The Sedona Conference Working Group 11 Midyear Meeting 2020

Wednesday, September 30, 2020 - 12:00pm to Thursday, October 1, 2020 - 4:15pm

Location: Online (Zoom)

The 2020 Midyear Meeting of Working Group 11 on Data Security and Privacy Liability (WG11) will be held online on Wednesday-Thursday, September 30-October 1, 2020, from Noon-4:15 pm EDT each day.

The meeting’s primary focus will be on new outlines and drafts in need of WG11 member review and comment, including the following topics:

  • Biometric privacy laws
  • Model data breach notification law

In addition, the meeting will feature the following sessions:

  • Privacy and data security litigation update, which will address some of the most significant court decisions and filings and regulatory actions from the past twelve months
  • Key privacy and data security considerations in cyber insurance
  •  A dialogue with global data protection authorities

The Sedona Conference will seek CLE accreditation in accordance with rules and regulations set forth by individual jurisdictions for virtual meetings. Various state MCLE authorities require that we verify your live, active participation throughout the program.


Dialogue Leaders

Lockridge Grindal Nauen PLLP

Minneapolis, MN, USA

Orrick Herrington & Sutcliffe LLP

New York, NY, USA


New York, NY, USA


Birmingham, AL, USA


Washington, DC, USA

Data Protection Authority of Bavaria for the Private Sector

Ansbach, Germany

Chaiken Ghali LLP

Atlanta, GA, USA

The Sylint Group

Sarasota, FL, USA

DiCello Levitt LLP

Chicago, IL, USA

Federal Trade Commission, Division of Privacy and Information Protection

Montpelier, VT, USA

Information and Privacy Commissioner for British Columbia

Victoria, BC, Canada

Eckert Seamans

Pittsburgh, PA, USA

Orrick Herrington & Sutcliffe LLP
Cleveland State University College of Law

Boston, MA, USA


Spring, TX, USA

Eversheds Sutherland (US) LLP

New York, NY, USA

New York, NY, USA


Washington, DC, USA

Bennett Jones LLP

Toronto, ON, Canada

Brooklyn, NY, USA

Cleveland State University College of Law

Cleveland, OH, USA

Parry Law PLLC

Raleigh, NC, USA

Colorado Office of the Attorney General

Denver, CO, USA

Shook, Hardy & Bacon L.L.P.

Miami, FL, USA

European Commission

Brussels, Belgium

Orrick Herrington & Sutcliffe LLP

Düsseldorf, Germany

Albertsons Companies, Inc.

Chicago, IL, USA

Fifth Third Bank

Cincinnati, OH, USA

BIO-key International, Inc.

Milton, GA, USA

Redgrave LLP

Chicago, IL, USA

Arnold & Porter

New York, NY, USA

Bleichmar Fonti & Auld LLP

Oakland, CA, USA

The Sedona Conference

Phoenix, AZ, USA

Privacy Commissioner for Bermuda

Hamilton, Bermuda

The Sedona Conference

Phoenix, AZ, USA


DAY 1 - Wednesday, September 30 (all times EDT)
Time Session Panelists
12:00 — 12:15 Welcome & overview Meal, Weinlein
12:15 — 1:30 [Session 1] Biometric privacy laws Baxter-Kauf, Evers, Nolan, Ray*, Ritvo, Sullivan
  In the past decade, the use of biometric data has increased exponentially. Biometric data presents a unique intersection of security protection and privacy risk. For example, while biometric identifiers provide enhanced and efficient authentication protections, their almost complete inalterability also increases the potential for harm if misused or compromised. Further, while the use of biometric identifiers may enhance the ability of government to police criminal activity, such use also gives rise to privacy considerations. A panel of WG11 brainstorming group members will lead a dialogue with all attendees on their outline, which addresses whether, in order to guide the development of biometric privacy laws, it is desirable or necessary to have a set of uniform principles in the context of both the private and public collection and use of biometric data, and whether it is even possible to consider one without the other. The outline also addresses which principles or aspects of a biometric privacy law should be considered by a future drafting team with a view to developing a recommended approach on those particular points.  
1:30 — 1:45 Break  
1:45 — 2:45

[Session 2] Privacy and data security litigation update

Solomon, Weaver, Cohen, Withers*
  The panel will lead a dialogue on some of the most important privacy and data security actions since this session was last held in September 2019. We will cover not only the most significant court decisions of the past year, but also court filings that raise novel claims and defenses (even if the cases themselves are pending or have settled) and significant regulatory actions, with the goal of bringing WG11 members up-to-the-minute on where the case law currently is – and more importantly, where it could be heading in the future.  
2:45 — 3:00 Break  
3:00 — 4:15

[Session 3] Key privacy and data security considerations in cyber insurance

Doroff, Phillips, Pruzinsky, Saikali*, St. Clair

As companies develop and adopt new and emerging technology, they face challenges regarding the way the technology collects, uses, shares, and stores personal information. These challenges have given rise to new questions of coverage under cyber liability insurance policies. This panel of cyber insurance executives, providers, and counsel will facilitate a dialogue that will address:

  • Legal issues relating to the scope of first and third-party coverage for privacy and data security incidents, including the insurability of regulatory fines and penalties
  • Coverage issues relating to new and emerging technology
  • The potential impact of developments relating to ransomware that will impact insurability of ransomware events in the future
  • Necessary changes to the underwriting process to sufficiently identify and insure applicants’ risks
  • Traps for the unwary - how every company should be thinking about acquiring and using their cyber liability insurance policies

A primary goal of the panel is to identify issues that may be appropriate for a formal commentary by WG11.

DAY 2 - Thursday, October 1 (all times EDT)
Time Session Panelists
12:00 — 1:30 [Session 4] A dialogue with global data protection authorities Filip, Sauer, Schröder*, White, McEvoy
  Global data protection authorities will lead a dialogue on their respective enforcement priorities and advisory roles under global data protection regimes and their views on the most important legal issues and questions awaiting resolution under the data protection regulatory regimes they administer and under international data protection law generally. Topics will include the impact of Schrems II and the global COVID-19 pandemic on data security and protection. The panel will also discuss other emerging data protection trends and regulations, cooperation and collaboration among and between different DPAs, and the potential convergence of global data protection laws.  
1:30 — 1:45 Break  
1:45 — 2:30 [Session 5] WG11 town hall Drum, Jorgensen, Meal*, Moncure, Pizzirusso, Promislow, Riemann, Saikali, Vibbert
  WG11 Steering Committee members will lead a dialogue amongst the WG11 members in attendance on progress made on the work product of the Working Group, and by the Working Group as a whole. WG11 member input will be sought regarding the future direction of WG11, including ideas for existing and new commentaries and projects.  
2:30 — 2:45 Break  
2:45 — 4:15 [Session 6] Model data breach notification law Ghali, Keller, Kriger, Meade*, Promislow, Tully

A panel of WG11 drafting team members will lead a dialogue with all attendees on the latest draft of their Commentary to guide the development of data breach notification laws. Drawing upon best practices in data privacy and incident response, the Commentary describes how data breach notification laws should address different aspects of data breach notification, including what constitutes a notifiable breach, what methods of notification should be permissible, and whether there should be timelines for notification.  The session will begin with the panel providing an overview of the latest draft and key aspects of the draft in need of member feedback.  Members will then be placed into breakout groups to allow for more fulsome dialogue on those key aspects of the draft.  The plenary session will then be reconvened, with each breakout group providing a brief report to the plenary group, to be followed by any additional dialogue amongst the plenary group on the content of the report-outs or other aspects of the outline.


* Panel Moderator