| Time | Session | Panelists |
| | Wednesday, May 3, 2023 | |
| 6:00 — 8:00 | Welcome reception | |
| | Thursday, May 4, 2023 | |
| 7:45 — 8:45 | Breakfast & sign-in | |
| 8:45 — 9:00 | Welcome & overview | Drum, Weinlein |
| 9:00 — 9:30 | Colorado Attorney General Phil Weiser | Weiser |
| | Attorney General Weiser will deliver a keynote speech and then take questions from WG11 members. | |
| 9:30 — 10:45 | Incident Response Guide, Second Edition | Booth, Cattanach, Korolyov, Meade*, Swanson |
| | A panel of WG11 drafting members will lead a dialogue with all attendees on their draft of a Second Edition of the Incident Response Guide that, among other updates, addresses: (1) international incident response in detail; (2) emerging types of incidents, including ransomware; and (3) key legislative changes since January 2020. | |
| 10:45 — 11:00 | Morning break | |
| 11:00 — 12:15 | Data security and privacy in healthcare | Brady, Cronin, Moore, Romine*, Vibbert |
| | A panel of WG11 brainstorming group members will lead a dialogue on their outline that assesses and recommends areas in the healthcare space where Sedona can develop guidance - such as model standards - to move the law foward. The brainstorming group (1) analyzed the current legal landscape concerning the scope of medical and health information and its associated privacy and security protections, and (2) assessed current legal requirements and common practices around obtaining consent for processing and use of healthcare and related information. | |
| 12:15 — 1:15 | Lunch | |
| 1:15 — 2:30 | Ransomware payments | Gray, Gyasi, Polenberg, Shook*, Willenbrink |
| | A panel of drafting team members will lead a dialogue on their progress in exploring issues related to statutory liability associated with ransomware payments, including the development of a framework for measuring that liability. The drafting team is performing an independent analysis of how and why OFAC has applied a strict liability approach in the past. | |
| 2:30 — 3:45 | Privacy and data security legislative and regulatory update | Murphy, Ritvo, Shonka*, Szewczyk, Trilling |
| | The panel will lead a dialogue on some of the most important updates in the U.S. federal legislative and regulatory space. It will also focus on important updates in U.S. state legislative and enforcement activity, focusing particularly on the enhanced consumer privacy laws taking effect throughout the year. | |
| 3:45 — 4:00 | Afternoon break | |
| 4:00 — 5:00 | WG11 town hall | Drum*, Jorgensen, Keller, Meal, Moncure, Pizzirusso, Promislow, Saikali, Wilan |
| | WG11 Steering Committee members will lead a dialogue amongst the WG11 members in attendance on progress made on the work product of the Working Group, and by the Working Group as a whole. WG11 member input will be sought regarding the future direction of WG11, including ideas for existing and new commentaries and projects. | |
| 5:00 — 7:00 | Reception (guests invited) | |
| | | |
| | Friday, May 5, 2023 | |
| 8:00 — 9:00 | Breakfast & sign-in | |
| 9:00 — 10:15 | AI: Regulatory landscape | Ackert, Fedeles, Promislow*, Russell, Wilan |
| | The European Union's (EU) AI Act seeks to establish the first comprehensive regulatory scheme for artificial intelligence. The impact of the regulation - which could be adopted by the end of 2023 - will extend beyond EU borders and will have substantial impact on data governance practices and corresponding legal exposure for organizations worldwide. At the same time, other jurisdictions (e.g. UK and Canada) have prepared proposals for the regulation of AI, and in the US, a patchwork of regulation and guidance at the state and federal level is beginning to emerge. This panel will lead a dialogue on the emerging legal issues from the EU Act as well as the intersection of the regimes in different jurisdictions and explore whether there are specific privacy and data management issues that could benefit from consideration by a brainstorming group. | |
| 10:15 — 10:30 | Morning Break | |
| 10:30 — 11:45 | Children's data privacy | Drum*, Rhodes, Trilling |
| | An estimated one of every three online users is under the age of 18. Perceived unique risks of online conduct of and content presented to minors has fostered a renewed focus on how the legal system can be leveraged and adapted to ensure the protection of children's data privacy. During the past few years, legislators, regulators, and litigants have refocused their energy on protecting children's data privacy through new laws, enforcement actions, and lawsuits. This panel will examine this evolving legal landscape and explore whether WG11 should consider a brainstorming group to address this important topic. | |
| 11:45 — 1:00 | Exploring greater efficiencies in data breach and privacy class action litigation | Chaves, Davis, Rhodes, Wesley, Yannella* |
| | A panel of WG11 brainstorming group members will lead a dialogue on their outline that explores whether there are procedural or substantive changes to the current legal regime applicable to data breach and privacy class actions that would get such actions ripe for resolution more efficiently and cost-effectively. The panel will continue truly open dialogue exploring the strengths and weaknesses of litigation positions being taken today by both sides in data breach and privacy class actions, and how the current rules of the road might be changed to reduce litigation costs in such actions. | |
| 1:00 — 2:00 | Grab-and-go lunch (provided) | |
