The Sedona Conference Working Group 11 Midyear Meeting 2019

Date: 
Wednesday, September 18, 2019 - 8:45am to Thursday, September 19, 2019 - 1:00pm

Location:
Four Seasons Hotel
Montreal, QC, Canada

The 2019 Midyear Meeting of Working Group 11 will be held at the Four Seasons Hotel, in Montreal, QC, on Wednesday-Thursday, September 18-19, 2019. A welcome reception will be held on the evening of Tuesday, September 17, from 6-8 pm.

The meeting’s main focus will be on new drafts and brainstorming group outlines in need of WG11 member review and comment, including the following topics:

  • Proactive privacy and security governance: Complying with global data privacy and security regulations
  • The California Consumer Privacy Act (CCPA): Defining and measuring statutory damages under U.S. privacy laws
  • Artificial Intelligence (AI) model transparency: Core principles in promoting transparency of AI and algorithms
  • Model data breach notification principles

In addition, the meeting will feature the following sessions:

  • Data security and privacy case law update
  • Government agency roundtable
  • Examining proposals for data transfers out of Canada

Please find the complete agenda, with session descriptions, below. Dialogue leaders can also be found below.

Hotel Room Information

We have obtained a very favorable room rate for WG11 members of $345 CAD (approx. $259 USD) per night, plus tax. For those who want to arrive early or extend their stay, the favorable room rate is available for three nights preceding and three nights following the meeting but subject to availability, so please book early. Our room block expires on August 25, 2019. After that date, room availability is not guaranteed. Complete hotel reservation details will be provided with your meeting registration confirmation.

Dialogue Leaders

iDiscovery Solutions
iDS

Washington, DC, USA

Office of the Colorado Attorney General

Denver, CO, USA

University of Maryland, College of Information Studies

Washington, D.C., USA

Hunton Andrews Kurth LLP

Richmond, VA, USA

Dorsey & Whitney LLP

Minneapolis, MN, USA

HALOCK Security Labs

Schaumburg, IL, USA

Chaiken Ghali LLP

Atlanta, GA, USA

The Sylint Group

Sarasota, FL, USA

DiCello Levitt LLP

Chicago, IL, USA

Littler Mendelson P.C.

Minneapolis, MN, USA

Davis Polk & Wardwell LLP

New York, NY, USA

Federal Trade Commission, Division of Privacy and Information Protection

Montpelier, VT, USA

Affinity Solutions

Tuxedo Park, NY, USA

Cleary Gottlieb Steen & Hamilton LLP

Washington, D.C., USA

SafeGuard Privacy Inc.

Sarasota, FL, USA

Eckert Seamans

Pittsburgh, PA, USA

Orrick Herrington & Sutcliffe LLP
Cleveland State University College of Law

Boston, MA, USA

Crowe

Spring, TX, USA

Pennsylvania Office of Attorney General

Philadelphia, PA, USA

Hausfeld

Washington, DC, USA

Bennett Jones LLP

Toronto, ON, Canada

Torys LLP

Toronto, ON, Canada

Parry Law PLLC

Raleigh, NC, USA

Shook, Hardy & Bacon L.L.P.

Miami, FL, USA

Redgrave LLP

Chantilly, VA, USA

Lowndes, Drosdick, Doster, Kantor & Reed, P.A.

Orlando, FL, USA

Arnold & Porter

New York, NY, USA

Sidley Austin LLP

Washington, DC, USA

The Sedona Conference

Phoenix, AZ, USA

Debevoise & Plimpton LLP

New York, NY, USA

Proactive privacy and security governance: Complying with global data privacy and security regulations

Date: 
Wednesday, September 18, 2019 - 9:00am to 10:15am
Panel Description: 

A panel of WG11 brainstorming group members will lead a dialogue with all WG11 members in attendance on their outline on the topic. In light of the ever-increasing number of privacy and data security laws being enacted and updated, including data localization laws, the brainstorming group has been exploring the complex decisions global companies face regarding privacy and data security compliance and considering approaches to global compliance, and whether work product on this topic – and in what form – would be useful to practitioners.

Morning Break

Date: 
Wednesday, September 18, 2019 - 10:15am to 10:30am

The California Consumer Privacy Act (CCPA): Defining and measuring statutory damages under U.S. privacy laws

Date: 
Wednesday, September 18, 2019 - 10:30am to 11:30am
Panel Description: 

A panel of WG11 brainstorming group members will lead a dialogue on their outline which addresses two discrete issues in the CCPA that also arise in other privacy and data security laws: (1) whether a consumer must show actual harm in addition to a mere technical violation of the statute before the state Attorney General or consumer can sue under the statute, and (2) how a “violation” of a privacy or security regulation should be calculated. The dialogue will address these issues within the context of the CCPA and other privacy and security regulations.

Data security and privacy case law update

Date: 
Wednesday, September 18, 2019 - 11:30am to 12:45pm
Panel Description: 

The panel will lead a dialogue on some of the most important cases thus far in 2019 in the privacy and data security arena. The panel will cover recent actions and rulings from both the private litigation realm and the regulatory enforcement area, with the goal being to bring WG11 members up to the minute on where the case law currently is at, and more importantly, where it could be heading in the future.

Lunch

Date: 
Wednesday, September 18, 2019 - 12:45pm to 2:00pm

Government agency roundtable

Date: 
Wednesday, September 18, 2019 - 2:00pm to 3:30pm
Panel Description: 

The dialogue leaders will address a range of topics, including recent enforcement regulations and actions, the current focus of agencies, inter-agency coordination, and proposed regulations. The dialogue will also address the interaction between government agencies and corporations regarding current data security and privacy best practices, as well as how companies may permissibly collect, use, share, and dispose of personal and sensitive data.

Examining proposals for data transfers out of Canada

Date: 
Wednesday, September 18, 2019 - 3:45pm to 5:00pm
Panel Description: 

The dialogue leaders will examine Canada's newly released Digital Charter and related reform proposals under The Personal Information Protection and Electronic Documents Act (PIPEDA) as they relate to companies' ability to transfer data out of Canada. The panel will discuss the reasons for Canada's reevaluation of its data transfer scheme and how companies may handle different mechanisms for transfer, including consent. Dialogue leaders will evaluate whether consent and other suggestions for transfer adequately address the privacy concerns meant to be addressed by reform proposals, and the possible effect of the proposals on day-to-day law firm and legal service provider operations, with reference to the current WG7 (Sedona Canada) member comment draft on law firm privacy and security.

Artificial Intelligence (AI) model transparency: Core principles in promoting transparency of AI and algorithms

Date: 
Thursday, September 19, 2019 - 9:15am to 10:30am
Panel Description: 

A panel of WG11 drafting team members will lead a dialogue on their draft Commentary regarding what it means to have an “explainable” AI system in the context of data privacy and security issues. The draft Commentary includes foundational design principles that should be incorporated into legal standards governing AI transparency. A few questions, among others, that are of focus: How can one understand and explain the decisions reached by an AI system and its algorithms? How is personal data processed during the decision-making process? How should regulators and private litigants examine perceived issues with personal data processing?

Morning Break

Date: 
Thursday, September 19, 2019 - 10:30am to 10:45am

Model data breach notification principles

Date: 
Thursday, September 19, 2019 - 10:45am to 12:00pm
Panel Description: 

A panel of WG11 drafting team members will lead a dialogue with all members in attendance on a draft Commentary with principles that is being developed to guide the development of data breach notification laws. Drawing upon best practices in data privacy and incident response, the Commentary and principles will describe how data breach notification laws should address different aspects of data breach notification, including what constitutes a notifiable breach, what methods of notification should be permissible, and whether there should be timelines for notification.

WG11 town hall

Date: 
Thursday, September 19, 2019 - 12:00pm to 1:00pm
Panel Description: 

WG11 Steering Committee members will lead a dialogue amongst the WG11 members in attendance on progress made on the work product of the Working Group, and by the Working Group as a whole. WG11 member input will be sought regarding the future direction of WG11, including ideas for existing and new commentaries and projects.