Skip to main content

The Sedona Conference Working Group 11 Annual Meeting 2022

Date
-

Location: 

The Camby

Phoenix, AZ

The 2022 Annual Meeting of Working Group 11 on Data Security and Privacy Liability (WG11) will be held at The Camby in Phoenix, Arizona, on Tuesday-Wednesday, April 26-27, 2022. A welcome reception will be held in the evening of Monday, April 25, from 6:00-8:00 pm.

Session Information:

The meeting’s primary focus will be on new drafts and brainstorming group outlines in need of WG11 member review and comment, including the following topics:

  • When are ransomware payments illegal under current U.S. law?
  • Model data breach notification law
  • Biometric privacy primer
  • Notice and consent – biometric facial recognition data
  • Privilege Commentary, Second Edition

In addition, the meeting will feature the following sessions:

  • Coordination of multiple litigation and regulatory fronts arising out of major cybersecurity events
  • Incident response: The unresolved questions
  • Privacy and data security legislative and regulatory update
  • WG11 town hall

Please find the timed agenda with detailed session descriptions below. Please look for an email announcement when we add dialogue leaders and biographies.

Hotel Reservation Information:

We have obtained a very favorable room rate at The Camby of $259 per night (plus tax) for a limited block of rooms on the nights of April 25-26. For those who wish to arrive early, leave late, or otherwise extend their stay, the group rate is available for three nights preceding and three nights following the dates of the room block, subject to room availability. Accordingly, if you wish to book for additional nights, you should do so as soon as possible. This room block expires on March 25. Reservation information will be provided in your meeting registration confirmation email.

CLE:

The Sedona Conference will seek CLE accreditation for this event in selected jurisdictions, as dictated by attendance.

Health and Safety Protocols: 

The Sedona Conference encourages all meeting attendees to be vaccinated.  We will follow all federal, state, and local health and safety protocols in effect at the time and place of the meeting.  The seating at the WG11 meeting will be spread out and take full advantage of the size of the meeting room.  We will provide color-coded lanyards for your name tag that will signify your comfort level with social interaction at the meeting.  Green: I am open to shaking hands and conversing in less than 6 feef of proximity while still respecting personal space; Yellow: I welcome conversation but prefer extra personal space, so please keep you distance and don't touch; Red: Please keep at least 6 feet of distance from me when conversing and don't touch.  

Alexander Altman
New York, NY, USA
Kate Baxter-Kauf
Minneapolis, MN, USA
Kaleigh Boyd
Seattle, WA, USA
Robert E. Cattanach
Minneapolis, MN, USA
Carol Alexis Chen
Los Angeles, CA, USA
Andrea L. D'Ambra
New York, NY, USA
Stevie DeGroff
Denver, CO, USA
Starr Turner Drum
Birmingham, AL, USA
Arianna Evers
Washington, DC, USA
Sheryl Falk
Houston, TX, USA
John C. Gray
Phoenix, AZ, USA
Serge D. Jorgensen
Sarasota, FL, USA
David Kalat
Chicago, IL, USA
Amy E. Keller
Chicago, IL, USA
Jerami D. Kemnitz
Minneapolis, MN, USA
Colman McCarthy
Kansas City, MO, USA
Douglas McNamara
Washington, DC, USA
Matthew Meade
Pittsburgh, PA, USA
Douglas Meal
Boston, MA, USA
Kelly Ruane Melchiondo
Miami, FL, USA
David Moncure
Denver, CO, USA
James J. Pizzirusso
Washington, DC, USA
Ruth Elizabeth Promislow
Toronto, ON, Canada
Prof. Brian Ray
Cleveland, OH, USA
Alfred Saikali
Miami, FL, USA
David C. Shonka
Chantilly, VA, USA
Douglas S. Swetnam
Indianapolis, IN, USA
Martin T. Tully
Chicago, IL, USA
Jami Mills Vibbert
New York, NY, USA
Larry Wescott
Washington, DC, USA
Jonathan M. Wilan
Washington, DC, USA
Agenda
TimeSessionPanelist
 Tuesday, April 26 
7:30 — 8:30Breakfast & sign-in 
8:30 — 8:45Welcome & overviewMeal, Weinlein
8:45 — 10:00When are ransomware payments illegal under current U.S. law?Chen, Gray*, Saikali, Wescott
 There is currently no legal authority that guides determination of whether a threat actor to whom one is considering making a ransomware payment either is itself, or is acting for the benefit of, an organization/entity listed on OFAC’s Specially Designated Nationals and Blocked Persons List (SDN List), such that making a ransomware payment to that threat actor would be prohibited. A panel of WG11 brainstorming group members will lead a dialogue with all attendees on their outline which evaluates whether WG11 should develop an independent standard and/or factors that would provide guidance on this issue. 
10:00 — 10:15Morning Break 
10:15 — 11:30Coordination of multiple litigation and regulatory fronts arising out of major privacy and cybersecurity eventsFalk, Pizzirusso, PowellShonkaSwetnam*
 A company that suffers a major privacy or cybersecurity event may find itself the target of class actions, state Attorneys General investigations, Federal Trade Commission or other federal agency actions, and foreign regulatory inquiries. While these disparate company adversaries often focus on similar or identical issues, coordination across the adversary group is rare. While some companies facing this situation prefer to engage with a coordinated adversary group to achieve efficiencies and perhaps even global resolution, others endeavor to discourage or prevent any such coordination from occurring. In this session, we will discuss the benefits of and impediments to coordination among the company’s adversaries in this situation, as well as the company’s strategic arguments for encouraging or discouraging such coordination. 
11:30 — 12:30Notice and consent – biometric facial recognition dataAltman, Baxter-Kauf, Evers*, Falk
 A panel of WG11 drafting team members will lead a dialogue with all attendees on the latest draft of their Commentary which puts forth legal principles that should govern whether, under what circumstances, and what manner of, notice and consent of an individual should be required in connection with the collection, creation, use, and disclosure by the private and public sectors of that individual’s biometric facial recognition data. The draft Commentary also provides legislators and other policymakers with guidance for implementing new and amending existing notice and consent requirements in connection with an individual’s biometric facial recognition data. 
12:30 — 1:30Lunch 
1:30 — 2:30Model data breach notification lawKeller, Meade*, Promislow, Tully
 A panel of WG11 drafting team members will lead a dialogue with all attendees on the latest draft of their Commentary to guide the development of data breach notification laws. Drawing upon best practices in data privacy and incident response, the Commentary describes how data breach notification laws should address different aspects of data breach notification, including what constitutes a notifiable breach, what methods of notification should be permissible, and whether there should be timelines for notification. 
2:00 — 3:45Privacy and data security legislative and regulatory updateCattanach, D'Ambra, DeGroffDrum*, Kemnitz
 The panel will lead a dialogue on some of the most important actual and proposed legislative and regulatory enactments during the past year in the privacy and data security space. We will cover not only the most significant enactments of the past year, but also currently proposed enactments that raise important privacy and data security issues, with the goal of bringing WG11 members up-to-the-minute on where the codified law in the space currently is – and more importantly, where it could be heading in the future. 
3:45 — 4:00Afternoon Break 
4:00 — 5:00WG11 town hallDrum, Jorgensen, Keller, Meal*, Moncure, Pizzirusso, Promislow, Saikali, Wilan
 WG11 Steering Committee members will lead a dialogue amongst the WG11 members in attendance on progress made on the work product of the Working Group, and by the Working Group as a whole. WG11 member input will be sought regarding the future direction of WG11, including ideas for existing and new commentaries and projects. 
5:00 — 7:00Reception (guests invited) 
   
 Wednesday, April 27 
8:30 — 9:30Breakfast & sign-in 
9:30 — 10:45Incident response: The unresolved questionsJorgensenMeadeMoncure, Saikali*, Vibbert
 

A panel of leading outside counsel, corporate counsel and technologists with extensive experience in incident response will facilitate a dialogue on the most challenging questions companies face when responding to a suspected data breach. These are questions that often are not addressed or resolved by data breach notification laws, including the difficult decisions companies must make relating to scope of investigations, the use of third-party data review firms, timing of notification, effective use of substitute notice, and challenges specific to vendor data breaches. The dialogue will be a highly interactive one based on a series of short scenarios.

 
 Morning Break 
11:00 — 12:00Second edition of The Sedona Conference Commentary on Application of Attorney-Client Privilege and Work-Product Protection to Documents and Communications Generated in the Cybersecurity Context Baxter-Kauf*, McNamara, Melchiondo, Wilan 
 A panel of WG11 drafting team members will lead a dialogue with all attendees on their draft of the second edition of the Privilege Commentary. The draft addresses new caselaw developments regarding attorney-client privilege and attorney work product in the context of litigation related to cyber incidents. The draft also includes additional focus on certain specific areas of legal response to cyber incidents that were only touched on or were outside the scope of the first edition of the Privilege Commentary. 
12:00 — 1:00Biometric privacy primerKalat, McCarthy, PromislowRay*
 

A panel of WG11 drafting team members will lead a dialogue with all attendees on the latest draft of their Primer which provides guidance to practitioners, judges and policymakers regarding how biometric information and biometric data are legally defined, how biometric systems work, and the privacy, data security and related issues they raise.

 
1:00 — 2:00Grab-and-go lunch 

 

Date::
to

About

The Sedona Conference (TSC) is a nonpartisan, nonprofit 501(c)(3) research and educational institute dedicated to the advanced study of law and policy in the areas of antitrust law, complex litigation, intellectual property rights, and data security and privacy law. The mission of TSC is to move the law forward in a reasoned and just way through the creation and publication of nonpartisan consensus commentaries and through advanced legal education for the bench and bar.

Contact

The Sedona Conference
301 East Bethany Home Rd, Suite C-297
Phoenix, AZ 85012
602-258-4910
General inquiries: info@sedonaconference.org
CLE-related questions: cle@sedonaconference.org
To comment on our publications: comments@sedonaconference.org

Join our mailing list

Copyright 2023 The Sedona Conference