Register by November 30, 2025, and save $100 on the 2026 Midwest Legal Conference on Data Privacy and Cybersecurity.
MINNEAPOLIS
Thursday, February 8, 2024 - Friday, February 9, 2024
9:00 AM - 5:00 PM | Check-In: 8:30 AM
Minnesota CLE Conference Center
600 Nicollet Mall # 370
3rd Floor, City Center
Minneapolis, MN 55402
Unlock 2024's top data privacy and cybersecurity insights in an engaging event setting that features –
8:30 – 9:00 a.m.
CHECK-IN & CONTINENTAL BREAKFAST
9:00 – 9:05 a.m.
WELCOME
9:05 – 9:50 a.m.
Data Privacy Update – Key State, Federal, and International Privacy Developments and Practical Takeaways
The conference opens with an expert update on significant data privacy developments – both domestic and international – over the past year and key changes that will hit your inbox soon. Topics will include: the many new state privacy laws and the expansive state health privacy laws passed in 2023; state regulatory updates; artificial intelligence (AI) – the Executive Order on AI, the EU AI Act, class actions against AI companies, and the Frontier Model Forum; new state social media safety laws and age verification laws, children’s privacy lawsuit by states, and large children’s privacy-related fines; adtech changes including deprecation of third party cookies and ad-free services in Europe; dark patterns legal actions; voice cloning; Digital Services Act enforcement; FTC enforcement activity; new state court decisions on biometrics; wiretapping cases based on chat and other online features; California’s Delete Act; India’s new Digital Personal Data Protection Act; and other international privacy developments including those from the EU, China, Canada, and more.
– Jamie N. Nafziger
9:50 – 9:55 a.m.
BREAK
9:55 – 10:40 a.m.
Cybersecurity Update – The Current Threat Landscape and Key U.S. Cybersecurity Legal Developments
An expert’s look at today’s cybersecurity landscape. Topics will include: current and imminent threats including to supply chains; a detailed account of the MOVEit data breach, including how the breach occurred, the types of data compromised, responses of some of the affected companies, and the remediation of exploited vulnerabilities; the new SEC cyber disclosure rules; individual accountability for cybersecurity incidents; new federal cybersecurity pronouncements; and board oversight expectations.
– Lisa J. Sotto
10:40 – 10:45 a.m.
BREAK
10:45 – 11:15 a.m.
The New EU-US Data Privacy Framework – To Register or Not?
Registering under the new EU-US Data Privacy Shield 2.0 could be an important benefit for US companies involved in cross-border data transactions with the EU, but it’s not always a clear-cut decision to register. Attendees will gain insights into the practical implications of registration through real-world scenarios, equipping them with the knowledge to guide their clients in making informed, case-specific decisions on whether to join the EU-US Data Privacy Framework.
– Brian L. Hengesbaugh
11:15 – 11:30 a.m.
BREAK
11:30 a.m. – 12:30 p.m.
BREAKOUT SESSION A
001
Unpacking the New EU-US Data Privacy Framework – Getting into the Nitty Gritty of How to Register and Comply
Come learn what a client must do to register under the EU-US Data Privacy Framework (DPF). What should be included in the statement confirming the organization’s eligibility? What is a DPF-compliant privacy policy and the requisite independent dispute resolution mechanism? Does your client need to make changes to its existing policies and procedures to align its practices to those DPF principles? Because compliance with the DPF is an ongoing obligation, what systems should the client establish and maintain to ensure continuous compliance?
– Brian L. Hengesbaugh
002
Employees at Home and Abroad – Mitigating the Risk from Data Privacy and Security Laws
As more employees work from home or on the road, complex data privacy and security implications arise. Countries, states, provinces and cities often have unique data protection obligations for cross-border data transfers, monitoring employee communications or tracking their locations, device security, government access to data and more. Gain practical guidance on how to effectively implement policies and practices that mitigate risk for the international traveler and home worker alike.
– Tedrick A. Housh
003
Privacy Policies – Practical Advice for Handling Common Real-World Scenarios
Privacy policies are pervasive and serve many purposes. They can seem straightforward, but when the rubber hits the road, developing and implementing a policy can be daunting. This session breaks it down to the key components so that you can develop a policy that is effective in the real world.
– Nadeem W. Schwen
12:30 – 1:30 p.m.
LUNCH BREAK (on attendees’ own)
1:30 – 2:30 p.m.
BREAKOUT SESSION B
101
New SEC Cybersecurity Rules – Key Takeaways for Implementation
In July 2023, the SEC adopted new rules to standardize disclosures regarding cybersecurity risk management, strategy, governance, and incidents by public companies subject to reporting requirements under the Securities Exchange Act of 1934. Learn what the rules require, how to apply the rules to examples of real-world scenarios, and practical tips and takeaways.
– Robert E. Cattanach & Jennifer R. Coates
102
Generative AI Deployments – Risk Management Strategies When Aligning Business Strategies with Data Privacy and Cybersecurity Imperatives
In 2023, a variety of new laws, frameworks, and guidelines emerged at state, federal, and international levels addressing the intricate interplay of data privacy and cybersecurity with generative AI. 2023 also ushered in a new era of widespread use with the headline-grabbing open rollout of ChatGPT. Two experienced attorneys, one of whom is also a Chief Compliance Officer, will discuss: the critical legal and technical dimensions of data privacy and cybersecurity in the context of generative AI deployments in business settings; risk assessment and mitigation strategies in light of those realities; and real-world examples to illustrate these points.
– Eran Kahana & Michael J. McGuire
103
A Roadmap to Managing Vendors for Data Privacy and Cybersecurity Compliance
This presentation provides guidance and practical approaches to the significant challenges faced when managing vendors for data privacy and cybersecurity compliance.
– Bradley W. Hammer
2:30 – 2:45 p.m.
BREAK
2:45 – 3:45 p.m.
BREAKOUT SESSION C
201
The Newly Expanded California Consumer Privacy Laws – What They Are and How to Comply
Under California’s data privacy and data security laws, specifically the California Privacy Rights Act (CPRA) and the Delete Act, consumers have been granted expanded and new rights. Make sure you’re up to date on the newest California changes to these laws, ways to operationalize compliance with the new requirements, and related enforcement and litigation risks. You’ll leave the session with ideas to refine and improve your clients’ CCPA compliance effectiveness.
– Katheryn A. Andresen
202
Beyond Treatment: Navigating the Complexities of Health Data Usage
Experienced in-house and outside counsel examine the data privacy aspects surrounding the use of patient and consumer health data for purposes other than direct healthcare. They’ll provide practical insight on assessing risk levels associated with specific non-treatment data uses, drafting and obtaining necessary consents, and identifying special considerations when that data usage includes transfer to affiliated entities and third parties.
– Marguerite Ahmann & Jeffrey J. Roby
203
Mitigating Risk Through Strong Data Retention and Deletion Policies and Practices
This practical discussion of existing and emerging data retention and deletion obligations will equip you with the information and actionable tips you need to more confidently advise clients in this complex area. You’ll learn key concepts highlighting the critical intersection of privacy and security, including the risks of failing to operationalize retention and deletion rules. Hear practical strategies for crafting robust policies, implementing effective processes, and ensuring compliance. Gain insights on tracking and training, designed to strengthen your clients against risks.
– Marc W. Courey & Kaitlin A. Lang
3:45 – 4:00 p.m.
BREAK
4:00 – 5:00 p.m.
BREAKOUT SESSION D
301
2024 Data Privacy and Cybersecurity Litigation Update
Two experienced litigators – one plaintiff-side, one defense – team up to analyze the key developments in privacy and data breach litigation from the past year. Topics will include: significant federal and state court decisions including the Minnesota Supreme Court’s 2023 decision on the relationship between HIPAA exceptions and the Minnesota Health Records Act; high-profile settlements; California litigation trends; biometric class actions; and more.
– Joe Hashmall & Michael Jaeger
302
Do You Have Clients Who Accept Credit Card Payments? Then You Need to Know About the PCI Data Security Standards Including New Version 4.0 – What’s Required and Who’s Covered (It’s Not Just Retail and Hospitality!)
PCI is not just for the retail and hospitality industries, and there’s a lot of confusion about which entities are required to comply and what’s required. In this session, we’ll talk about the Payment Card Industry requirements, how they apply to your clients and their third-party vendors who hold the credit card information, and issues that can arise during a potential breach of information. We’ll also discuss unexpected situations, such as when, even if PCI doesn’t technically apply to your client, you could be asked for PCI compliance as a standard in a contract.
– Kerry L. Childe
5:00 – 6:15 p.m.
RECEPTION AT THE OCEANAIRE
Reception courtesy of Lathrop GPM
Food, Fun and a Chance to Win Prizes!
Thursday’s reception will take place across the street from the Conference Center at The Oceanaire.
Register for a chance to win a fun prize! The prize drawing will take place at the reception on Thursday, February 8, and you must be present at the reception during the prize drawing to win. Any person may receive and submit an entry form on Thursday, February 8, at the conference registration desk until the reception begins at 5:00 p.m. Registration for the 2024 Midwest Legal Conference on Data Privacy and Cybersecurity is not required. The following individuals are not eligible to win: employees of Minnesota CLE and the Minnesota State Bar Association, as well as family members of those employees.
8:30 – 9:00 a.m.
CONTINENTAL BREAKFAST
9:00 – 9:05 a.m.
WELCOME
9:05 – 10:05 a.m.
Pixel Tracking, Biometric Authentication and Generative AI: What You Need To Know About How They Work
These days most data privacy and security discussions inevitably seem to lead to technical subjects like pixel tracking, biometric authentication, and generative AI. Join Nadeem Schwen, an experienced data privacy and security lawyer with a computer engineering background, for an engaging session that demystifies these technologies, and tells you what you need to know about how they work. This session will delve into key technical concepts through a legal lens, and provide insights essential for navigating the legal landscapes shaped by these innovations.
– Nadeem W. Schwen
10:05 – 10:15 a.m.
BREAK
10:15 – 11:15 a.m.
Senior In-House Privacy Leaders Panel – How We Prioritize for Robust Data Privacy Protection, Bridge Departments and Engage Executives and the Board
In this highly practical session, a panel of senior in-house privacy leaders discusses the following critical components of their work –
– Elaine De Franco Olson, Mitchell W. Granberg & Jeremy Mauritson
– Kellie Johnson (moderator)
11:15 – 11:30 a.m.
BREAK
11:30 a.m. – 12:30 p.m.
BREAKOUT SESSION E
401
New State Laws Beyond California – Trends and Compliance Answers
Identifying trends and outliers, this session uses a highly practical approach to update us on the many non-CA state laws and regs coming into effect in 2023 and 2024. This session will cover states’ legislation and regulation in data privacy and security, how those compare to California’s, and what practical steps a client can take to determine which states’ laws apply and how to comply across multiple jurisdictions.
– Michael R. Cohen
402
China and Cross-Border Data Transfers – How To’s for Now and Anticipating the Future
In this session you’ll learn the key elements of Chinese law on cross-border data transfers; the complexities and ambiguities still present in the law; solutions and examples for executing compliant data transfers in the face of those complexities and ambiguities; penalties for non-compliance; and possible future relaxation or tightening of some of these rules.
– Bradley W. Hammer
403
Texting Current and/or Potential Customers with Marketing or Informational Texts – Navigating the TCPA Minefield
Despite the risks, your clients want to connect with customers and potential customers via text messaging. This session will: explore those risks, focusing on the restrictions set by the Telephone Consumer Protection Act (TCPA); explain how the TCPA is understood from the privacy law perspective; and offer best practices for both marketing and transactional text-message campaigns.
– Justin O. Kay
12:30 – 1:30 p.m.
LUNCH (on attendees’ own)
1:30 – 2:30 p.m.
BREAKOUT SESSION F
501
Canadian Data Privacy and Security Law: New Developments and Comparison with U.S. Laws
Get practical guidance for advising companies that conduct business in both the U.S. and Canada. This session will highlight key areas in U.S. and Canadian data privacy and security laws and give practical tips for complying with them. Topics include: privacy policies; consent requirements including the new ones in Quebec relating to cookies and other tracking tools; contract requirements; assessments; security and data breach requirements; cross-border issues; enforcement; and more.
– Melissa J. Krasnow & Wendy Mee
502
Insurance Claims Playbook – A Real-World Look at Engaging with the Insurer Following a Cybersecurity or Data Privacy Incident
Your client thinks it may have experienced a cybersecurity incident or other data privacy compromise. From the “A” of fulfilling the initial notification obligations to the insurer all the way through to the “Z” of claims resolution, how do you effectively advise your client as they work through each of the steps of the claims process? A cyber risk leader from the insurance industry and an experienced data privacy lawyer team up to teach this engaging, practical session.
– Mario G. Paez & Jonathan H. Stechmann
503
How to Build and Maintain Effective Privacy and Data Security Programs
Privacy programs and security programs are not interchangeable, but they are deeply intertwined and interrelated. Learn about the goals of each and how to build and maintain programs that are capable of evolving with constantly changing legal and technical environments.
– Kerry L. Childe
2:30 – 2:45 p.m.
BREAK
2:45 – 3:45 p.m.
Ripped from the Data Privacy and Cybersecurity Headlines – Discussing Legal Ethics Issues from the Real World
1.0 ethics credit applied for
To cap off this year’s conference, we are joined by Elizabeth (Liz) Roper who, before joining Baker McKenzie in 2022, most recently served as Bureau Chief for the Cybercrime and Identity Theft Bureau in the Manhattan DA’s office. Instructive and engaging, this presentation discusses how to analyze (and either handle or avoid) the legal ethics issues presented in real-world situations faced by data privacy and cybersecurity lawyers. In addition to discussing duties during investigations of breaches and resulting enforcement or litigation, Liz will talk about legal ethics issues implicated in the SEC’s subpoena of Covington & Burling for names of clients impacted by a data breach; and the SEC’s charge against both SolarWinds and its CISO.
– Elizabeth Roper
Attendees of the 2024 Midwest Legal Conference on Data Privacy & Cybersecurity may view the following webcasts for FREE after the conference! Instructions on how to register for free will be provided to in-person attendees at the conference and online replay viewers by email after the replay.
Wednesday, March 13, 2024
12:00 – 1:00 p.m. Central
The FTC’s “Paradigm Shift” in Approaching Privacy Enforcement
1.0 standard CLE credit applied for
Take a deep dive into the important new FTC developments in privacy enforcement. You’ll get practical insight from two seasoned privacy lawyers: Maneesha Mithal of Wilson Sonsini, who led the Federal Trade Commission’s Division of Privacy and Identity Protection for over a decade, and Maggie Lassack, who is Polaris’ Director, Legal – Privacy, Cybersecurity, Ethics & Compliance, and a former FTC attorney as well.
– Maggie Lassack & Maneesha Mithal
Tuesday, March 19, 2024
12:00 – 1:00 p.m. Central
Asia Data Protection and Cybersecurity Update – Focus on China, India and Vietnam
1.0 standard CLE credit applied for
2023 saw the passage and implementation in China, India, and Vietnam of significant new laws and regulations on data protection and cybersecurity. In this session, Rachel Ehlers identifies key legal obligations arising from these new laws and practical implications for multinational businesses in 2024 and beyond. Now with Baker McKenzie, Ms. Ehlers is a former in-house counsel with multinational experience, who has also served as a chief compliance officer and a chief privacy officer.
– Rachel Ehlers, Ella Noll, Mariana Oliver & Fernanda Rodriguez
Friday, March 22, 2024
12:00 – 1:00 p.m. Central
Rescheduled for:
Friday, April 5, 2024
12:00 – 1:00 p.m. Central
Elimination of Bias: How to Address the Impact of AI Bias and Facial Recognition Discrimination
1.0 elimination of bias credit applied for
Increase your understanding of the bias embedded in artificial intelligence technology, particularly facial recognition, how this bias affects people of color, and how AI may further marginalize protected groups and perpetuate existing bias in the law and our legal system. Presenting this important topic is Eric Williams, a managing attorney in the Detroit Justice Center’s Economic Equity Practice. Mr. Williams is a transactional attorney with an emphasis on the legal needs of entrepreneurs, small businesses, and nonprofits. He will provide guidance for attorneys who advise on business matters or litigate issues where AI is at issue. This guidance will assist lawyers to identify and mitigate the potentially discriminatory effects where AI is integrated into criminal and civil legal decision-making.
– Eric C. Williams
LIVE IN-PERSON
Thursday & Friday, February 8-9, 2024
Minnesota CLE Conference Center
600 Nicollet Mall, Suite 370
Seventh Street & Nicollet Mall, Third Floor City Center
Minneapolis, Minnesota
ONLINE REPLAY
Monday & Tuesday, March 4-5, 2024
Attend online
Online replay includes all plenary and breakout sessions. A moderator will be available to answer questions by email.
$495 MSBA members / $495 paralegals / $595 standard rate
Other discounts that may apply:
Scholarships available!
Need-based scholarships are available for in-person and online seminars. For further information or to obtain a scholarship application, contact us at 800-759-8840 or customerservice@minncle.org.
CREDITS – CONFERENCE
Minnesota CLE is applying to the Minnesota State Board of CLE for 11.0 CLE credits, including 1.0 ethics credit. The maximum number of total credits attendees may claim for this program is 11.0 credits. Minnesota CLE also is applying to the IAPP for CPE eligibility.
CREDITS – POST-CONFERENCE WEBCASTS
Minnesota CLE is applying to the Minnesota State Board of CLE for 1.0 CLE credit for each webcast. For the webcast entitled "Elimination of Bias: How to Address the Impact of AI Bias and Facial Recognition Discrimination" Minnesota CLE has applied for 1.0 elimination of bias credit. Minnesota CLE also is applying to the IAPP for CPE eligibility for all three webcasts.
