The Sedona Conference Working Group 11 Annual Meeting 2025

Date: 
Wednesday, May 7, 2025 - 8:45am to Thursday, May 8, 2025 - 1:00pm

Location:
Microsoft Redmond Campus
1 Microsoft Way
Redmond, Washington 98052

Register today for the 2025 Annual Meeting of Working Group 11 on Data Security and Privacy Liability (WG11), to be held on the Microsoft Campus in Redmond, Washington, on Wednesday-Thursday, May 7-8, 2025. A welcome reception will be held in the evening of Tuesday, May 6, from 5:30-7:30 pm.

The meeting's primary focus will be on new drafts in need of WG11 member review and comment, including the following:

  • AI Statutory Guidance
  • Individual Liability for Data Security Failures
  • Commentary on Law Firm Data Security, Second Edition

The meeting will also feature the following sessions:

  • Shifting U.S. Federal Regulatory Priorities in the Privacy and Data Security Landscape
  • Privacy and Data Security Regulator Roundtable
  • Privacy and Data Security Litigation Update
  • Emerging Issues and Trends in the Cyber Threat Landscape
  • WG11 Town Hall

CLE:

The Sedona Conference will seek CLE accreditation for this meeting in selected jurisdictions (except Virginia) as dictated by attendance.

Confirmed Dialogue Leaders

Washington State Attorney General's Office

Olympia, WA, USA

Ellis & Winters, LLP

Raleigh, NC, USA

Lockridge Grindal Nauen PLLP

Minneapolis, MN, USA

HALOCK Security Labs

Schaumburg, IL, USA

Duane Morris LLP

River Forest, IL, USA

Polsinelli

Birmingham, AL, USA

WilmerHale

Washington, DC, USA

Womble Bond Dickinson

Phoenix, AZ, USA

Washington State Attorney General's Office

Olympia, WA, USA

Oregon Department of Justice

Portland, OR, USA

Crowe LLP

Sarasota, FL, USA

DiCello Levitt LLP

Chicago, IL, USA

US District Court - Western District of Washington

Seattle, WA, USA

iDS

Saint Charles, IL, USA

California Privacy Protection Agency

Sacramento, CA, USA

Shook, Hardy & Bacon, LLP

Kansas City, MO, USA

Cleveland State University College of Law

Boston, MA, USA

Crowe

Spring, TX, USA

DraftKings

Philadelphia, PA, USA

Becker

Fort Lauderdale, FL, USA

Gunster Yoakley & Stewart

Minneapolis, MN, USA

Cleveland State University College of Law

Cleveland, OH, USA

Lockton Companies

Dallas, TX, USA

Joseph F. Rice School of Law, University of South Carolina

Columbia, SC, USA

Indiana Attorney General

Indianapolis, IN, USA

Office of the Commissioner for Privacy and Data Protection

Victoria, BC, Canada

Arnold & Porter

New York, NY, USA

Privacy Commissioner for Bermuda

Hamilton, Bermuda

Sidley Austin LLP

Washington, DC, USA

Godfrey & Kahn S.C.

Milwaukee, WI, USA

Shook, Hardy & Bacon

Washington, DC, USA

The Sedona Conference

Phoenix, AZ, USA

Working Group 11 Annual Meeting Agenda 2025

Time  Session  Panelists
  Tuesday, May 6  
5:30 — 7:30 p.m. Welcome Reception  
  Wednesday, May 7  
8:00 — 8:45 a.m. Breakfast & Sign-in  
8:45 — 9:00 a.m. Welcome & Overview Tim Murphy, Ken Withers
9:00 — 10:15 a.m. [Session 01] Individual Liability for Data Security Failures  
  The panel of drafting team members will lead a dialogue on its draft Commentary that summarizes and explains what the legal bases currently are, and what as a policy matter the legal bases should be, for holding an individual liable for an entity’s violation of the various legal regimes that impose data security obligations on entities with regard to personal information they collect or maintain. The legal regimes that the draft Commentary addresses include both those that impose such data security obligations expressly (e.g., U.S. federal and state, and non-U.S, statutes and regulations that expressly require “reasonable” or “appropriate” or specified cybersecurity measures) and those that impose such obligations only as a matter of interpretation (e.g., the FTC Act and state UDAP statutes). Justin Donoho, John Gray*, Amy Keller, Chuck Ragan, Zach Willenbrink  
10:15 — 11:30 a.m. [Session 02] AI Statutory Guidance
  The panel of drafting team members will lead a dialogue on its draft Commentary which provides guidance to legislators, regulatory authorities, judges, and practitioners regarding certain statutory clarifications and/or interpretations that may be needed in order for the Colorado Privacy Act (Colo. Rev. Stat. §§ 6-1-1301 et seq.) and Colorado AI Law (Col. Rev. Stat. §§ 6-1-1701 et seq.) to be read consistently with one another when a business is using AI in the hiring process. Katherine Bandy, Brian Ray, Jon PolenbergDavid Sella-Villa*  
11:30 — 11:45 a.m. Morning Break  
11:45  — 12:45 p.m. [Session 03] Shifting U.S. Federal Regulatory Priorities in the Privacy and Data Security Landscape
  On January 20, 2025, the new presidential administration in the United States issued a “Regulatory Freeze Pending Review” memorandum directing all executive departments and agencies to: 1) pause proposing and issuing new rules, 2) withdraw unpublished rules, and 3) consider postponing the implementation of published rules—all pending the review of a department or agency head appointed by the new administration. Multiple draft and published rules touching on privacy and data security compliance fell within scope of the memorandum. This panel will examine how agencies have responded to the memorandum, the personnel changes, actions, and reviews taken during the first months of the new administration, and the implications for regulated organizations. Starr Drum*, Arianna Evers, Jami Vibbert, Jonathan Wilan  
12:45 — 2:00 p.m. Lunch  
2:00 — 3:15 p.m. [Session 04] Privacy and Data Security Litigation Update
  The panel will lead a dialogue on not only the most significant court decisions, including recent Supreme Court jurisprudence, regarding privacy and data security in the past year, but also court filings that raise novel claims and defenses (even if the cases themselves are pending or have settled), with the goal of bringing WG11 members up-to-the-minute on where the case law currently is – and more importantly, where it could be heading in the future. Justin Donoho, Hon. Lauren King, Colman McCarthy, Doug Meal*  
3:15 — 3:30 p.m. Afternoon Break  
3:30 — 5:00 p.m. [Session 05] Privacy and Data Security Regulator Roundtable
  The panel will lead a dialogue on key developments in U.S. state legislative and enforcement activity, with a particular focus on the enhanced consumer privacy laws that were recently enacted. Additionally, the discussion will include insights into relevant regulatory updates in Canada. Andrea Alegrett, Kristen Hilton, Maureen Mahoney, Tim Murphy*, Doug Swetnam, Jeannette Van Den Bulk  
5:00 — 7:00 p.m. Reception (guests invited)  
  Thursday, May 8  
8:00 — 9:00 a.m. Breakfast & Sign-in  
9:00 — 10:15 a.m. [Session 06] Emerging Issues and Trends in the Cyber Threat Landscape
  This panel will lead a dialogue about the emerging risks, regulatory challenges, liability concerns, offering insights to help organizations navigate the complex legal landscape of cybersecurity, and prepare for potential breaches in 2025 and beyond. Chris Cronin, Rick Griffith, Serge Jorgensen*, Tim Murphy, Sara Romine  
10:15 — 10:30 a.m. Morning Break  
10:30 — 11:45 a.m. [Session 07] Commentary on Law Firm Data Security, Second Edition
  The panel of drafting team members will lead a dialogue on its draft second edition of the Commentary on Law Firm Data Security ("Commentary"), which accounts for changes in law and technology, omissions in the original product, or newly developed needs for guidance. The original Commentary, published in 2020, includes a discussion of criteria and protocols for assessing data security at law firms and a companion discussion of how organizations should communicate with outside counsel about their data security practices. The Commentary also includes model clauses for engagement letters as well as a sample questionnaire corporate clients could provide to their law firms to assess data security readiness. Robert Kirtley, David Moncure*, Alex White, Jon Wilson  
11:45 — 1:00 p.m. [Session 08] Town Hall
  WG11 Steering Committee members will lead a dialogue on progress made on the work product of WG11, and by WG11 as a whole. WG11 member input will be sought regarding the future direction of WG11, including ideas for existing and new commentaries and projects. Kate Baxter-Kauf*, Arianna Evers, Colman McCarthy, Doug Meal, David Moncure, Tim Murphy, Alex White  
1:00 — 2:00 p.m. Grab-and-Go Lunch (provided)  

*Denotes Session Moderator