| Time | Session | Panelists |
| | Wednesday, May 1, 2024 | |
| 6:00pm — 8:00pm | Evening Welcome reception | |
| | Thursday, May 2, 2024 | |
| 8:00am — 9:00am | Breakfast & Sign-in | |
| 9:00am — 9:15am | Welcome & Overview | Drum, Weinlein |
| 9:15am — 10:30am | Draft Data Privacy Primer, Second Edition | |
| | A panel of WG11 drafting team members will lead a dialogue with all attendees on their outline of recommended changes for a Second Edition of the Data Privacy Primer that, among other updates, (1) revises the Primer to address key U.S. federal and state legislative and regulatory changes and case law updates since its publication and 2) expands the Primer to include certain international privacy laws. | Hansen, Kemnitz, McCarthy*, Swetnam, Wagner |
| 10:30am — 10:45am | Morning break | |
| 10:45am — 12:00pm | Online tracking | |
| | Online tracking technologies increasingly present unique challenges to organizations’ legal and marketing teams as technologies evolve, compliance obligations change, and laws that have been in place for years like the Video Privacy Protection Act and two-party wiretapping statutes are being reinterpreted and tested by consumers in online marketing contexts. A panel of brainstorming group members will lead a dialogue on their outline proposing principles to help guide compliance and consistency in this area looking toward further development of these as part of a potential Commentary. | Baxter-Kauf, Hatcher, Matus, Posedel, Sterling* |
| 12:00pm — 1:00pm | Lunch | |
| 1:00pm — 2:00pm | WG11 town hall | |
| | WG11 Steering Committee members will lead a dialogue amongst the WG11 members in attendance on progress made on the work product of the Working Group, and by the Working Group as a whole. WG11 member input will be sought regarding the future direction of WG11, including ideas for existing and new commentaries and projects. | Baxter-Kauf, Drum*, Evers, Kemnitz, McCarthy, Meal, Moncure, Murphy, Shook |
| 2:00pm — 3:15pm | Draft Commentary on Privacy and Security of Health Data | |
| | The panel will lead a dialogue on its latest draft commentary on a potential new legislative framework to address health data and guiding principles for addressing privacy and security concerns. The draft commentary will address whether HIPAA adequately covers consumer health data and non-traditional health data uses, given HIPAA’s focus on healthcare providers that bill insurance, the proliferation of health data generated outside of the traditional medical and insurance fields, and the innovative new uses of health data in which companies are engaging. The draft commentary will propose an alternative framework that should be developed to address health data at the state or federal level. | Brady, Cronin, Romine*, Vibbert |
| 3:15pm — 3:30pm | Afternoon break | |
| 3:30pm — 5:00pm | Privacy and data security legislative and regulatory update | |
| | The panel will lead a dialogue on important updates in the U.S. federal legislative and regulatory space. It will also focus on important updates in U.S. state legislative and enforcement activity, focusing particularly on the enhanced consumer privacy laws set to take effect. | Berman, Chand, Jou, Macko, Murphy*, Swetnam |
| 5:00pm — 7:00pm | Reception (guests invited) | |
| | Friday, May 3, 2024 | |
| 8:00am — 9:00am | Breakfast & sign-in | |
| 9:0am — 10:15 | Practical approaches to incident response in 2024 | |
| | Tabletop exercises are a crucial tool to test incident response plans in simulated data breach scenarios. In this panel, dialogue leaders will address a simulated security incident and discuss how key stakeholders including organizations, their business teams, counsel, and forensic investigators can prepare for and respond to a data breach. During the tabletop, dialogue leaders will reference and utilize WG11’s draft Incident Response Guide, Second Edition, which provides updated guidance for organizations and practitioners as they navigate and adapt to rapidly evolving technologies and an expanding threat landscape. | Falk, Gyasi, Jorgensen, Moncure*, Promislow |
| 10:15am — 10:30am | Morning break | |
| 10:30am — 11:45am | Privacy and data security litigation update | |
| | The panel will lead a dialogue on not only the most significant court decisions regarding privacy and data security in the past year, but also court filings that raise novel claims and defenses (even if the cases themselves are pending or have settled), with the goal of bringing WG11 members up-to-the-minute on where the case law currently is – and more importantly, where it could be heading in the future. | Blanchard, Keller*, May, Yovanic |
| 11:45am — 1:00pm | Legal implications of artificial intelligence in automated decision-making |
| | Generative AI presents an opportunity for more automated decision-making use cases than many privacy laws accounted for at the time they were enacted. A panel of brainstorming group members will lead a dialogue on their updated outline analyzing privacy issues related to use of AI in automated decision-making, particularly focused on how laws in this space can strike the appropriate balance between automated analysis and human oversight. | Ackert, Dalziel, Korolyov, Polenberg, Sella-Villa* |
| 1:pm — 2:00pm | Grab & go lunch (provided) | |
