The Sedona Conference Working Group 11 Annual Meeting 2023

Date: 
Thursday, May 4, 2023 - 8:30am to Friday, May 5, 2023 - 1:00pm

Location:

The Brown Palace Hotel and Spa, Denver, Colorado

The 2023 Annual Meeting of Working Group 11 on Data Security and Privacy Liability (WG11) will be held at The Brown Palace Hotel and Spa in Denver, Colorado, on Thursday-Friday, May 4-5, 2023. A welcome reception will be held in the evening of Wednesday, May 3, from 6:00-8:00 pm.

Session Information

The meeting’s primary focus will be on new drafts and brainstorming group outlines in need of WG11 member review and comment, including the following topics:

  • Incident Response Guide, Second Edition
  • Data security and privacy in healthcare
  • Exploring greater efficiencies in data breach and privacy class action litigation
  • Ransomware payments

In addition, the meeting will feature the following sessions:

  • Privacy and data security litigation update
  • AI: regulatory landscape
  • Children’s data privacy
  • WG11 town hall

Please find the timed agenda with detailed session descriptions below. Please look for an email announcement when we add dialogue leaders and biographies. 

Hotel Reservation Information

We have obtained a very favorable room rate at The Brown Palace Hotel and Spa of $229 per night (plus tax) for a limited block of rooms on the nights of May 3-4. For those who wish to arrive early, leave late, or otherwise extend their stay, the group rate is available for three nights preceding and three nights following the dates of the room block, subject to room availability. Accordingly, if you wish to book for additional nights, you should do so as soon as possible. This room block expires on April 12. Reservation information will be provided in your meeting registration confirmation email.

CLE

The Sedona Conference will seek CLE accreditation for this event in selected jurisdictions, as dictated by attendance.

WG11 Annual Meeting 2023 Agenda

Time Session Panelists
  Wednesday, May 3, 2023  
6:00 — 8:00 Welcome Reception  
  Thursday, May 4, 2023  
8:00 — 9:00 Breakfast & Sign-in  
9:00 — 9:15 Welcome & overview Drum, Weinlein
9:15 — 10:30 Incident Response Guide, Second Edition  
  A panel of WG11 drafting members will lead a dialogue with all attendees on their draft of a Second Edition of the Incident Response Guide that, among other updates, addresses: (1) international incident response in detail; (2) emerging types of incidents, including ransomware; and (3) key legislative changes since January 2020.  
10:30 — 10:45 Morning Break  
10:45 — 12:00 Data security and privacy in healthcare  
  A panel of WG11 brainstorming group members will lead a dialogue on their outline that assesses and recommends areas in the healthcare space where Sedona can develop guidance - such as model standards - to move the law foward. The brainstorming group (1) analyzed the current legal landscape concerning the scope of medical and health information and its associated privacy and security protections, and (2) assessed current legal requirements and common practices around obtaining consent for processing and use of healthcare and related information.  
12:00 — 1:00 Lunch  
1:00 — 2:15 Exploring greater efficiencies in data breach and privacy class action litigation  
  A panel of WG11 brainstorming group members will lead a dialogue on their outline that explores whether there are procedural or substantive changes to the current legal regime applicable to data breach and privacy class actions that would get such actions ripe for resolution more efficiently and cost-effectively. The panel will continue truly open dialogue exploring the strengths and weaknesses of litigation positions being taken today by both sides in data breach and privacy class actions, and how the current rules of the road might be changed to reduce litigation costs in such actions.  
2:15 — 3:30 Privacy and data security litigation update  
  The panel will lead a dialogue on some of the most important privacy and data security actions since this session was last held in October 2021. We will cover not only the most significant court decisions of the past year-and-a-half, but also court filings that raise novel claims and defenses (event if the cases themselves are pending or have settled), with the goal of bringing WG11 members up-to-the-minute on where the case law currently is - and more importantly, where it could be heading in the future.  
3:30 — 3:45 Afternoon Break  
3:45 — 5:00 WG11 town hall  
  WG11 Steering Committee members will lead a dialogue amongst the WG11 members in attendance on progress made on the work product of the Working Group, and by the Working Group as a whole. WG11 member input will be sought regarding the future direction of WG11, including ideas for existing and new commentaries and projects.  
5:00 — 7:00 Reception (guests invited)  
     
  Friday, May 5, 2023  
8:00 — 9:00 Breakfast & Sign-in  
9:00 — 10:15 AI: regulatory landscape  
 

The European Union's (EU) AI Act seeks to establish the first comprehensive regulatory scheme for artificial intelligence. The impact of the regulation - which could be adopted by the end of 2023 - will extend beyond EU borders and will have substantial impact on data governance practices and corresponding legal exposure for organizations worldwide. At the same time, other jurisdictions (e.g., UK and Canada) have prepared proposals for the regulation of AI, and in the US, a patchwork of regulation and guidance at the state and federal level is beginning to emerge. This panel will lead a dialogue on the emerging legal issues from the EU Act as well as the intersection of the regimes in different jurisdictions and explore whether there are specific privacy and data management issues that could benefit from consideration by a brainstorming group.

 
10:15 — 10:30 Morning Break  
10:30 — 11:45 Children's data privacy

 

  An estimated one of every three online users is under the age of 18. Perceived unique risks of online conduct of and content presented to minors have fostered a renewed focus on how the legal system can be leveraged and adapted to ensure the protection of children's data privacy. During the past few years, legislators, regulators, and litigants have refocused their energy on protecting children's data privacy through new laws, enforcement actions, and lawsuits. This panel will examine this evolving legal landscape and explore whether WG11 should consider a brainstorming group to address this important topic.  
11:45 — 1:00 Ransomware payments

 

  A panel of drafting team members will lead a dialogue on their progress in exploring issues related to statutory liability associated with ransomware payments, including the development of a framework for measuring that liability. The drafting team is performing an independent analysis of how and why OFAC has applied a strict liability approach in the past.  
1:00 — 2:00 Grab-and-go lunch (provided)  
Date: 
Thursday, May 4, 2023 - 8:00am to Friday, May 5, 2023 - 1:00am