| Time | Session | Panelists |
| | Wednesday, November 2 | |
| 8:00 — 9:00 | Breakfast & sign-in | |
| 9:00 — 9:15 | Welcome & overview | Drum, Weinlein |
| 9:15 — 10:30 | Incident Response Guide, Second Edition | Averitt, Booth, Cattanach, Meade*, Swanson |
| | A panel of WG11 brainstorming group members will lead a dialogue with all attendees on their outline which evaluates whether WG11 should draft a Second Edition of the Incident Response Guide, and if so, (1) whether a discussion about international incident response should be included; (2) whether emerging types of incidents, such as ransomware, should be addressed; and (3) whether updates should be made to address key legislative changes since January 2020. | |
| 10:30 — 10:45 | Morning Break | |
| 10:45 — 12:00 | Legal considerations for the lifecycle of employee personal data | Ackert, D'Ambra, Jorgensen, Kemnitz, Shonka* |
| | Now is a good time for every business, no matter its size, to pause and consider the privacy rights and interests of its prospective, current, and past employees. The collection (and disposition) of personal information about each person begins with the first contact, continues through the pre-employment stage, and accumulates rapidly and perhaps exponentially after hiring as the employee registers for and receives benefits, gets (or gives) employee evaluations, receives pay raises and promotions, takes mandatory training, faces health issues, is issued ID or other access cards, and in some cases is remotely tracked or monitored for various business purposes. And then there is retirement. Throughout the process questions abound as to how the records containing this personal information are protected, managed, disclosed, and disposed of. This panel examines those issues and explores whether WG11 should consider a project that addresses this important topic. | |
| 12:00 — 1:00 | Lunch | |
| 1:00 — 2:15 | Notice and consent – biometric facial recognition data | Altman, Baxter-Kauf, Drum, Evers* |
| | A panel of WG11 drafting team members will lead a dialogue with all attendees on the latest draft of their Commentary which puts forth legal principles that should govern whether, under what circumstances, and what manner of, notice and consent of an individual should be required in connection with the collection, creation, use, and disclosure by the private and public sectors of that individual’s biometric facial recognition data. The draft Commentary also provides legislators and other policymakers with guidance for implementing new and amending existing notice and consent requirements in connection with an individual’s biometric facial recognition data. | |
| 2:15 — 3:30 | Ransomware payments | Gray, Gyasi, Jennings, Raymond, Shook*, Wescott |
| | A panel of drafting team members will lead a dialogue on their progress in exploring issues related to statutory liability associated with ransomware payments, including the development of a framework for measuring that liability. | |
| 3:30 — 3:45 | Afternoon Break | |
| 3:45 — 5:00 | WG11 town hall | Drum*, Jorgensen, Keller, Meal, Murphy, Pizzirusso, Saikali, Wilan |
| | WG11 Steering Committee members will lead a dialogue amongst the WG11 members in attendance on progress made on the work product of the Working Group, and by the Working Group as a whole. WG11 member input will be sought regarding the future direction of WG11, including ideas for existing and new commentaries and projects. | |
| 5:00 — 7:00 | Reception (guests invited) | |
| | | |
| | Thursday, November 3 | |
| 8:00 — 9:90 | Breakfast & sign-in | |
| 9:00 — 10:15 | Emerging issues in privacy and cybersecurity class action litigation | Carney, Coates, Keller, Klinger, Pizzirusso, Saikali* |
| | Data breach class actions are evolving rapidly and involve multiple unique strategic decision points for practitioners and courts. This panel will cover some of the key pivotal processes in the lifecycle of data breach class actions including the coordination and consolidation of data breach class actions; the class certification process; and settlement. | |
| 10:15 — 10:30 | Morning Break | |
| 10:30 — 11:45 | Balancing privacy and data security against efficacy in NextGen healthcare | Bulander, Dunifon, Meade, Vibbert, Wilan* |
| | Advances in medical technology, including the application of AI and Big Data, bring the promise of unprecedented medical breakthroughs and improved individual outcomes. The pandemic pushed rapid advances in tele-health, and we are increasingly connected to devices that provide and store personal health-related information. While the law has long provided protections related to the privacy and security of medical and health information, questions arise as to whether those legacy and emerging laws adequately address these emerging digital risks, or on the flip side, may serve to unduly limit the benefits of emerging health-care technology. This panel will explore how the existing legal foundations apply to new and emerging technology and practices in the health and wellness areas, including whether new guidelines or best practices could help bridge the potential conflicts between privacy and efficacy. | |
| 11:45 — 1:00 | Privacy and data security legislative and regulatory update | Meal*, Hoffman, Murphy, Ray, Swetnam |
| | The panel will lead a dialogue on important updates in the U.S. federal legislative and regulatory space, including the status of the American Data Privacy and Protection Act (ADPPA) and the FTC’s proposed rulemaking efforts in the privacy and data security arena. It will also focus on important updates in U.S. state legislative and enforcement activity, focusing particularly on the enhanced consumer privacy laws taking effect next year in California, Virginia, Colorado, Connecticut, and Utah. | |
| 1:00 — 2:00 | Grab-and-go lunch | |
