Advising Clients on AI Chatbot Deployment: Privacy, Consumer Protection, and High-Risk Use Cases in 2026

Amber C. Thomson, Partner | Mayer Brown LLP

Amber C. Thomson is a partner in Mayer Brown’s Washington DC office, where she counsels private equity firms, financial institutions, retailers, and technology companies on complex and cutting-edge cybersecurity and privacy matters. Her practice pairs deep regulatory knowledge with a practical, business-focused approach to risk management, spanning compliance counseling, incident response, and data breach litigation. Amber has developed a particular focus on children’s privacy, advising developers of online services, mobile applications, connected devices, and educational technologies on the rapidly evolving rules governing minors’ data. Clients rely on her subject-matter depth and her ability to translate intricate legal obligations into actionable, real-world guidance.

• Education & Credentials

Amber earned her J.D., cum laude, from Howard University School of Law and holds a B.S. from Old Dominion University. She is admitted to practice in the District of Columbia and Maryland. She is also a Certified AI Governance Professional (AIGP), credentialed through the International Association of Privacy Professionals (IAPP).

• Recognition & Leadership

Recognized as a Certified AI Governance Professional, Amber is among the practitioners formally credentialed to advise on the governance of artificial intelligence systems. Within Mayer Brown, she holds significant leadership roles, serving as co-chair of the firm’s Black Lawyers Affinity Group and co-chair of the firm’s Women’s Forum. She is also a member of the firm’s AI Task Force and its Recruiting Committee, contributing to both the firm’s substantive AI capabilities and its talent development.

• Professional Involvement

Amber is actively engaged across the bar and the broader legal community. She serves as Treasurer of the Privacy, Cybersecurity & Technology Section of the National Bar Association and as a Leadership Advisory Committee Member of the National Association of Women Lawyers. She is the founder of Lesbian Lawyers of Color and a member of the National LGBTQ+ Bar Association. Her prior service includes board positions with Ms. JD and The Associates’ Committee, participation in the Leadership Council on Legal Diversity’s Pathfinder Program, and a term as Secretary of the LCLD Alumni Executive Council. Amber is a frequent speaker and author on privacy and cybersecurity topics, with recent presentations on the future of children’s privacy and on state consumer protection enforcement, and published commentary on developments such as Oklahoma’s comprehensive consumer data privacy law and Colorado’s evolving AI policy framework. She regularly provides executive and board-level training on incident response, privacy compliance, and children’s privacy obligations.

• Experience

Amber advises clients across the full lifecycle of privacy and cybersecurity risk. On the compliance side, she helps organizations assess and implement programs addressing US state comprehensive privacy laws, CPRA, HIPAA, TCPA, PCI DSS, CAN-SPAM, and GDPR. Her children’s privacy work includes designing youth-specific data governance frameworks, building age verification and parental consent mechanisms, and guiding product assessments involving children’s data, profiling, and targeted advertising under COPPA, state children’s privacy laws, and age-appropriate design requirements. She has guided private equity firms and their portfolio companies through state privacy law compliance and counseled retailers, financial institutions, healthcare companies, and manufacturers on CCPA/CPRA obligations, while also conducting privacy due diligence for clients including major manufacturers and private equity firms. Amber’s incident response experience spans deepfakes, business email compromise, and double- and triple-extortion ransomware attacks, guiding clients from investigation and containment through remediation and notification. She has led response efforts for a major fast food chain navigating a nationwide payment card breach, a wire and cable manufacturer facing a double-extortion ransomware attack, a multinational aviation company managing a board-level breach investigation, and a health plan responding to the MOVEit-related breach. She has also conducted dozens of cybersecurity tabletop exercises and preparedness assessments across industries. On the litigation front, Amber has represented one of the largest US credit unions in class-action data breach litigation, defended a multinational technology company in state court matters, and pursued claims against the hackers behind a ransomware attack on a manufacturing client.

Zandra L. Robinson, Senior Legal Counsel & Security Third-Party Risk Management Program Manager | Dell Technologies

Zandra L. Robinson is a corporate attorney whose practice sits at the intersection of security, privacy, data governance, and responsible AI. As Senior Legal Counsel and Security Third-Party Risk Management (TPRM) Program Manager at Dell Technologies, she leads global vendor risk strategy for one of the world’s largest technology companies. Known for helping organizations move decisively in high-stakes environments, Zandra translates complex legal and technical risk into a clear path forward the business can act on immediately — enabling speed, accountability, and defensible decision-making at scale. Her work increasingly centers on the responsible integration of AI into the legal function, scaling legal capacity through AI-enabled workflows and helping move organizations from AI experimentation to enterprise capability.

• Education & Credentials

Zandra is admitted to practice in Texas. She earned her Juris Doctor from the University of Arkansas School of Law, Fayetteville, where she was a Fellow of the Council on Legal Education Opportunity (CLEO), and holds a Bachelor of Arts in Corporate Communications from Southern Methodist University.

• Recognition & Leadership

Zandra has earned notable recognition within the corporate counsel community. She was selected by the Corporate Counsel Business Journal as one of its “50 Women to Watch,” honoring emerging legal leaders shaping the future of corporate counsel practice. She has twice received Dell Technologies’ Game-Changer Award — once recognizing her contributions to integrating AI into legal practice, and once as the highest recognition conferred by the General Counsel within the Dell Legal Department, for her work as lead counsel to Virtustream, Dell’s cloud-infrastructure subsidiary, through its transformation, divestiture, and operational transitions. In the broader profession, she serves as Co-Lead of the CCWC® AI + Legal Tech + Innovation Advisory Council and as Co-Chair of the Corporate Counsel Women of Color National Advisory Council, a select group of senior in-house counsel, law firm partners, and legal-tech innovators guiding strategic initiatives across the legal profession.

• Professional Involvement

Zandra is active across professional and community organizations and contributes to the field as a published author and speaker. She authored “The Hidden Exposure in Your Supply Chain: What Corporate Counsel Need to Know About Vendor Risk,” published in Circuits, the journal of the State Bar of Texas Computer & Technology Section. She serves on the CCWC Data Privacy & Cybersecurity Subcommittee, contributing thought leadership and cross-industry collaboration on emerging privacy, data governance, and cybersecurity issues, and participates in national working groups focused on best practices and counsel readiness. She is a member of the National Contract Management Association and an active member of The New Roundtable, a nonprofit advancing African-American women attorneys through networking, professional development, and mentorship in the Dallas legal community. She has also shared her expertise on industry stages, including appearing as a speaker at Legalweek New York while serving as PepsiCo’s Legal Director for IT & Privacy.

• Experience

Zandra brings more than a decade and a half of in-house and legal experience across technology, consumer products, and the public interest sector. She has served at Dell Technologies since February 2021, where she leads the company’s security third-party risk management program and counsels on global cybersecurity, IT, and compliance matters. Earlier, at PepsiCo, she held the dual role of Director, Legal & Privacy Counsel and Global Director, Information Technology Legal, addressing legal and privacy issues related to information technology on a global scale, along with global IP responsibilities. Before that, she was a Contracts Negotiator and Business Practices Manager within Oracle’s public-sector consulting services group. Her earlier career includes legal and analyst roles at The Pew Charitable Trusts and Hogan Lovells, along with clerkships with the Texas Attorney General’s office and the Federal Trade Commission. Her practice focus spans third-party and vendor risk management, data privacy and cybersecurity compliance, IT and IP counseling, and the governance questions surrounding enterprise use of artificial intelligence.

Marissa Edmund, State Policy Lead | Family Online Safety Institute

Marissa Edmund is a tech policy professional specializing in children’s online safety and the fast-moving state legislative agenda shaping it. As State Policy Lead at the Family Online Safety Institute (FOSI), she works with the policy team to monitor emerging issues in technology policy and contributes her policy and research expertise toward making the online world safer for children and families. Her career reflects a sustained commitment to family safety — spanning online child protection, gun violence prevention, and domestic violence policy — and she has become a recognizable voice in the national conversation over how states are stepping in to protect young people online.

• Education & Credentials

Marissa holds a Master of Public Policy and Management from the University of Pittsburgh and a Bachelor of Arts in Political Science from the University of Maryland, Baltimore County (UMBC).

• Recognition & Leadership

Marissa was selected as a member of the 2024 class of Foundry Fellows with the Internet Law & Policy Foundry, a program recognizing emerging leaders in technology law and policy. At FOSI, she has advanced quickly from Policy Coordinator to Policy Specialist to State Policy Lead, now directing the organization’s state policy work at a moment when state legislatures have become the primary arena for online-safety lawmaking. In that role she represents the Institute — whose membership includes more than 30 leading telecommunications, social media, cybersecurity, gaming, and internet companies — in high-profile state policy discussions across the country.

• Professional Involvement

Marissa is an active speaker, moderator, and commentator on children’s online safety. At FOSI’s 2025 Annual Conference, she moderated “Patchwork or Progress: Online Safety in the States,” a panel examining how children’s online safety approaches vary across the country, alongside representatives from ITIF, the Knight-Georgetown Institute, the Center for Democracy and Technology, and the National Conference of State Legislatures. She has also represented FOSI at its “Briefs the States” events, including a Sacramento program on California’s online safety legislation featuring Assemblymember Buffy Wicks. As an author, she has contributed analysis on emerging issues such as the coming wave of child influencer regulation and the protections owed to minors whose childhoods become online content. Earlier in her career she authored or contributed to policy publications including “Weak Gun Laws Are Harmful to Women and Survivors of Domestic Violence,” “Gun Violence Disproportionately and Overwhelmingly Hurts Communities of Color,” and “Guns and Violence Against Women: A Summary of Key Challenges and Solutions.”

• Experience

Marissa brings a policy career grounded in research, advocacy, and direct legislative engagement. She has been at the Family Online Safety Institute since April 2023, rising from Policy Coordinator to Policy Specialist before assuming her current role as State Policy Lead in January 2025. Before joining FOSI, she spent two years at the Center for American Progress as Senior Policy Analyst for Gun Violence Prevention, focusing heavily on gender-based and domestic violence. Earlier, as Public Policy Coordinator at the National Network to End Domestic Violence, she pursued her commitment to family safety by conducting research, engaging the organization’s membership, and educating lawmakers on ways to support survivors of domestic violence. Across these roles, her work has centered on translating research into actionable policy and helping lawmakers understand the real-world stakes of the issues before them — expertise she now applies to the protection of children and families in the digital world.

Megan P. Von Klein, Associate | Mayer Brown LLP

Megan P. Von Klein is an associate in Mayer Brown’s Chicago office who advises clients on privacy, cybersecurity, and artificial intelligence compliance. She brings deep experience under the CCPA, GDPR, and other U.S. and international frameworks, helping companies build and scale global data governance programs and counseling them on product design, regulatory strategy, and risk management. Having completed secondments with a major social network, a leading cloud provider, and a global media and entertainment company, Megan understands in-house priorities firsthand and is known for delivering clear, timely guidance to cross-functional teams operating in fast-moving technology environments.

• Education & Credentials

Megan earned her J.D. from Washington University, where she served as Editor-in-Chief of the Washington University Jurisprudence Review. She holds a B.A., cum laude, and an M.A., both from Saint Louis University. She is admitted to practice in Illinois and is a Certified Information Privacy Professional in both the U.S. and European concentrations (CIPP/US, CIPP/E).

• Recognition & Leadership

Megan’s leadership credentials trace back to law school, where she was selected as Editor-in-Chief of the Washington University Jurisprudence Review and served as a judicial extern to the Honorable Shirley Padmore Mensah, U.S. Magistrate Judge for the Eastern District of Missouri. Her professional standing is reinforced by her dual CIPP/US and CIPP/E certifications, which mark her as a credentialed specialist in both American and European privacy law. Through her pro bono work, she has secured meaningful relief for multiple clients under Special Immigrant Juvenile Status and the Convention Against Torture.

• Professional Involvement

Megan is an active contributor to the privacy and cybersecurity community as an author and speaker. Her recent publications include “Oklahoma Enacts Comprehensive Consumer Data Privacy Law” and the firm’s “Global Privacy Watchlist,” and she participated in the Mayer Brown CLE/CPD program “The Future of Children’s Privacy: Emerging Developments Every Company Should Watch.” She maintains an active pro bono practice focused on immigration, asylum, and LGBTQ+ civil rights, reflecting a sustained commitment to service alongside her commercial practice.

• Experience

Megan’s practice spans the full lifecycle of privacy, cybersecurity, and technology matters. On the compliance side, she builds and scales global data governance programs and counsels clients on product design, regulatory strategy, and risk management under the CCPA, GDPR, and other regimes. She guides clients through cybersecurity incident response and investigations — from containment and remediation to regulator engagement and breach notification. Her transactional work includes drafting and negotiating software and cloud licenses, data processing agreements, and services agreements. Megan’s secondments with a major social network, a leading cloud provider, and a global media and entertainment company give her a practical, business-minded perspective on how privacy and technology issues play out inside client organizations.

SESSION 1 – The Chatbot Privacy Trap: Notice, Consent, Minimization | 1:00pm – 1:30pm

Chatbot deployments trigger layered privacy obligations under CIPA, California’s 2026 CPRA/ADMT regulations, and a widening patchwork of state laws. Attorneys gain a framework for auditing vendor data practices, structuring defensible disclosures, and documenting minimization decisions that withstand scrutiny and discovery.

SESSION 2 – Vendor Risk and Wiretapping: Structuring Chatbot Contracts | 1:30pm – 2:00pm

Deploying third-party chatbot vendors creates wiretapping liability under CIPA and analogous state statutes. Attorneys learn how courts apply the eavesdropper theory, where standard vendor contracts leave deployers exposed, and which clauses shift that exposure across nested sub-processors.

BREAK | 2:00pm – 2:10pm

SESSION 3 – Chatbot Outputs and Consumer Protection Obligations | 2:10pm – 2:40pm

Companies answer for what their chatbots say. Drawing on Moffatt v. Air Canada and FTC Operation AI Comply, attorneys learn to audit outputs, draft disclaimers limiting apparent authority, and map disclosure duties across California, Colorado, Maine, and Utah.

SESSION 4 – High-Risk Chatbot Use Cases: Children and Mental Health | 2:40pm – 3:10pm

Chatbots reaching minors or drifting into mental-health territory expose clients to wrongful death and product liability claims. Attorneys learn the updated COPPA rule, California SB 243 duties, FDA device-classification risk, and structural safeguards that reduce liability.