| Time | Session | Panelists |
| Wednesday, May 1, 2024 | ||
| 6:00pm — 8:00pm | Evening Welcome reception | |
| Thursday, May 2, 2024 | ||
| 8:00am — 9:00am | Breakfast & Sign-in | |
| 9:00am — 9:15am | Welcome & Overview | Drum, Withers |
| 9:15am — 10:30am | Data Privacy Primer, Second Edition | |
| A panel of WG11 drafting team members will lead a dialogue with all attendees on their outline of recommended changes for a Second Edition of the Data Privacy Primer that, among other updates, (1) revises the Primer to address key U.S. federal and state legislative and regulatory changes and case law updates since its publication and 2) expands the Primer to include certain international privacy laws. | Hansen, Kemnitz, McCarthy*, Swetnam, Wagner | |
| 10:30am — 10:45am | Morning break | |
| 10:45am — 12:00pm | Online tracking | |
| Online tracking technologies increasingly present unique challenges to organizations’ legal and marketing teams as technologies evolve, compliance obligations change, and laws that have been in place for years like the Video Privacy Protection Act and two-party wiretapping statutes are being reinterpreted and tested by consumers in online marketing contexts. A panel of brainstorming group members will lead a dialogue on their outline proposing principles to help guide compliance and consistency in this area looking toward further development of these as part of a potential Commentary. | Baxter-Kauf, Hatcher, Matus, Posedel, Sterling* | |
| 12:00pm — 1:00pm | Lunch | |
| 1:00pm — 2:00pm | WG11 town hall | |
| WG11 Steering Committee members will lead a dialogue amongst the WG11 members in attendance on progress made on the work product of the Working Group, and by the Working Group as a whole. WG11 member input will be sought regarding the future direction of WG11, including ideas for existing and new commentaries and projects. In addition, Steering Committee member Alex White, who serves as Bermuda’s first Privacy Commissioner, will provide an update on his office’s latest efforts to ensure compliance with Bermuda’s Personal Information Protection Act. He will also share some highlights from the Global Privacy Assembly, an annual meeting of global data protection authorities that was held in Bermuda this past fall. | Baxter-Kauf, Drum*, Kemnitz, McCarthy, Meal, Moncure, Murphy, Shook, White | |
| 2:00pm — 3:15pm | Draft Commentary on the Privacy and Security of Emerging Health Data | |
| The panel will lead a dialogue on the current state of the proposed Commentary, which has pivoted to developing a proposed new legislative framework to address privacy and security in health data. The prior draft Commentary addressed whether HIPAA adequately covers consumer health data and non-traditional health data uses, given HIPAA’s focus on healthcare providers that bill insurance, the proliferation of health data generated outside of the traditional medical and insurance fields, and the innovative new uses of health data in which companies are engaging. The drafting team, in conjunction with the Steering Committee, is considering building upon the existing outline while also developing a proposed legislative framework to address the proliferation of health data, including from a privacy and security standpoint. | Brady, McCarthy, Romine*, Vibbert | |
| 3:15pm — 3:30pm | Afternoon break | |
| 3:30pm — 5:00pm | Privacy and data security legislative and regulatory update | |
| The panel will lead a dialogue on important updates in the U.S. federal legislative and regulatory space. It will also focus on important updates in U.S. state legislative and enforcement activity, focusing particularly on the enhanced consumer privacy laws set to take effect. | Chand, Jou, Macko, Murphy*, Swetnam | |
| 5:00pm — 7:00pm | Reception (guests invited) | |
| Friday, May 3, 2024 | ||
| 8:00am — 9:00am | Breakfast & sign-in | |
| 9:0am — 10:15 | Practical approaches to incident response in 2024 | |
| Tabletop exercises are a crucial tool to test incident response plans in simulated data breach scenarios. In this panel, dialogue leaders will address a simulated security incident and discuss how key stakeholders including organizations, their business teams, counsel, and forensic investigators can prepare for and respond to a data breach. During the tabletop, dialogue leaders will reference and utilize WG11’s draft Incident Response Guide, Second Edition, which provides updated guidance for organizations and practitioners as they navigate and adapt to rapidly evolving technologies and an expanding threat landscape. | Falk, Gyasi, Jorgensen, Moncure*, Promislow | |
| 10:15am — 10:30am | Morning break | |
| 10:30am — 11:45am | Privacy and data security litigation update | |
| The panel will lead a dialogue on not only the most significant court decisions regarding privacy and data security in the past year, but also court filings that raise novel claims and defenses (even if the cases themselves are pending or have settled), with the goal of bringing WG11 members up-to-the-minute on where the case law currently is – and more importantly, where it could be heading in the future. | Blanchard, Keller*, May, Tostrud, Yovanic | |
| 11:45am — 1:00pm | Legal implications of artificial intelligence in automated decision-making | |
| Generative AI presents an opportunity for more automated decision-making use cases than many privacy laws accounted for at the time they were enacted. A panel of brainstorming group members will lead a dialogue on their updated outline analyzing privacy issues related to use of AI in automated decision-making, particularly focused on how laws in this space can strike the appropriate balance between automated analysis and human oversight. | Ackert, Dalziel, Korolyov, Polenberg, Sella-Villa* | |
| 1:pm — 2:00pm | Grab & go lunch (provided) |
*Panel Moderator
Date:
Thursday, May 2, 2024 - 8:00am to Friday, May 3, 2024 - 2:00pm