16th Annual Sedona Conference Institute: Data Privacy & Cybersecurity Litigation

Date:

Thursday, April 13, 2023 - 8:30am to Friday, April 14, 2023 - 1:00pm

Location:

Reston, VA

United States

Hotel:

Hyatt Regency Reston, 1800 Presidents Street, Reston, VA 20190

Program Description:

Over the past few years, privacy and cybersecurity litigation has increased exponentially and evolved dramatically, creating novel strategic decision points for practitioners throughout the litigation lifecycle. In addition to data breach-based claims, causes of action under BIPA, CPRA, GDPR, VPPA, CIPA and other privacy-focused statutes have dominated the class action space. New theories of harm are frequently emerging, some led by state attorneys general and federal and international regulators.

Practitioners must consider privilege and preservation issues unique to this domain well in advance of litigation. Cross-border discovery issues frequently arise. And practitioners often must contemplate novel applications of well-worn issues like standing, class certification, and settlement to ever-evolving fact patterns.

This Sedona Conference Institute program will kick off with a simulated tabletop exercise involving a cyber incident in which certain key players – IT, HR, inside and outside counsel, management, forensic investigators, regulators, and others – address the incident with an eye towards potential litigation. Over the next two days, a faculty of jurists, regulators, and leading practitioners in this domain will take deep dives into the issues raised in the tabletop and other emerging issues in data privacy and cybersecurity litigation, including:

Internal investigations and audits
Conducting discovery
Privilege and ethical issues
Insurance coverage
Cross-border data transfers
State, federal, and international regulations and enforcement
Special considerations for privacy statute-based claims

The program will take place on April 13 and 14. There will be a welcome reception on the evening of April 12, from 5:30 - 7:30 pm (Eastern time).

A more detailed Agenda is below.

Hotel Reservation Information:

We have obtained a very favorable group room rate at The Hyatt Regency Reston of $289 per night (plus tax) for a limited block of rooms on the nights of April 12 and 13. The group rate is for single and double occupancy. The room block expires on March 21. After the room block expires, rooms are subject to availability. Reservation information will be provided in your registration confirmation email.

CLE:

The Sedona Conference will seek CLE accreditation for this program in selected jurisdictions, as dictated by attendance.

Co-Chairs

Starr Turner Drum

Polsinelli

Birmingham, AL, USA

Ruth Elizabeth Promislow

Bennett Jones LLP

Toronto, ON, Canada

Faculty

Hon. Stewart D. Aaron U.S. District Court, Southern District of New York New York, NY, USA	Julian Ackert iDiscovery Solutions iDS Washington, DC, USA	Kate Baxter-Kauf Lockridge Grindal Nauen PLLP Minneapolis, MN, USA	Kevin F. Brady Volkswagen Group of America Herndon, VA, USA
Cameron Carr Orrick, Herrington & Sutcliffe London, United Kingdom	Emily Fedeles Medidata Solutions, Inc. New York, NY, USA	Eric B. Gyasi BakerHostetler LLP New York, NY, USA	Hon. Kent A. Jordan U.S. Court of Appeals for the Third Circuit Wilmington, DE, USA
Serge D. Jorgensen The Sylint Group Sarasota, FL, USA	Richard Lutkus AlixPartners New York, NY, USA	Wayne Matus SafeGuard Privacy Inc. Sarasota, FL, USA	Edward J. McAndrew Baker & Hostetler LLP Wilmington, DE USA
Edward Robert McNicholas Ropes & Gray Washington, DC, USA	Matthew Meade Eckert Seamans Pittsburgh, PA, USA	Douglas Meal Orrick Herrington & Sutcliffe LLP Cleveland State University College of Law Boston, MA, USA	David Moncure Denver, CO, USA
Tim Murphy Pennsylvania Office of Attorney General Philadelphia, PA, USA	James J. Pizzirusso Hausfeld Washington, DC, USA	Tatiana Rice Future of Privacy Forum Washington, DC USA	Sara E. Romine Lockton Companies Dallas, TX, USA
Alfred Saikali Shook, Hardy & Bacon L.L.P. Miami, FL, USA	Richard S. Schweiker Jr. Office of the Attorney General of Virginia Richmond, VA, USA	David C. Shonka Redgrave LLP Chantilly, VA, USA	Christiana State Crowell & Moring LLC San Francisco, CA, USA
Douglas S. Swetnam Indiana Attorney General Indianapolis, IN, USA	Jami Mills Vibbert Arnold & Porter New York, NY, USA	Christopher Wall HaystackID Washington, DC	Paul Yovanic Jr. Seyfarth Shaw LLP Chicago, IL USA

2023 TSCI Agenda

Time	Session	Panelists
	Wednesday, April 12, 2023
5:30 — 7:30	Evening Welcome Reception
	Thursday, April 13, 2023
7:30 — 8:30	Buffet Breakfast & Sign-in
8:30 — 8:45	Welcome & Announcements	Drum, Promislow, Withers
8:45 — 10:15	Session 1: Privacy and Security Tabletop Exercise	Carr, Fedeles, Meade, Jorgensen, Promislow*
	In this session, practitioners will present simulated privacy and data security scenarios that could create notification obligations, regulatory risk, or civil litigation exposure. The remaining panel sessions will offer guidance on addressing and mitigating key risks associated with the scenarios presented in this session.
10:15 — 10:30	Morning Break
10:30 — 11:45	Session 2: Assessing Security Risk and Liability Exposure: What is the Current State of "Reasonable Security"	Ackert, Meal*, Murphy, Vibbert
	Rapid technological advances have fostered innovations by threat actors and those seeking to prevent security incidents. Certain security measures considered "state of the art" a few years ago, may now be obsolete or at least insufficient in isolation. This panel will examine the current legal and technology landscape to help in-house counsel, external counsel and organizations prioritize cybersecurity resource allocation.
11:45 — 1:00	Session 3: Cybersecurity and Privacy Audits and Internal Investigations	Brady, Lutkus, Matus*, McNicholas
	The landscape of reasonable security measures and privacy requirements is constantly shifting. It's important to stay on top of existing requirements and to address issues that point to privacy or security gaps in ways that both correct deficiencies and preserve relevant evidence where investigations and litigation are reasonably anticipated. This panel will cover the "dos and don'ts" of audits and internal investigations.
1:00 — 2:15	Lunch
2:15 — 3:30	Session 4: Privilege Issues and Ethics in Privacy Litigation and Incident Response	Aaron, Baxter-Kauf, Fedeles, Gyasi, Vibbert*
	The privilege landscape in privacy and cybersecurity adversarial proceedings has evolved significantly over the past decade, and privilege considerations often come into play in cybersecurity and privacy matters well before litigation is "reasonably anticipated." This panel will cover privilege considerations and discuss how counsel and their clients can ethically set privilege parameters in these matters.
3:30 — 3:45	Afternoon Break
3:45 — 5:00	Session 5: Privacy and Cybersecurity Insurance	McAndrew, Romine, Saikali*, Wall
	With the rise of cyber incidents and exponential growth in privacy lawsuits, coverage under cyber liability insurance policies is at an inflection point. This panel will address key legal issues relating to the scope of first and third-party coverage for privacy and data security incidents, coverage issues relating to emerging theories of liability, and how companies can adapt to an evolving insurance marketplace.
5:30 — 7:00	Reception (guests invited)

	Friday, April 14, 2023
7:30 — 8:30	Buffet Breakfast & Sign-in
8:30 — 9:45	Session 6: Cross-Border Data Transfer Considerations	Carr, Moncure, Shonka*, State, Wall
	Incident response and data privacy and security litigation often cross international borders. Ensuring that personal data is transferred in compliance with applicable laws is essential to avoid "sideshow" supplementary disputes or enhanced penalties. In this session, practitioners who frequently conduct cross-border transfers in the context of investigations and litigation will offer guidance on minimizing data transfer risks.
9:45 — 11:00	Session 7: Regulatory and Judicial Roundtable	Aaron, Jordan, Murphy, Promislow*, Swetnam
	In this session, we'll hear from the judges and regulators who are overseeing enforcement and litigation in the privacy and security space and get insights into what they expect from the practitioners and organizations involved in privacy and security-focused investigations and disputes.
11:00 — 11:15	Morning Break
11:15 — 12:30	Session 8: Emerging Issues in Privacy and Security Litigation	Drum*, Jorgensen, Pizzirusso, Rice, Yovanic,
	In this final session, seasoned practitioners will cover trends cropping up in data breach suits and in the ever-growing acronym-soup of statutory-based privacy litigation (BIPA, CCPA, CIPA, VPPA, etc.). This panel will also revisit the tabletop hypotheticals presented in the first session and address some of the lessons learned throughout the program.
12:30 — 12:45	Wrap-up	Drum, Promislow, Withers
13:00 — 14:00	Adjournment and Grab-&-Go Lunch (provided)

Panel Moderator*

Date:

Thursday, April 13, 2023 - 8:30am to Friday, April 14, 2023 - 1:00pm

User login

Registration

Regular Registration Fee:	$1595 USD
WGS Member Registration Fee:	$1495 USD
Government & Non-Profit Employee Registration Fee:	$1295 USD

Registration includes two breakfasts, two lunches, and two receptions. Please contact our office at [email protected] for assistance or with any questions you may have.

16th Annual TSCI Sponsorships

CLE

The Sedona Conference will seek CLE accreditation for this event in selected jurisdictions, as dictated by attendance.

Refund Policy

Refunds are available for cancellations made at least 21 days before the program is scheduled, less any credit card processing fees charged to The Sedona Conference. For cancellations made within 21 days of the program, no refunds are available but substitution of another individual from the same organization is permitted or a credit can be requested to be applied to a future Sedona program.