8:55        Welcome and Introductions

9:00        A Healthy Way of Looking at It: Analyzing Health Data Privacy Issues in Light of New Laws^‡

Tara N. Cho, Womble Bond Dickinson (US) LLP, Raleigh
Lauren Jones, Surescripts, Washington, DC
Mayukh Sircar, Ward and Smith PA, Raleigh

Health data is not just governed by HIPAA anymore, and the meaning of health data has also broadened. New and amended state privacy laws governing consumer health data have changed the landscape and raised novel questions and compliance challenges. This is happening while the U.S. Department of Health and Human Services Office for Civil Rights (OCR), the Federal Trade Commission (FTC), and other authorities have focused attention on health privacy, as well as security and breach reporting. Join us for this enlightening panel discussion where we undertake “real-time” analyses of various case studies involving health data to determine which laws apply, how they interplay, and the compliance obligations that arise.

10:00      Break

10:10      A Very Particular Set of Skills: Responding to Cyber Extortion and Ransomware Incidents^‡

Elizabeth H. Johnson, Wyrick Robbins Yates & Ponton LLP, Raleigh
Eric Lackey, Coveware, Tampa, FL
Alexander M. “Alex” Pearce, Wyrick Robbins Yates & Ponton LLP, Raleigh

Ransomware and cyber extortion events have become a critical threat to businesses across a wide range of industries, resulting in high-profile incidents that have real-world impacts on millions of Americans. These events raise a host of legal and business issues that companies and their counsel must manage in compressed time frames against the backdrop of constantly evolving facts. This session leverages actual attacks to highlight key considerations for lawyers involved in responding to these incidents and offer practical guidance on addressing the risks they present.

11:10      Break

11:20      Guardians of Privacy: A Deep Dive Into Regulator Priorities and Enforcement Actions

Matthew J. Meinel, Berkeley Research Group (BRG), Raleigh
Maryam Meseha, Pierson Ferdinand, Charlotte

This session explores recent regulatory enforcement actions by and guidance from privacy regulators, including the Federal Trade Commission (FTC), California Privacy Protection Agency (CPPA), state attorneys general, and European data protection authorities. Join us to learn practical strategies to ensure compliance with evolving privacy laws and to safeguard consumer data.

12:20      Lunch Break

1:20        Issue Spotting: Advising Clients and Business Stakeholders When Implementing Third-Party Technologies or Designing Digital Products and Services^‡

Alysja S. Carlisle, Belk Inc., Charlotte
Laura S. Chipman, Bandwidth, Raleigh
Taylor Ey, Womble Bond Dickinson (US) LLP, Durham
Nicole Whitaker, Vuori, Greensboro

In our increasingly digital economy, often companies use technologies that collect and use personal data to support their business objectives. The use cases could reach any part of the business, such as in human resources for recruitment, talent development, and timekeeping; in supply chain with artificial intelligence-powered warehouse safety and security management; and in product development for customer-facing products and services like chatbots on websites or designing new mobile app features. This session explores data privacy and security legal issues that emerge when using these technologies (whether developed in-house or procured from third parties), outlines tips for advising clients on these issues in the dynamic U.S. and global data privacy and security legal environment and shares potential risk mitigation strategies.

2:20        Break

2:30        Kids These Days: An Overview of Youth Privacy Laws and Compliance Strategies

Chloe Altieri, Future of Privacy Forum, Raleigh
Nadia G. Aram, Womble Bond Dickinson (US) LLP, Raleigh

Developments in youth privacy laws have continued at a rapid pace in 2024, and both federal and state regulators have cited this topic as an enforcement priority. This session provides an overview of current legal obligations implicating youth privacy (such as the Children’s Online Privacy Protection Act and recent FTC enforcement actions), common issues in youth privacy, and compliance strategies for privacy practitioners (such as parental controls, age assurance, advertising, and verifiable parental consent), as well as updates on youth privacy legislation.

3:30        Break

3:40        Risky Business: AI Ethics and the Balancing Act of Risk-Based Regulation^*

Jeffrey M. Kelly, Nelson Mullins Riley & Scarborough LLP, Raleigh
Kevin P. Lee, North Carolina Central University School of Law, Durham

Rapidly advancing AI systems are reaching every industry, and the global conversation on AI regulation is trending toward a risk-based model in the EU and some states in the U.S. This presentation guides legal professionals through the recent advancements in AI and expands upon the ethical considerations that lawyers and their clients will face as they develop and deploy AI systems.

4:40        Adjourn

* Indicates portion providing Ethics/Professional Responsibility credit
‡ Indicates portion providing Technology Training credit