| Time |
Session |
Dialogue Leaders |
| |
Tuesday, May 6 |
|
| 5:30 — 7:30 p.m. |
Welcome Reception |
|
| |
Wednesday, May 7 |
|
| 7:45 — 8:30 a.m. |
Breakfast & Sign-in |
|
| 8:30 — 9:00 a.m. |
Welcome & Overview |
Tim Murphy, Ken Withers |
| 9:00 — 10:15 a.m. |
[Session 01] Individual Liability for Data Security Failures |
|
| |
The panel of drafting team members will lead a dialogue on its draft Commentary that summarizes and explains what the legal bases currently are, and what as a policy matter the legal bases should be, for holding an individual liable for an entity’s violation of the various legal regimes that impose data security obligations on entities with regard to personal information they collect or maintain. The legal regimes that the draft Commentary addresses include both those that impose such data security obligations expressly (e.g., U.S. federal and state, and non-U.S, statutes and regulations that expressly require “reasonable” or “appropriate” or specified cybersecurity measures) and those that impose such obligations only as a matter of interpretation (e.g., the FTC Act and state UDAP statutes). |
Justin Donoho, John Gray*, Amy Keller, Chuck Ragan, Zach Willenbrink |
|
| 10:15 — 11:30 a.m. |
[Session 02] AI Statutory Guidance |
| |
The panel of drafting team members will lead a dialogue on its draft Commentary which provides guidance to legislators, regulatory authorities, judges, and practitioners regarding certain statutory clarifications and/or interpretations that may be needed in order for the Colorado Privacy Act (Colo. Rev. Stat. §§ 6-1-1301 et seq.) and Colorado AI Law (Col. Rev. Stat. §§ 6-1-1701 et seq.) to be read consistently with one another when a business is using AI in the hiring process. |
Katherine Bandy, Jon Polenberg, Brian Ray, Katy Ruckle, David Sella-Villa* |
|
| 11:30 — 11:45 a.m. |
Morning Break |
|
| 11:45 — 12:45 p.m. |
[Session 03] Shifting U.S. Federal Regulatory Priorities in the Privacy and Data Security Landscape |
| |
On January 20, 2025, the new presidential administration in the United States issued a “Regulatory Freeze Pending Review” memorandum directing all executive departments and agencies to: 1) pause proposing and issuing new rules, 2) withdraw unpublished rules, and 3) consider postponing the implementation of published rules—all pending the review of a department or agency head appointed by the new administration. Multiple draft and published rules touching on privacy and data security compliance fell within scope of the memorandum. This panel will examine how agencies have responded to the memorandum, the personnel changes, actions, and reviews taken during the first months of the new administration, and the implications for regulated organizations. |
Starr Drum*, Arianna Evers, Jami Vibbert, Jonathan Wilan |
|
| 12:45 — 2:00 p.m. |
Lunch |
|
| 2:00 — 3:15 p.m. |
[Session 04] Privacy and Data Security Litigation Update |
| |
The panel will lead a dialogue on not only the most significant court decisions, including recent Supreme Court jurisprudence, regarding privacy and data security in the past year, but also court filings that raise novel claims and defenses (even if the cases themselves are pending or have settled), with the goal of bringing WG11 members up-to-the-minute on where the case law currently is – and more importantly, where it could be heading in the future. |
Justin Donoho, Hon. Lauren King, Cari Laufenberg, Doug Meal* |
|
| 3:15 — 3:30 p.m. |
Afternoon Break |
|
| 3:30 — 5:00 p.m. |
[Session 05] Privacy and Data Security Regulator Roundtable |
| |
The panel will lead a dialogue on key developments in U.S. state legislative and enforcement activity, with a particular focus on the enhanced consumer privacy laws that were recently enacted. |
Andrea Alegrett, Kristen Hilton, Maureen Mahoney, Tim Murphy*, Doug Swetnam |
|
| 5:00 — 7:00 p.m. |
Reception (guests invited) |
|
| |
Thursday, May 8 |
|
| 8:00 — 9:00 a.m. |
Breakfast & Sign-in |
|
| 9:00 — 10:15 a.m. |
[Session 06] Emerging Issues and Trends in the Cyber Threat Landscape |
| |
This panel will lead a dialogue about the emerging risks, regulatory challenges, liability concerns, offering insights to help organizations navigate the complex legal landscape of cybersecurity, and prepare for potential breaches in 2025 and beyond. |
Chris Cronin, Rick Griffith, Serge Jorgensen*, Tim Murphy, Sara Romine |
|
| 10:15 — 10:30 a.m. |
Morning Break |
|
| 10:30 — 11:45 a.m. |
[Session 07] Commentary on Law Firm Data Security, Second Edition |
| |
The panel of drafting team members will lead a dialogue on its draft second edition of the Commentary on Law Firm Data Security ("Commentary"), which accounts for changes in law and technology, omissions in the original product, or newly developed needs for guidance. The original Commentary, published in 2020, includes a discussion of criteria and protocols for assessing data security at law firms and a companion discussion of how organizations should communicate with outside counsel about their data security practices. The Commentary also includes model clauses for engagement letters as well as a sample questionnaire corporate clients could provide to their law firms to assess data security readiness. |
Robert Kirtley, David Moncure*, Alex White, Jon Wilson |
|
| 11:45 — 1:00 p.m. |
[Session 08] Town Hall |
| |
WG11 Steering Committee members will lead a dialogue on progress made on the work product of WG11, and by WG11 as a whole. WG11 member input will be sought regarding the future direction of WG11, including ideas for existing and new commentaries and projects. |
Kate Baxter-Kauf*, Arianna Evers, Colman McCarthy, Doug Meal, David Moncure, Tim Murphy, Alex White |
|
| 1:00 — 2:00 p.m. |
Grab-and-Go Lunch (provided) |
|
