ONLINE
Monday, February 23, 2026 - Tuesday, February 24, 2026
9:00 AM - 5:00 PM
Today’s data privacy and cybersecurity landscape is immensely interesting – and incredibly challenging – due to the pace of technological advancements and the demand to identify and mitigate risks in a rapidly evolving legal landscape. The extensive, practical content of the 2026 Midwest Legal Conference on Data Privacy and Cybersecurity is the trusted, convenient way to get the real-world, real-time guidance you need. It’s also a highly efficient and one-of-a-kind chance to compare your practices with what the team of Institute faculty members are advising their clients!
Why This Conference Is Right for You –
Whichever category you fit, it’s critical that you stay current in this fast-paced practice area. At the Midwest Legal Conference on Data Privacy and Cybersecurity, you choose from an array of breakout session topics to create a meaningful, custom experience. Because of its flexibility, this Conference is a go-to resource for timely, topical education for experts and non-experts alike.
All times are central time.
8:30 – 9:00 a.m.
CHECK-IN & CONTINENTAL BREAKFAST
9:00 – 9:05 a.m.
WELCOME & ANNOUNCEMENTS
9:05 – 9:50 a.m.
Facial Recognition: Lessons From Deployment at Mall of America
In June 2024, Mall of America integrated advanced facial recognition technology into its security system following years of research, planning, and compliance work. In this session, MOA’s General Counsel and outside counsel outline the rollout strategy, technology selection process, and key lessons – both setbacks and successes. They’ll cover best practices, regulatory enforcement trends, and the practical challenges of implementing technology amid rapidly evolving biometric laws.
– Justin O. Kay, Juliana Panetta & Kristen Peterson
9:50 – 10:20 a.m.
Today’s Cyber Threat Landscape
A look at emerging cybersecurity threat patterns and – in light of those trends – practical recommendations for monitoring risks and preparing clients for what lies ahead. As part of this discussion, we will consider major cybersecurity incidents from the past year, examining how the attacks unfolded, and what they reveal about today’s evolving threat environment.
– Elimu Kajunju
10:20 – 10:30 a.m.
BREAK
10:30 – 11:30 a.m.
Game-Changing Blind Spots That Create Data Privacy and Security Liabilities – Plaintiff Litigators’ Insights
This powerhouse panel of plaintiff-side class action litigators have developed extensive expertise in privacy and data breach litigation, including work as:
Drawing on these and many other class actions, they’ll identify the defense blind spots they see – in business practices, law, and defense strategy – that can lead to significant settlements or verdicts.
– Kate M. Baxter-Kauf, Brian C. Gudmundson & Joe Hashmall
– Christopher P. Renz (moderator)
11:30 – 11:40 a.m.
BREAK
11:40 a.m. – 12:10 p.m.
Seeing the Forest and the Trees – Themes and Details Across New State Privacy and Cybersecurity Laws
A fast-paced, high-value overview of this year’s most significant developments in state privacy and cybersecurity law. This session highlights the major emerging themes, while pointing to new state-specific statutes and regulations that illustrate those trends. Attendees will gain a clear understanding of how the national patchwork is expanding, where it remains consistent, and what developments are most important to monitor in the year ahead.
– Kerry L. Childe
12:10 – 12:30 p.m.
Aha! Moments – Real-Time Debrief in 20 Minutes
A quick, lively panel where conference planners share some of the ideas, insights, and practical takeaways that caught their attention from this morning’s plenary sessions.
– Fábio M. Calil, Michael R. Cohen & Rita A. O’Keeffe
12:30 – 1:30 p.m.
LUNCH BREAK (on attendees’ own)
1:30 – 2:30 p.m.
BREAKOUT SESSION A
001
How to Build (or Refresh) an AI Governance Program That’s Privacy Compliant and Doesn’t Stall Innovation
A practical, plain-English walk-through that provides concrete guidance for: Designating an accountable team for AI decisions; Creating an AI inventory and categorizing risk; Right-sizing pre-launch reviews; Scaling guardrails; Setting up ongoing monitoring; Documenting decisions; and Rolling out training.
– Nadeem W. Schwen
002
California Privacy and AI Update: New Laws, Regulations, and Enforcement Trends
California continues to lead the nation in shaping privacy and artificial intelligence regulation. This session will cover the latest legislative changes, including newly enacted privacy and AI laws, updated regulations on automated decision-making technology, and cybersecurity audit requirements. We’ll also discuss effective dates, and recent enforcement actions by the California Privacy Protection Agency – helping you understand what these developments mean for compliance strategies and risk management going forward.
– Tedrick A. Housh & Chiara Portner
003
The Cost of Doing Business: Examples to Help Quantify Privacy and Cyber Events
Advising business partners and clients about privacy and cybersecurity risks can be difficult to quantify. What happens in the 5% chance event? In this session, we will walk through various scenarios that may result from a privacy or cyber event, including litigation, arbitration, regulatory investigation, and other effects. What does a timeline for resolution look like? Which scenarios happen in parallel? How much does it cost? And, importantly, what are a company’s obligations?
– Mitchell Noordyke
2:30 – 2:45 p.m.
BREAK
2:45 – 3:45 p.m.
BREAKOUT SESSION B
101
How to Build AI-Threat Awareness into Incident Response Plans
This session teaches what internal and external AI-driven threats look like in practice and how to build targeted awareness of them directly into your clients’ Incident Response Plans. Simply layering AI considerations onto a weak Plan won’t work, so this session provides practical guidance for working with your clients to re-assess their Plans’ core components – and then how to build awareness of these new AI-driven threats into their newly re-confirmed or revised Plans.
– Daniel J. Ongaro & Alicia J. Paller
102
Beyond California – A Deep Dive into What Other States’ New Laws Mean for Your Policies and Reporting
Repeated at #403
California continues to lead in privacy regulation, but it’s far from the only jurisdiction driving major change. This session breaks down the year’s most significant privacy and cybersecurity developments from other states and translates them into clear, practical action steps. We’ll examine key provisions and new operational duties, and outline how to assess whether your clients’ policies, practices, and notices require updates. We’ll also explore some unique provisions that may shape next year’s compliance priorities.
– Kerry L. Childe
103
Adtech Compliance in Practice – Concrete Guidance for Deploying Pixels, Cookies, and Related Tracking Technologies
Detailed, practical guidance on high-value compliance decisions – how to configure cookies, when consent banners and button-based choices are effective, how to re-evaluate privacy policies in light of your client’s use of these tools, and other thorny issues related to deploying pixels, cookies, and other tracking technologies. You’ll leave with actual how-to’s, not simply a recitation of risks.
– Elimu Kajunju
3:45 – 4:00 p.m.
BREAK
4:00 – 5:00 p.m.
BREAKOUT SESSION C
201
Implementing a Practical Privacy Compliance Program at Any Organization
Building a privacy compliance program that works for organizations of any size requires a balance of regulatory understanding and operational efficiency. Tyler Thompson will share practical insights on implementing scalable compliance frameworks, ensuring regulatory alignment, and fostering a culture of privacy within companies. His session will provide real-world examples and best practices for embedding privacy into business operations.
– Tyler Thompson
202
Building a CCPA/CPPA-Ready Vendor Program
The California Privacy Protection Agency has issued updated regulations under the CCPA, introducing three new compliance regimes: Cybersecurity Audits, Risk Assessments, and Automated Decision-Making Technology governance. Lawyers advising CCPA-subject companies will need to guide clients in building vendor programs that meet the changes these new regimes bring. As part of this session, you’ll see a demo of a comprehensive enterprise vendor assessment form – a tool designed for CPPA compliance that also helps clients track the same controls and evidence across jurisdictions without having to rebuild or scramble for process later.
– Eran Kahana
203
“Yikes! I Didn’t Know That Mattered”: Guiding IT, Marketing and Business Away from Everyday Privacy and Security Landmines
Many privacy and cybersecurity problems come, inadvertently, from well-meaning people in business, IT, marketing, and vendor-management. Marketing drops in a new pixel, IT pushes a “small” website change, product signs a new vendor in a regulated space, or someone starts using a shiny AI tool with real customer data. But this isn’t a gripe session! You’ll get concrete guidance focused on prevention – and how to bake those prevention to-do’s into onboarding, approvals, and training so you reduce surprises and late-stage legal fire drills.
– Katheryn A. Andresen, Kellie Johnson & Rita A. O’Keeffe
5:00 – 6:15 p.m.
RECEPTION AT THE CAPITAL GRILLE
Courtesy of Lathrop GPM
Food, Fun and a Chance to Win Prizes!
Thursday’s reception will take place nearby at The Capital Grille. Register for a chance to win a fun prize! The prize drawing will take place at the reception on Thursday, February 5, and you must be present at the reception during the prize drawing to win. Any person may receive and submit an entry form on Thursday, February 5, at the conference registration desk until the reception begins at 5:00 p.m. Registration for the 2026 Midwest Legal Conference on Data Privacy and Cybersecurity is not required. The following individuals are not eligible to win: employees of Minnesota CLE and the Minnesota State Bar Association, as well as family members of those employees.
8:30 – 9:00 a.m.
CONTINENTAL BREAKFAST
9:00 – 9:05 a.m.
WELCOME & ANNOUNCEMENTS
9:05 – 9:50 a.m.
The First Six Months of the MCDPA – Early Enforcement Insights
The new Minnesota Consumer Data Privacy Act took effect six months ago and the cure period expires January 31, 2026. Join representatives of the Minnesota Attorney General’s Office for an overview of:
– Noah Lewellen & Caitlin M. Micko
10:35 – 10:50 a.m.
BREAK
10:50 – 11:35 a.m.
A Glimpse into the Future of Cross-Border Data Regulation
Practical insights on how public policy, geopolitical, and regulatory developments – such as the new U.S. DOJ rule – both shape and reflect an increasingly complex cross-border data transfer landscape, and how these dynamics play out in real-world case studies and examples.
– Brian L. Hengesbaugh
11:35 a.m. – 12:05 p.m.
Busting 5 Myths About US Privacy and AI Enforcement
– Odia Kagan
12:05 – 12:25 p.m.
More Aha! Moments – Day 2’s Real-Time Debrief
It’s a new day and a new set of conference planners who’ll share some of the ideas, insights, and practical takeaways that caught their attention from this morning’s plenary sessions.
– Steven E. Helland, Maggie Lassack & Prasanta Wells
12:25 – 1:30 p.m.
LUNCH BREAK (on attendees’ own)
1:30 – 2:30 p.m.
BREAKOUT SESSION D
301
Less Is More: Minimization, Pseudonymization, and De-Identification
Over-collection, over-usage, and over-sharing of data increases legal, security, and operational risk. This program explores how to minimize data across the entire data lifecycle – from initial collection through analytics and sharing. You’ll learn specific practical approaches using minimization, pseudonymization, and de-identification techniques – including how each proposed approach can materially reduce risk from data breaches and regulatory exposure. The session will close with practical contract negotiation tips, including sample clauses on use limitations, re-identification bans, and downstream partner controls.
– Patrick Midden
302
How the FBI Works with the Private Sector and Other Organizations to Share Cyber Threat Information and Investigate Cyber Incidents
Available only at the live in-person conference; will not be recorded.
This panel features Minneapolis FBI Supervisory Special Agent & Cyber Program Coordinator Jake Iverson, who is joined by a CISO, the Chief Underwriting Officer at a cyber liability insurer, and an Executive Vice President and General Counsel to provide current, real-life, and multi-disciplinary perspectives on working with the FBI on cyber incidents and sharing threat information.
– Mary Frantz, Jacob Iverson, Steve Krusko & Brandon Smith
– Melissa Krasnow (moderator)
303
From Brussels to Sacramento, with a Layover in DC: Comparing EU and US Approaches in Privacy and AI Enforcement
– Odia Kagan
2:30 – 2:45 p.m.
BREAK
2:45 – 3:45 p.m.
BREAKOUT SESSION E
401
Healthcare Tech Law Update 2026: Privacy Trends, AI Rules, and Tracking Tech
An update and overview of advancements in the laws and regulations that impact the development and deployment of technology products, services and solutions in the healthcare space, with a focus on privacy trends and AI-specific regulatory frameworks. Content includes a discussion of developments related to the use of cookies, pixels and other tracking technologies and considerations for using AI systems to communicate with patients or care recipients.
– Megan A. Bowman
402
2026 Data Privacy and Cybersecurity Litigation Update
Experienced litigators – one plaintiff side and one defense – share their insights on significant privacy and data breach litigation developments from the past year. Learn about major federal and state court decisions, high-profile settlements, and critical trends that are shaping the legal landscape for privacy and security professionals.
– Joe Hashmall & Andrew Taylor
– Paul A. Rosenthal (moderator)
403
Beyond California – A Deep Dive into What Other States’ New Laws Mean for Your Policies and Reporting
Repeat of #102
California continues to lead in privacy regulation, but it’s far from the only jurisdiction driving major change. This session breaks down the year’s most significant privacy and cybersecurity developments from other states and translates them into clear, practical action steps. We’ll examine key provisions and new operational duties, and outline how to assess whether your clients’ policies, practices, and notices require updates. We’ll also explore some unique provisions that may shape next year’s compliance priorities.
– Kerry L. Childe
3:45 – 4:00 p.m.
BREAK
4:00 – 5:00 p.m.
ETHICS: The AI Tools You and Your Legal Teams Already Use – and the Ethics and Other Risks You May Not Have Considered
1.0 ethics credit applied for
AI isn’t coming – it’s already embedded in your daily tools. From Microsoft Copilot to RAG-based research systems, these technologies raise ethical and regulatory challenges lawyers can’t ignore. This session will cover:
You’ll leave with a clear, actionable framework for using AI responsibly – because in today’s practice, actual intelligence must accompany artificial intelligence.
– Michael J. McGuire
Attendees of the 2026 Midwest Legal Conference on Data Privacy & Cybersecurity may view the following webcasts for FREE after the conference! Instructions on how to register for free will be provided to in-person attendees at the conference and online replay viewers by email after the replay. All times are central time.
March 11, 2026
12:00 – 1:00 p.m.
The Ethical Issues Involved with Creating a Data Protection Impact Assessment (DPIA)
1.0 ethics credit applied for
While thousands of companies are required to create, maintain, and update DPIAs, few attorneys have experience creating the documents. This program will discuss the requirements of a DPIA and explore the ethical issues involved with preparing them including issues that can arise in connection with: Rule 1.2 Allocation of responsibility between client and lawyer; Rule 1.3 Diligence; Rule 1.6 Confidentiality; Rule 4.1 Truthfulness in statements to others and disclosure of material facts; Rule 8.4 Duty of Candor; and Attorney Client Privilege and Attorney Work Product.
– David A. Zetoony
March 11, 2026
2:00 – 3:00 p.m.
The Data Breach Lawsuit Life Cycle: How Emerging Trends Guide Defense Strategy and Settlement Dynamics
1.0 standard CLE credit applied for
As data breaches become more frequent and litigation more complex, companies must be prepared to navigate a shifting legal landscape. In this program, we’ll walk through the full lifecycle of a data-breach lawsuit – from the initial motion to dismiss, through discovery and class certification, to summary judgment and potential settlement. Along the way, you’ll get a practical look at how these cases unfold and what organizations and their defense counsel can learn from recent courtroom trends regarding standing, injury, class certification, liability, and how early – even pre-litigation – strategic decisions can influence litigation outcomes and settlement dynamics.
– Paige Dunn, Jay Ettinger, Alicia J. Paller & Tony Ufkin
March 17, 2026
12:00 – 1:00 p.m.
Perfecting Without Perfectionism: How to Strive for Excellence Without Stressing Out Over Unattainable Ideals
1.0 mental health/substance use credit applied for
This course is designed to educate legal professionals about perfectionism in the legal field and how, although it can appear as a desirable trait, it is correlated with a higher incidence of depression, anxiety, and substance use disorder. The course will outline the characteristics of perfectionism that tend to cause emotional difficulties for lawyers, while carefully examining aspects of legal practice that do not lend themselves to the rigid, all-or-nothing mindset common in perfectionistic tendencies. Each of these subjects will be discussed, along with strategies to effectively manage perfectionistic tendencies, including approaches based on Carol Dweck’s Mindset theory, Dr. Kristin Neff’s self-compassion practices, and mindfulness techniques.
– Sarah MacGillis
March 17, 2026
2:00 – 3:00 p.m.
Kids, Teens, and Data: Practical Guidance on New Laws, New Rules, and Evergreen Issues
1.0 standard CLE credit applied for
This presentation provides practical guidance that’s informed by new state laws on children’s and teen privacy, new COPPA regs, new technology, and additional developments with implications for evergreen questions:
– Kandi Parsons
LIVE IN-PERSON
Thursday & Friday, February 5-6, 2026
Minnesota CLE Conference Center
600 Nicollet Mall, Suite 370
Seventh Street & Nicollet Mall, Third Floor City Center
Minneapolis, Minnesota
ONLINE REPLAY
Monday & Tuesday, February 23-24, 2026
Monday & Tuesday, March 2-3, 2026
Attend online
Online replay includes all plenary and breakout sessions, with the exception of breakout #302 which will not be recorded. A moderator will be available to answer questions by email.
$495 MSBA members / $495 paralegals / $595 standard rate
Other discounts that may apply:
Scholarships available!
Need-based scholarships are available for in-person and online seminars. For further information or to obtain a scholarship application, contact us at 800-759-8840 or customerservice@minncle.org.
CREDITS – CONFERENCE
Minnesota CLE is applying to the Minnesota State Board of CLE for 12.0 CLE credits, including 1.0 ethics credit for the concluding plenary. The maximum number of total CLE credits attendees may claim for this program is 12.0 credits. Minnesota CLE also is applying to the IAPP for CPE eligibility.
CREDITS – FREE POST-CONFERENCE WEBCASTS
Minnesota CLE is applying to the Minnesota State Board of CLE for the following credits:
