLE; 1.5 Hours Technology in the Practice of Law

This session offers privacy, legal, and compliance professionals an in-depth overview of two major regulatory frameworks shaping the future of AI governance—the Colorado AI Act and the EU AI Act. Participants will examine the scope, requirements, and obligations under each law, and explore practical implications for organizations deploying or developing AI technologies.

Through comparative analysis and facilitated discussion, the workshop will highlight key compliance challenges, emerging risks, and strategic opportunities for aligning AI initiatives with evolving regulatory expectations. Attendees will leave with a clearer understanding of how to operationalize responsible AI practices across jurisdictions.

Speakers:

  • Nancy L. Perkins
  • Cody Venzke
1:35 p.m. – 3:05 p.m. | Concurrent Session | Emerging Vendor Monitoring Requirements – New Ideas and Best Practices
1.5 Hours MCLE; 1.5 Hours Technology in the Practice of Law

This workshop will explore the increasing legal and regulatory expectations surrounding vendor management programs, with a focus on practical implementation and risk mitigation. Participants will gain a deeper understanding of how emerging laws—such as the California Consumer Privacy Act (CCPA) and national security-related regulations—require companies to establish mature and accountable vendor oversight frameworks.

Key topics will include:

  • Ensuring appropriate contractual provisions are in place
  • Navigating vendor ownership considerations for national security compliance
  • Conducting effective vendor audits to meet legal and regulatory requirements

This session will provide actionable insights and best practices for legal and privacy professionals working to strengthen third-party risk management within their organizations.

Speakers:

  • Nick Ginger
  • Celine Guillou
  • Sheri Porath Rockwell

Session 4 | Concurrent Sessions

3:15 p.m. – 4:45 p.m. | Concurrent Session | Beyond the Breach: Ransomware Tabletop for the AI Era
1.5 Hours MCLE; 1.5 Hours Technology in the Practice of Law

This advanced tabletop workshop is designed for experienced data protection professionals ready to tackle today’s evolving cybersecurity challenges. With AI-generated deepfakes, synthetic media, and increasingly sophisticated ransomware tactics on the rise, participants will step into a high-intensity, scenario-based simulation that tests real-time decision-making, cross-functional coordination, and crisis response strategy.

Attendees will be assigned to small incident response teams and face unfolding ransomware scenarios involving AI-powered threats—such as deepfake communications, targeted phishing attacks, and synthetic insider threats. Through live injects, time-sensitive decisions, and expert-facilitated discussions, participants will sharpen their ability to respond under pressure while gaining insights into modern threat landscapes and response dynamics.

Speakers:

  • Brett Cook
  • Jennie Wang VonCannon
3:15 p.m. – 4:45 p.m. | Concurrent Session | The Weakest Link? Simulating a Social Engineering Cyber Attack
1.5 Hours MCLE; 1.5 Hours Technology in the Practice of Law

Exclusively for in-house counsel, privacy attorneys, compliance officers, and litigation specialists, this workshop addresses the complex legal and regulatory challenges arising from cybersecurity incidents. Moving beyond technical defenses, it focuses on the legal, compliance, and ethical obligations triggered by social engineering attacks and insider threats. Through real-world scenarios, participants will identify potential liabilities, develop strategies for thorough internal investigations, navigate breach notification requirements, and prepare for litigation. The session highlights proactive legal frameworks to minimize risk and ensure defensible responses to human-centric cyber vulnerabilities.

Speakers:

  • Kate Lucente
  • Andrew Scott
3:15 p.m. – 4:45 p.m. | Concurrent Session | Vendor Vetting Unlocked: The Onboarding Imperative
1.5 Hours MCLE; 1.5 Hours Technology in the Practice of Law

This advanced workshop is designed for professionals navigating the complex legal and regulatory landscape of vendor security within the cyber supply chain. Focusing specifically on cybersecurity obligations beyond general data protection, participants will delve into audit requirements, legal liabilities, and compliance with evolving cyber regulations. Through practical exercises, attendees will learn to draft and negotiate strong cybersecurity clauses, address security audit findings strategically, manage post-breach vendor legal issues, and proactively mitigate risks from third-party vendors. This program equips legal teams to effectively handle the legal challenges of supply chain cyber incidents.

Speakers:

  • Chris Ghazarian
  • Steve Millendorf
3:15 p.m. – 4:45 p.m. | Concurrent Session | Strengthening Digital Defenses: Navigating NIS2, DORA, and the Cyber Resilience Act
1.5 Hours MCLE; 1.5 Hours Technology in the Practice of Law

This advanced workshop is designed for professionals navigating the complex legal and regulatory landscape of vendor security within the cyber supply chain. Focusing specifically on cybersecurity obligations beyond general data protection, participants will delve into audit requirements, legal liabilities, and compliance with evolving cyber regulations. Through practical exercises, attendees will learn to draft and negotiate strong cybersecurity clauses, address security audit findings strategically, manage post-breach vendor legal issues, and proactively mitigate risks from third-party vendors. This program equips legal teams to effectively handle the legal challenges of supply chain cyber incidents.

Speakers:

  • Paul Lanois
4:45 p.m. – 6:00 p.m. | Reception

Recommended Accommodations

Special discounted rates for this program are available through the links below:

Subject to availability at time of reservation.

Interested in Sponsoring?

We would be honored to have your support as a sponsor for our upcoming event. With your sponsorship, we can make a bigger impact and create a memorable experience for all attendees. Learn more and get started today!

Kelley Drye
Coffee and Pastries Sponsor: Kelley Drye

Registration Information

TypeRegistration Fee
CLA Member$899
Non-CLA Member$949
In-House/Government/Public Interest* – CLA Member$599
In-House/Government/Public Interest* – Non-CLA Member$649

*Non-CLA Members and CLA Members who are In-House or Public Interest Employees must use a discount code to access this special pricing. Please email, ProgramRegistrations@calawyers.org for discount code.

Payment is due at the time of registration and must be received no later than one week before the program start date. Registration will not be considered complete until payment has been received. Requests for exceptions to this policy may be accommodated on a case-by-case basis. For questions or to request an exception, please contact us at ProgramRegistrations@calawyers.org.

Cancellations and refunds must be received in writing no later than Thursday, October 2, 2025 and are subject to a 10% service fee. Refunds will not be provided after Thursday, October 2, 2025. Please send your request to ProgramRegistrations@calawyers.org.

For program and registration information, please email ProgramRegistrations@calawyers.org or call 916-516-1757.

This event may be recorded. By attending this event, you consent to be photographed, filmed, and/or otherwise recorded, and to any use, by the CLA, of your likeness, voice, and name in any and all media including social media. If you do not want your name or photo to be used, please let us know in advance. We cannot, however, honor requests to opt out of the use of your image or voice if you choose to ask a question during one of the event sessions.

The California Lawyers Association is an approved State Bar of California MCLE provider.

We are committed to accessibility! Virtual events are equipped with closed captioning. To request an in-person accommodation, send us a note at accessibility@calawyers.org or contact us at 916-516-1760 for assistance.

Forgot Password

Enter the email associated with you account. You will then receive a link in your inbox to reset your password.

Personal Information

Select Section(s)

CLA Membership is $99 and includes one section. Additional sections are $99 each.

Payment