A variety of laws directly or indirectly create obligations for organizational data security practices. In the U.S., these include GLBA, the FTC Act, new U.S. Securities Act cybersecurity disclosure requirements, HIPAA HiTech and even U.S. state laws such as NY DFS 500. In the EU, these include GDPR, the Network and Information Security Directive 2 and DORA, among many others.
Recent activities have shown potential for some data security failures to create individual liability for senior officials: e.g., the prosecution of Uber CISO Joseph Sullivan, the SEC charge against Solar Winds CISO Tim Brown, and U.S. Senator Ron Wyden’s letter requesting the SEC and FTC to investigate and hold senior United Health Group officials accountable for a recent breach.
The brainstorming group will explore: whether it is useful to develop a paper identifying the legal basis for data security failures that could lead to individual liability (whether civil or criminal); whether the liability is unique to data security obligations or derived from general management or fiduciary responsibilities; differences in the application of the requirements (i.e., is accountability based upon specific knowledge, intent or negligence); and whether there should be guidelines to help individuals protect against such liability.
Brainstorming group members will be expected to actively participate in regularly scheduled phone conferences to brainstorm on work product ideas. Members will also be expected to participate in the drafting of a detailed outline that allows a subsequent drafting team to prepare work product consistent with standards of The Sedona Conference.
In order to apply for the brainstorming group, you must be a member of WG11. If you are interested in applying for the brainstorming group, but are not yet a member of WG11, please become a member by signing up for a Working Group Series (WGS) membership. Once a WGS member, one is eligible to take part in the activities of all Working Groups, including WG6. If you have any questions about how to sign up for a membership or encounter any difficulties while doing so, please contact our office at [email protected] or +1(602) 258-4910.
In order to be considered for the brainstorming group, please complete the questionnaire found here and submit no later than 9:00 am EDT on Tuesday, August 6, 2024.