Advising Clients on AI Chatbot Deployment: Privacy, Consumer Protection, and High-Risk Use Cases in 2026

Amber C. Thomson
Amber C. Thomson
Mayer Brown LLP

Amber C. Thomson is a partner in Mayer Brown's Washington DC office, where she counsels private equity firms, financial institutions, retailers, and technology companies on complex and cutting-edge cybersecurity and privacy matters.

Zandra L. Robinson
Zandra L. Robinson
Dell Technologies

Zandra L. Robinson is a corporate attorney whose practice sits at the intersection of security, privacy, data governance, and responsible AI. As Senior Legal Counsel and Security Third-Party Risk Management (TPRM) Program Manager at Dell Technologies, she leads global vendor risk strategy for one of the world's largest technology companies.

Live Video-Broadcast: July 8, 2026

2 hour CLE

Tuition: $195.00
Subscribe to Federal Bar Association CLE Pass...
Co-Sponsored by myLawCLE
Get this course, plus over 1,000+ of live webinars.
Learn More
Training 5 or more people?

Sign-up for a law firm subscription plan and each attorney in the firm receives free access to all CLE Programs

Program Summary

AI chatbots now sit on client websites, service platforms, and internal workflows — and every deployment triggers privacy, wiretapping, consumer-protection, and product-liability exposure that the business decision never accounted for.

The forces converged in 2026: California’s January CPRA/ADMT regulations took effect, the CIPA wiretapping suits multiplied against deployers, the FTC pressed Operation AI Comply with algorithmic disgorgement, COPPA’s revised rule landed on April 22, and SB 243 imposed affirmative duties on chatbots reaching minors. Any attorney advising a client that runs a customer-facing or internal bot is already exposed — and standard vendor templates and boilerplate disclosures collapse under these theories.

This session delivers layered notice and consent frameworks, defensible data-minimization records, vendor clauses that address the eavesdropper theory and nested sub-processors, the Moffatt apparent-authority analysis, and a state disclosure map across California, Colorado, Maine, and Utah. You will leave able to audit and redline AI vendor contracts and counsel clients before plaintiffs and regulators find the gaps.

What Will You Learn

Attorneys will learn how CIPA, CPRA/ADMT, and state privacy laws, vendor wiretapping liability, chatbot-output liability, and high-risk use cases involving minors and mental health govern chatbot deployments.

What Will You Gain

Attendees will gain working frameworks for auditing vendor data practices, redlining chatbot vendor contracts, structuring disclosures, and counseling clients on substantiating AI capability claims and reducing liability.

Key topics to be discussed:

  • Privacy patchwork
    CIPA, CPRA/ADMT, and state privacy laws create compounding compliance obligations for chatbot deployments.
  • Notice architecture
    Structuring layered disclosures that satisfy regulators across jurisdictions where consent frameworks fall short.
  • Wiretapping exposure
    Courts apply CIPA and the eavesdropper theory to third-party chatbot vendor deployments.
  • Vendor contracts
    Drafting and negotiating critical clauses in chatbot vendor agreements addressing nested sub-processors.
  • Company speech
    Moffatt framework and apparent authority govern liability for company chatbot statements.
  • High-risk use
    Wrongful death and product liability claims against operators whose chatbots reach minors.

This course is co-sponsored with myLawCLE.

Date / Time: July 8, 2026

  • 1:00 pm – 3:10 pm Eastern
  • 12:00 pm – 2:10 pm Central
  • 11:00 am – 1:10 pm Mountain
  • 10:00 am – 12:10 pm Pacific

Closed-captioning available

Speakers

Amber C. Thomson, Partner | Mayer Brown LLP

Amber C. Thomson is a partner in Mayer Brown’s Washington DC office, where she counsels private equity firms, financial institutions, retailers, and technology companies on complex and cutting-edge cybersecurity and privacy matters. Her practice pairs deep regulatory knowledge with a practical, business-focused approach to risk management, spanning compliance counseling, incident response, and data breach litigation. Amber has developed a particular focus on children’s privacy, advising developers of online services, mobile applications, connected devices, and educational technologies on the rapidly evolving rules governing minors’ data. Clients rely on her subject-matter depth and her ability to translate intricate legal obligations into actionable, real-world guidance.

  • Education & Credentials

Amber earned her J.D., cum laude, from Howard University School of Law and holds a B.S. from Old Dominion University. She is admitted to practice in the District of Columbia and Maryland. She is also a Certified AI Governance Professional (AIGP), credentialed through the International Association of Privacy Professionals (IAPP).

  • Recognition & Leadership

Recognized as a Certified AI Governance Professional, Amber is among the practitioners formally credentialed to advise on the governance of artificial intelligence systems. Within Mayer Brown, she holds significant leadership roles, serving as co-chair of the firm’s Black Lawyers Affinity Group and co-chair of the firm’s Women’s Forum. She is also a member of the firm’s AI Task Force and its Recruiting Committee, contributing to both the firm’s substantive AI capabilities and its talent development.

  • Professional Involvement

Amber is actively engaged across the bar and the broader legal community. She serves as Treasurer of the Privacy, Cybersecurity & Technology Section of the National Bar Association and as a Leadership Advisory Committee Member of the National Association of Women Lawyers. She is the founder of Lesbian Lawyers of Color and a member of the National LGBTQ+ Bar Association. Her prior service includes board positions with Ms. JD and The Associates’ Committee, participation in the Leadership Council on Legal Diversity’s Pathfinder Program, and a term as Secretary of the LCLD Alumni Executive Council. Amber is a frequent speaker and author on privacy and cybersecurity topics, with recent presentations on the future of children’s privacy and on state consumer protection enforcement, and published commentary on developments such as Oklahoma’s comprehensive consumer data privacy law and Colorado’s evolving AI policy framework. She regularly provides executive and board-level training on incident response, privacy compliance, and children’s privacy obligations.

  • Experience

Amber advises clients across the full lifecycle of privacy and cybersecurity risk. On the compliance side, she helps organizations assess and implement programs addressing US state comprehensive privacy laws, CPRA, HIPAA, TCPA, PCI DSS, CAN-SPAM, and GDPR. Her children’s privacy work includes designing youth-specific data governance frameworks, building age verification and parental consent mechanisms, and guiding product assessments involving children’s data, profiling, and targeted advertising under COPPA, state children’s privacy laws, and age-appropriate design requirements. She has guided private equity firms and their portfolio companies through state privacy law compliance and counseled retailers, financial institutions, healthcare companies, and manufacturers on CCPA/CPRA obligations, while also conducting privacy due diligence for clients including major manufacturers and private equity firms. Amber’s incident response experience spans deepfakes, business email compromise, and double- and triple-extortion ransomware attacks, guiding clients from investigation and containment through remediation and notification. She has led response efforts for a major fast food chain navigating a nationwide payment card breach, a wire and cable manufacturer facing a double-extortion ransomware attack, a multinational aviation company managing a board-level breach investigation, and a health plan responding to the MOVEit-related breach. She has also conducted dozens of cybersecurity tabletop exercises and preparedness assessments across industries. On the litigation front, Amber has represented one of the largest US credit unions in class-action data breach litigation, defended a multinational technology company in state court matters, and pursued claims against the hackers behind a ransomware attack on a manufacturing client.

 

Zandra L. Robinson, Senior Legal Counsel & Security Third-Party Risk Management Program Manager | Dell Technologies

Zandra L. Robinson is a corporate attorney whose practice sits at the intersection of security, privacy, data governance, and responsible AI. As Senior Legal Counsel and Security Third-Party Risk Management (TPRM) Program Manager at Dell Technologies, she leads global vendor risk strategy for one of the world’s largest technology companies. Known for helping organizations move decisively in high-stakes environments, Zandra translates complex legal and technical risk into a clear path forward the business can act on immediately — enabling speed, accountability, and defensible decision-making at scale. Her work increasingly centers on the responsible integration of AI into the legal function, scaling legal capacity through AI-enabled workflows and helping move organizations from AI experimentation to enterprise capability.

  • Education & Credentials

Zandra is admitted to practice in Texas. She earned her Juris Doctor from the University of Arkansas School of Law, Fayetteville, where she was a Fellow of the Council on Legal Education Opportunity (CLEO), and holds a Bachelor of Arts in Corporate Communications from Southern Methodist University.

  • Recognition & Leadership

Zandra has earned notable recognition within the corporate counsel community. She was selected by the Corporate Counsel Business Journal as one of its “50 Women to Watch,” honoring emerging legal leaders shaping the future of corporate counsel practice. She has twice received Dell Technologies’ Game-Changer Award — once recognizing her contributions to integrating AI into legal practice, and once as the highest recognition conferred by the General Counsel within the Dell Legal Department, for her work as lead counsel to Virtustream, Dell’s cloud-infrastructure subsidiary, through its transformation, divestiture, and operational transitions. In the broader profession, she serves as Co-Lead of the CCWC® AI + Legal Tech + Innovation Advisory Council and as Co-Chair of the Corporate Counsel Women of Color National Advisory Council, a select group of senior in-house counsel, law firm partners, and legal-tech innovators guiding strategic initiatives across the legal profession.

  • Professional Involvement

Zandra is active across professional and community organizations and contributes to the field as a published author and speaker. She authored “The Hidden Exposure in Your Supply Chain: What Corporate Counsel Need to Know About Vendor Risk,” published in Circuits, the journal of the State Bar of Texas Computer & Technology Section. She serves on the CCWC Data Privacy & Cybersecurity Subcommittee, contributing thought leadership and cross-industry collaboration on emerging privacy, data governance, and cybersecurity issues, and participates in national working groups focused on best practices and counsel readiness. She is a member of the National Contract Management Association and an active member of The New Roundtable, a nonprofit advancing African-American women attorneys through networking, professional development, and mentorship in the Dallas legal community. She has also shared her expertise on industry stages, including appearing as a speaker at Legalweek New York while serving as PepsiCo’s Legal Director for IT & Privacy.

  • Experience

Zandra brings more than a decade and a half of in-house and legal experience across technology, consumer products, and the public interest sector. She has served at Dell Technologies since February 2021, where she leads the company’s security third-party risk management program and counsels on global cybersecurity, IT, and compliance matters. Earlier, at PepsiCo, she held the dual role of Director, Legal & Privacy Counsel and Global Director, Information Technology Legal, addressing legal and privacy issues related to information technology on a global scale, along with global IP responsibilities. Before that, she was a Contracts Negotiator and Business Practices Manager within Oracle’s public-sector consulting services group. Her earlier career includes legal and analyst roles at The Pew Charitable Trusts and Hogan Lovells, along with clerkships with the Texas Attorney General’s office and the Federal Trade Commission. Her practice focus spans third-party and vendor risk management, data privacy and cybersecurity compliance, IT and IP counseling, and the governance questions surrounding enterprise use of artificial intelligence.

Agenda

SESSION 1 – The Chatbot Privacy Trap: Notice, Consent, Minimization | 1:00pm – 1:30pm

Chatbot deployments trigger layered privacy obligations under CIPA, California’s 2026 CPRA/ADMT regulations, and a widening patchwork of state laws. Attorneys gain a framework for auditing vendor data practices, structuring defensible disclosures, and documenting minimization decisions that withstand scrutiny and discovery.

SESSION 2 – Vendor Risk and Wiretapping: Structuring Chatbot Contracts | 1:30pm – 2:00pm

Deploying third-party chatbot vendors creates wiretapping liability under CIPA and analogous state statutes. Attorneys learn how courts apply the eavesdropper theory, where standard vendor contracts leave deployers exposed, and which clauses shift that exposure across nested sub-processors.

BREAK | 2:00pm – 2:10pm

SESSION 3 – Chatbot Outputs and Consumer Protection Obligations | 2:10pm – 2:40pm

Companies answer for what their chatbots say. Drawing on Moffatt v. Air Canada and FTC Operation AI Comply, attorneys learn to audit outputs, draft disclaimers limiting apparent authority, and map disclosure duties across California, Colorado, Maine, and Utah.

SESSION 4 – High-Risk Chatbot Use Cases: Children and Mental Health | 2:40pm – 3:10pm

Chatbots reaching minors or drifting into mental-health territory expose clients to wrongful death and product liability claims. Attorneys learn the updated COPPA rule, California SB 243 duties, FDA device-classification risk, and structural safeguards that reduce liability.

Credits

Alaska

Approved for CLE Credits
2 General

Our programs are CLE-eligible through Alaska’s recognition of multi-jurisdictional reciprocity.
Alabama

Approved for CLE Credits
2 General

Arkansas

Approved for CLE Credits
2 General

Arizona

Approved for CLE Credits
2 General

California

Approved for CLE Credits
2 General

Colorado

Pending CLE Approval
2 General

Connecticut

Approved for CLE Credits
2 General

District of Columbia

No MCLE Required
2 CLE Hour(s)

Delaware

Pending CLE Approval
2 General

Florida

Approved for CLE Credits
2.5 General

Georgia

Pending CLE Approval
2 General

Hawaii

Approved for CLE Credits
2 General

Iowa

Pending CLE Approval
2 General

Idaho

Pending CLE Approval
2 General

Illinois

Approved for CLE Credits
2 General

Indiana

Pending CLE Approval
2 General

Kansas

Pending CLE Approval
2 Substantive

Kentucky

Pending CLE Approval
2 General

Louisiana

Pending CLE Approval
2 General

Massachusetts

No MCLE Required
2 CLE Hour(s)

Maryland

No MCLE Required
2 CLE Hour(s)

Maine

Pending CLE Approval
2 General

Michigan

No MCLE Required
2 CLE Hour(s)

Minnesota

Pending CLE Approval
2 General

Missouri

Approved for CLE Credits
2.4 General

Mississippi

Pending CLE Approval
2 General

Montana

Pending CLE Approval
2 General

North Carolina

Pending CLE Approval
2 General

North Dakota

Approved for CLE Credits
2 General

Our programs are CLE-eligible through North Dakota’s recognition of multi-jurisdictional reciprocity. Section 1, Policy 1.14
Nebraska

Pending CLE Approval
2 General

myLawCLE reports attendance to Nebraska on each attorney’s behalf for all programs. Please do not self-report.
New Hampshire

Approved for CLE Credits
120 General minutes

As of July 1, 2014, the NHMCLE Board no longer provides pre- or post-approval of courses. Attendees must self-determine whether a program is eligible for credit, and self-report their attendance online at www.nhbar.org, based on qualification provisions of Rule 53.
New Jersey

Approved for CLE Credits
2.4 General

Our programs are CLE-eligible through New Jersey’s recognition of multi-jurisdictional reciprocity, except for the courses required under BCLE Reg. 201:2
New Mexico

Approved for CLE Credits
2 General

Nevada

Pending CLE Approval
2 General

New York

Approved for CLE Credits
2 General

Our programs are CLE-eligible through New York’s Approved Jurisdiction Group “B”.
Ohio

Approved for CLE Credits
2 General

Oklahoma

Pending CLE Approval
2.5 General

Oregon

Pending CLE Approval
2 General

Pennsylvania

Approved for CLE Credits
2 General

Rhode Island

Pending CLE Approval
2.5 General

South Carolina

Pending CLE Approval
2 General

South Dakota

No MCLE Required
2 CLE Hour(s)

Tennessee

Approved for CLE Credits
2 General

Texas

Approved for CLE Credits
2 General

Utah

Pending CLE Approval
2 General

Virginia

Not Eligible
2 General Hours

Vermont

Approved for CLE Credits
2 General

Washington

Approved via Attorney Submission
2 Law & Legal Hours

Receive CLE credit in Washington via attorney submission.
Wisconsin

Pending CLE Approval
2 General

West Virginia

Pending CLE Approval
2.4 General

Wyoming

Pending CLE Approval
2 General

More CLE Webinars
Upcoming CLE Webinars
A, B, C’s of Revocable and Irrevocable Trusts
A, B, C’s of Revocable and Irrevocable Trusts Thu, July 9, 2026
On-Demand
Live Replay
Branding for Firms: Ethics & Strategy
Branding for Firms: Ethics & Strategy Thu, July 16, 2026
Live Webcast
Using AI in Your Law Practice: A Step-by-Step Guide
Using AI in Your Law Practice: A Step-by-Step Guide Wed, July 22, 2026
On-Demand
Live Replay
iPad for Lawyers: The Complete Mobile Practice Toolkit
iPad for Lawyers: The Complete Mobile Practice Toolkit Thu, July 23, 2026
On-Demand
Live Replay