Skip to main content

The Sedona Conference Working Group 11 Annual Meeting 2023

Date
-

Location:

The Brown Palace Hotel and Spa, Denver, Colorado

The 2023 Annual Meeting of Working Group 11 on Data Security and Privacy Liability (WG11) will be held at The Brown Palace Hotel and Spa in Denver, Colorado, on Thursday-Friday, May 4-5, 2023. A welcome reception will be held in the evening of Wednesday, May 3, from 5:00-7:00 pm.

Session Information

Following a keynote address and Q&A with the Colorado Attorney General, Phil Weiser, the meeting’s focus will turn to new drafts and brainstorming group outlines in need of WG11 member review and comment, including the following topics:

  • Incident Response Guide, Second Edition
  • Data security and privacy in healthcare
  • Exploring greater efficiencies in data breach and privacy class action litigation
  • Ransomware payments

In addition, the meeting will feature the following sessions:

  • Privacy and data security legislative and regulatory update
  • AI: regulatory landscape
  • Children’s data privacy
  • WG11 town hall

 

Hotel Reservation Information

We have obtained a very favorable room rate at The Brown Palace Hotel and Spa of $229 per night (plus tax) for a limited block of rooms on the nights of May 3-4. For those who wish to arrive early, leave late, or otherwise extend their stay, the group rate is available for three nights preceding and three nights following the dates of the room block, subject to room availability. Accordingly, if you wish to book for additional nights, you should do so as soon as possible. This room block expires on April 12. Reservation information will be provided in your meeting registration confirmation email.

CLE

The Sedona Conference will seek CLE accreditation for this event in selected jurisdictions (except Virginia), as dictated by attendance.

Washington, DC, USA
Oakland, CA, USA
Vancouver, BC, Canada
Kansas City, MO, USA
Minneapolis, MN, USA
Minneapolis, MN, USA
Schaumburg, IL, USA
Oakland, CA, USA
Birmingham, AL, USA
New York, NY, USA
Phoenix, AZ, USA
New York, NY, USA
Sarasota, FL, USA
Chicago, IL, USA
Chicago, IL, USA
Kansas City, MO, USA
Pittsburgh, PA, USA
Boston, MA, USA
Denver, CO, USA
Kansas City, MO, USA
Philadelphia, PA, USA
Fort Lauderdale, FL, USA
Toronto, ON, Canada
New York, NY, USA
Denver, CO, USA
Dallas, TX, USA
Wilmington, DE, USA
Miami, FL, USA
Chantilly, VA, USA
Johns Creek, GA, USA
Tampa, FL, USA
Denver, CO, USA
Washington, DC, USA
New York, NY, USA
Denver, CO USA
Mount Juliet, TN, USA
Washington, DC, USA
Milwaukee, WI, USA
Philadelphia, PA, USA
Time Session Panelists
  Wednesday, May 3, 2023  
6:00 — 8:00 Welcome reception  
  Thursday, May 4, 2023  
7:45 — 8:45 Breakfast & sign-in  
8:45 — 9:00 Welcome & overview Drum, Weinlein
9:00 — 9:30 Colorado Attorney General Phil Weiser Weiser
  Attorney General Weiser will deliver a keynote speech and then take questions from WG11 members.  
9:30 — 10:45 Incident Response Guide, Second Edition Booth, Cattanach, KorolyovMeade*, Swanson 
  A panel of WG11 drafting members will lead a dialogue with all attendees on their draft of a Second Edition of the Incident Response Guide that, among other updates, addresses: (1) international incident response in detail; (2) emerging types of incidents, including ransomware; and (3) key legislative changes since January 2020.  
10:45 — 11:00 Morning break  
11:00 — 12:15 Data security and privacy in healthcare Brady, Cronin, MooreRomine*, Vibbert
  A panel of WG11 brainstorming group members will lead a dialogue on their outline that assesses and recommends areas in the healthcare space where Sedona can develop guidance - such as model standards - to move the law foward. The brainstorming group (1) analyzed the current legal landscape concerning the scope of medical and health information and its associated privacy and security protections, and (2) assessed current legal requirements and common practices around obtaining consent for processing and use of healthcare and related information.  
12:15 — 1:15 Lunch  
1:15 — 2:30 Ransomware payments Gray, GyasiPolenberg, Shook*, Willenbrink
  A panel of drafting team members will lead a dialogue on their progress in exploring issues related to statutory liability associated with ransomware payments, including the development of a framework for measuring that liability. The drafting team is performing an independent analysis of how and why OFAC has applied a strict liability approach in the past.  
2:30 — 3:45 Privacy and data security legislative and regulatory update Murphy, Ritvo, Shonka*, SzewczykTrilling
  The panel will lead a dialogue on some of the most important updates in the U.S. federal legislative and regulatory space. It will also focus on important updates in U.S. state legislative and enforcement activity, focusing particularly on the enhanced consumer privacy laws taking effect throughout the year.  
3:45 — 4:00 Afternoon break  
4:00 — 5:00 WG11 town hall Drum*, Jorgensen, Keller, Meal, Moncure, Pizzirusso, Promislow, Saikali, Wilan
  WG11 Steering Committee members will lead a dialogue amongst the WG11 members in attendance on progress made on the work product of the Working Group, and by the Working Group as a whole. WG11 member input will be sought regarding the future direction of WG11, including ideas for existing and new commentaries and projects.  
5:00 — 7:00 Reception (guests invited)  
     
  Friday, May 5, 2023  
8:00 — 9:00 Breakfast & sign-in  
9:00 — 10:15 AI: Regulatory landscape Ackert, Fedeles, Promislow*, Russell, Wilan
 

The European Union's (EU) AI Act seeks to establish the first comprehensive regulatory scheme for artificial intelligence. The impact of the regulation - which could be adopted by the end of 2023 - will extend beyond EU borders and will have substantial impact on data governance practices and corresponding legal exposure for organizations worldwide. At the same time, other jurisdictions (e.g. UK and Canada) have prepared proposals for the regulation of AI, and in the US, a patchwork of regulation and guidance at the state and federal level is beginning to emerge. This panel will lead a dialogue on the emerging legal issues from the EU Act as well as the intersection of the regimes in different jurisdictions and explore whether there are specific privacy and data management issues that could benefit from consideration by a brainstorming group.

 
10:15 — 10:30 Morning Break  
10:30 — 11:45 Children's data privacy

Drum*, Rhodes, Trilling

  An estimated one of every three online users is under the age of 18. Perceived unique risks of online conduct of and content presented to minors has fostered a renewed focus on how the legal system can be leveraged and adapted to ensure the protection of children's data privacy. During the past few years, legislators, regulators, and litigants have refocused their energy on protecting children's data privacy through new laws, enforcement actions, and lawsuits. This panel will examine this evolving legal landscape and explore whether WG11 should consider a brainstorming group to address this important topic.  
11:45 — 1:00 Exploring greater efficiencies in data breach and privacy class action litigation

ChavesDavis, RhodesWesleyYannella*

  A panel of WG11 brainstorming group members will lead a dialogue on their outline that explores whether there are procedural or substantive changes to the current legal regime applicable to data breach and privacy class actions that would get such actions ripe for resolution more efficiently and cost-effectively. The panel will continue truly open dialogue exploring the strengths and weaknesses of litigation positions being taken today by both sides in data breach and privacy class actions, and how the current rules of the road might be changed to reduce litigation costs in such actions.  
1:00 — 2:00 Grab-and-go lunch (provided)  
Date::
to