The Sedona Conference Working Group 11 Annual Meeting 2023

Date: 
Thursday, May 4, 2023 - 8:45am to Friday, May 5, 2023 - 1:00pm

Location:

The Brown Palace Hotel and Spa, Denver, Colorado

The 2023 Annual Meeting of Working Group 11 on Data Security and Privacy Liability (WG11) will be held at The Brown Palace Hotel and Spa in Denver, Colorado, on Thursday-Friday, May 4-5, 2023. A welcome reception will be held in the evening of Wednesday, May 3, from 5:00-7:00 pm.

Session Information

Following a keynote address and Q&A with the Colorado Attorney General, Phil Weiser, the meeting’s focus will turn to new drafts and brainstorming group outlines in need of WG11 member review and comment, including the following topics:

  • Incident Response Guide, Second Edition
  • Data security and privacy in healthcare
  • Exploring greater efficiencies in data breach and privacy class action litigation
  • Ransomware payments

In addition, the meeting will feature the following sessions:

  • Privacy and data security legislative and regulatory update
  • AI: regulatory landscape
  • Children’s data privacy
  • WG11 town hall

 

Hotel Reservation Information

We have obtained a very favorable room rate at The Brown Palace Hotel and Spa of $229 per night (plus tax) for a limited block of rooms on the nights of May 3-4. For those who wish to arrive early, leave late, or otherwise extend their stay, the group rate is available for three nights preceding and three nights following the dates of the room block, subject to room availability. Accordingly, if you wish to book for additional nights, you should do so as soon as possible. This room block expires on April 12. Reservation information will be provided in your meeting registration confirmation email.

CLE

The Sedona Conference will seek CLE accreditation for this event in selected jurisdictions (except Virginia), as dictated by attendance.

Dialogue Leaders

Julian Ackert
iDiscovery Solutions
iDS

Washington, DC, USA
David Berger
Gibbs Law Group LLP

Oakland, CA, USA
Katherine Booth
McCarthy Tetrault LLP

Vancouver, BC, Canada
Maureen M. Brady
McShane & Brady, LLC

Kansas City, MO, USA
Robert E. Cattanach
Dorsey & Whitney LLP

Minneapolis, MN, USA
Katherine Chaves
Dorsey & Whitney LLP

Minneapolis, MN, USA
Chris Cronin
HALOCK Security Labs

Schaumburg, IL, USA
Anne Kathleen Davis
Bleichmar, Fonti, & Auld, LLP

Oakland, CA, USA
Starr Turner Drum
Polsinelli

Birmingham, AL, USA
Emily Fedeles

New York, NY, USA
John C. Gray
Lewis Roca

Phoenix, AZ, USA
Eric B. Gyasi
BakerHostetler LLP

New York, NY, USA
Serge D. Jorgensen
The Sylint Group

Sarasota, FL, USA
Amy E. Keller
DiCello Levitt LLP

Chicago, IL, USA
Anya Korolyov
HaystackID

Chicago, IL, USA
Colman McCarthy
Shook, Hardy & Bacon, LLP

Kansas City, MO, USA
Matthew Meade
Eckert Seamans

Pittsburgh, PA, USA
Douglas Meal
Orrick Herrington & Sutcliffe LLP
Cleveland State University College of Law

Boston, MA, USA
David Moncure
Crowe

Spring, TX, USA
J. Austin Moore
Stueve Siegel Hanson LLP

Kansas City, MO, USA
Tim Murphy
Pennsylvania Office of Attorney General

Philadelphia, PA, USA
Jon Polenberg
Becker

Fort Lauderdale, FL, USA
Ruth Elizabeth Promislow
Bennett Jones LLP

Toronto, ON, Canada
Corban S. Rhodes
DiCello Levitt LLP

New York, NY, USA
Dalia Ritvo
Colorado Office of the Attorney General

Denver, CO, USA
Sara E. Romine
Lockton Companies

Dallas, TX, USA
Andrew Russell
Shaw Keller LLP

Wilmington, DE, USA
Alfred Saikali
Shook, Hardy & Bacon L.L.P.

Miami, FL, USA
David C. Shonka
Redgrave LLP

Chantilly, VA, USA
Jim Shook
Dell Technologies

Johns Creek, GA, USA
Joseph Warren Swanson
Foley & Lardner LLP

Tampa, FL, USA
Jill Szewczyk
Colorado Office of the Attorney General

Denver, CO, USA
Jim A. Trilling
Federal Trade Commission

Washington, DC, USA
Jami Mills Vibbert
Arnold & Porter

New York, NY, USA
Phil Weiser
Colorado Attorney General

Denver, CO USA
Viviana A. Wesley
HALOCK Security Labs

Mount Juliet, TN, USA
Jonathan M. Wilan
Sidley Austin LLP

Washington, DC, USA
Zachary Willenbrink
Godfrey & Kahn S.C.

Milwaukee, WI, USA
Phil Yannella
Blank Rome

Philadelphia, PA, USA

WG11 Annual Meeting 2023 Agenda

Time Session Panelists
  Wednesday, May 3, 2023  
5:00 — 7:00 Welcome reception  
  Thursday, May 4, 2023  
7:45 — 8:45 Breakfast & sign-in  
8:45 — 9:00 Welcome & overview Drum, Weinlein
9:00 — 9:30 Colorado Attorney General Phil Weiser Weiser
  Attorney General Weiser will deliver a keynote speech and then take questions from WG11 members.  
9:30 — 10:45 Incident Response Guide, Second Edition Booth, Cattanach, KorolyovMeade*, Swanson 
  A panel of WG11 drafting members will lead a dialogue with all attendees on their draft of a Second Edition of the Incident Response Guide that, among other updates, addresses: (1) international incident response in detail; (2) emerging types of incidents, including ransomware; and (3) key legislative changes since January 2020.  
10:45 — 11:00 Morning break  
11:00 — 12:15 Data security and privacy in healthcare Brady, Cronin, MooreRomine, Vibbert*
  A panel of WG11 brainstorming group members will lead a dialogue on their outline that assesses and recommends areas in the healthcare space where Sedona can develop guidance - such as model standards - to move the law foward. The brainstorming group (1) analyzed the current legal landscape concerning the scope of medical and health information and its associated privacy and security protections, and (2) assessed current legal requirements and common practices around obtaining consent for processing and use of healthcare and related information.  
12:15 — 1:15 Lunch  
1:15 — 2:30 Ransomware payments Gray, GyasiPolenberg, Shook*, Willenbrink
  A panel of drafting team members will lead a dialogue on their progress in exploring issues related to statutory liability associated with ransomware payments, including the development of a framework for measuring that liability. The drafting team is performing an independent analysis of how and why OFAC has applied a strict liability approach in the past.  
2:30 — 3:45 Privacy and data security legislative and regulatory update Murphy, Ritvo, Shonka*, SzewczykTrilling
  The panel will lead a dialogue on some of the most important updates in the U.S. federal legislative and regulatory space. It will also focus on important updates in U.S. state legislative and enforcement activity, focusing particularly on the enhanced consumer privacy laws taking effect throughout the year.  
3:45 — 4:00 Afternoon break  
4:00 — 5:00 WG11 town hall Drum*, Jorgensen, Keller, Meal, Moncure, Promislow, Saikali, Wilan
  WG11 Steering Committee members will lead a dialogue amongst the WG11 members in attendance on progress made on the work product of the Working Group, and by the Working Group as a whole. WG11 member input will be sought regarding the future direction of WG11, including ideas for existing and new commentaries and projects.  
5:00 — 7:00 Reception (guests invited)  
     
  Friday, May 5, 2023  
8:00 — 9:00 Breakfast & sign-in  
9:00 — 10:15 AI: Regulatory landscape Ackert, Fedeles, Promislow*, Russell, Wilan
 

The European Union's (EU) AI Act seeks to establish the first comprehensive regulatory scheme for artificial intelligence. The impact of the regulation - which could be adopted by the end of 2023 - will extend beyond EU borders and will have substantial impact on data governance practices and corresponding legal exposure for organizations worldwide. At the same time, other jurisdictions (e.g. UK and Canada) have prepared proposals for the regulation of AI, and in the US, a patchwork of regulation and guidance at the state and federal level is beginning to emerge. This panel will lead a dialogue on the emerging legal issues from the EU Act as well as the intersection of the regimes in different jurisdictions and explore whether there are specific privacy and data management issues that could benefit from consideration by a brainstorming group.

  
10:15 — 10:30 Morning Break  
10:30 — 11:45 Children's data privacy

Drum*, McCarthyRhodes, Trilling
  An estimated one of every three online users is under the age of 18. Perceived unique risks of online conduct of and content presented to minors has fostered a renewed focus on how the legal system can be leveraged and adapted to ensure the protection of children's data privacy. During the past few years, legislators, regulators, and litigants have refocused their energy on protecting children's data privacy through new laws, enforcement actions, and lawsuits. This panel will examine this evolving legal landscape and explore whether WG11 should consider a brainstorming group to address this important topic.  
11:45 — 1:00 Exploring greater efficiencies in data breach and privacy class action litigation

BergerChavesDavis, RhodesWesleyYannella*
  A panel of WG11 brainstorming group members will lead a dialogue on their outline that explores whether there are procedural or substantive changes to the current legal regime applicable to data breach and privacy class actions that would get such actions ripe for resolution more efficiently and cost-effectively. The panel will continue truly open dialogue exploring the strengths and weaknesses of litigation positions being taken today by both sides in data breach and privacy class actions, and how the current rules of the road might be changed to reduce litigation costs in such actions.  
1:00 — 2:00 Grab-and-go lunch (provided)  
Date: 
Thursday, May 4, 2023 - 8:00am to Friday, May 5, 2023 - 1:00am