The Sedona Conference Working Group 11 Annual Meeting 2023

Thursday, May 4, 2023 - 8:45am to Friday, May 5, 2023 - 1:00pm


The Brown Palace Hotel and Spa, Denver, Colorado

The 2023 Annual Meeting of Working Group 11 on Data Security and Privacy Liability (WG11) will be held at The Brown Palace Hotel and Spa in Denver, Colorado, on Thursday-Friday, May 4-5, 2023. A welcome reception will be held in the evening of Wednesday, May 3, from 5:00-7:00 pm.

Session Information

Following a keynote address and Q&A with the Colorado Attorney General, Phil Weiser, the meeting’s focus will turn to new drafts and brainstorming group outlines in need of WG11 member review and comment, including the following topics:

  • Incident Response Guide, Second Edition
  • Data security and privacy in healthcare
  • Exploring greater efficiencies in data breach and privacy class action litigation
  • Ransomware payments

In addition, the meeting will feature the following sessions:

  • Privacy and data security legislative and regulatory update
  • AI: regulatory landscape
  • Children’s data privacy
  • WG11 town hall


Hotel Reservation Information

We have obtained a very favorable room rate at The Brown Palace Hotel and Spa of $229 per night (plus tax) for a limited block of rooms on the nights of May 3-4. For those who wish to arrive early, leave late, or otherwise extend their stay, the group rate is available for three nights preceding and three nights following the dates of the room block, subject to room availability. Accordingly, if you wish to book for additional nights, you should do so as soon as possible. This room block expires on April 12. Reservation information will be provided in your meeting registration confirmation email.


The Sedona Conference will seek CLE accreditation for this event in selected jurisdictions (except Virginia), as dictated by attendance.

Dialogue Leaders

iDiscovery Solutions

Washington, DC, USA

Gibbs Law Group LLP

Oakland, CA, USA

McCarthy Tetrault LLP

Vancouver, BC, Canada

McShane & Brady, LLC

Kansas City, MO, USA

Dorsey & Whitney LLP

Minneapolis, MN, USA

Dorsey & Whitney LLP

Minneapolis, MN, USA

HALOCK Security Labs

Schaumburg, IL, USA

Bleichmar, Fonti, & Auld, LLP

Oakland, CA, USA


Birmingham, AL, USA

Medidata Solutions, Inc.

New York, NY, USA

Lewis Roca

Phoenix, AZ, USA

BakerHostetler LLP

New York, NY, USA

The Sylint Group

Sarasota, FL, USA

DiCello Levitt LLP

Chicago, IL, USA


Chicago, IL, USA

Shook, Hardy & Bacon, LLP

Kansas City, MO, USA

Eckert Seamans

Pittsburgh, PA, USA

Orrick Herrington & Sutcliffe LLP
Cleveland State University College of Law

Boston, MA, USA


Spring, TX, USA

Stueve Siegel Hanson LLP

Kansas City, MO, USA

Pennsylvania Office of Attorney General

Philadelphia, PA, USA

Becker & Poliakoff, P.A.

Fort Lauderdale, FL, USA

Bennett Jones LLP

Toronto, ON, Canada

DiCello Levitt LLP

New York, NY, USA

Colorado Office of the Attorney General

Denver, CO, USA

Lockton Companies

Dallas, TX, USA

Shaw Keller LLP

Wilmington, DE, USA

Shook, Hardy & Bacon L.L.P.

Miami, FL, USA

Redgrave LLP

Chantilly, VA, USA

Dell Technologies

Johns Creek, GA, USA

Foley & Lardner LLP

Tampa, FL, USA

Colorado Office of the Attorney General

Denver, CO, USA

Federal Trade Commission

Washington, DC, USA

Arnold & Porter

New York, NY, USA

Colorado Attorney General

Denver, CO USA

HALOCK Security Labs

Mount Juliet, TN, USA

Sidley Austin LLP

Washington, DC, USA

Godfrey & Kahn S.C.

Milwaukee, WI, USA

Ballard Spahr LLP
Blank Rome

Philadelphia, PA, USA

WG11 Annual Meeting 2023 Agenda

Time Session Panelists
  Wednesday, May 3, 2023  
5:00 — 7:00 Welcome reception  
  Thursday, May 4, 2023  
7:45 — 8:45 Breakfast & sign-in  
8:45 — 9:00 Welcome & overview Drum, Weinlein
9:00 — 9:30 Colorado Attorney General Phil Weiser Weiser
  Attorney General Weiser will deliver a keynote speech and then take questions from WG11 members.  
9:30 — 10:45 Incident Response Guide, Second Edition Booth, Cattanach, KorolyovMeade*, Swanson 
  A panel of WG11 drafting members will lead a dialogue with all attendees on their draft of a Second Edition of the Incident Response Guide that, among other updates, addresses: (1) international incident response in detail; (2) emerging types of incidents, including ransomware; and (3) key legislative changes since January 2020.  
10:45 — 11:00 Morning break  
11:00 — 12:15 Data security and privacy in healthcare Brady, Cronin, MooreRomine, Vibbert*
  A panel of WG11 brainstorming group members will lead a dialogue on their outline that assesses and recommends areas in the healthcare space where Sedona can develop guidance - such as model standards - to move the law foward. The brainstorming group (1) analyzed the current legal landscape concerning the scope of medical and health information and its associated privacy and security protections, and (2) assessed current legal requirements and common practices around obtaining consent for processing and use of healthcare and related information.  
12:15 — 1:15 Lunch  
1:15 — 2:30 Ransomware payments Gray, GyasiPolenberg, Shook*, Willenbrink
  A panel of drafting team members will lead a dialogue on their progress in exploring issues related to statutory liability associated with ransomware payments, including the development of a framework for measuring that liability. The drafting team is performing an independent analysis of how and why OFAC has applied a strict liability approach in the past.  
2:30 — 3:45 Privacy and data security legislative and regulatory update Murphy, Ritvo, Shonka*, SzewczykTrilling
  The panel will lead a dialogue on some of the most important updates in the U.S. federal legislative and regulatory space. It will also focus on important updates in U.S. state legislative and enforcement activity, focusing particularly on the enhanced consumer privacy laws taking effect throughout the year.  
3:45 — 4:00 Afternoon break  
4:00 — 5:00 WG11 town hall Drum*, Jorgensen, Keller, Meal, Moncure, Promislow, Saikali, Wilan
  WG11 Steering Committee members will lead a dialogue amongst the WG11 members in attendance on progress made on the work product of the Working Group, and by the Working Group as a whole. WG11 member input will be sought regarding the future direction of WG11, including ideas for existing and new commentaries and projects.  
5:00 — 7:00 Reception (guests invited)  
  Friday, May 5, 2023  
8:00 — 9:00 Breakfast & sign-in  
9:00 — 10:15 AI: Regulatory landscape Ackert, Fedeles, Promislow*, Russell, Wilan

The European Union's (EU) AI Act seeks to establish the first comprehensive regulatory scheme for artificial intelligence. The impact of the regulation - which could be adopted by the end of 2023 - will extend beyond EU borders and will have substantial impact on data governance practices and corresponding legal exposure for organizations worldwide. At the same time, other jurisdictions (e.g. UK and Canada) have prepared proposals for the regulation of AI, and in the US, a patchwork of regulation and guidance at the state and federal level is beginning to emerge. This panel will lead a dialogue on the emerging legal issues from the EU Act as well as the intersection of the regimes in different jurisdictions and explore whether there are specific privacy and data management issues that could benefit from consideration by a brainstorming group.

10:15 — 10:30 Morning Break  
10:30 — 11:45 Children's data privacy

Drum*, McCarthyRhodes, Trilling

  An estimated one of every three online users is under the age of 18. Perceived unique risks of online conduct of and content presented to minors has fostered a renewed focus on how the legal system can be leveraged and adapted to ensure the protection of children's data privacy. During the past few years, legislators, regulators, and litigants have refocused their energy on protecting children's data privacy through new laws, enforcement actions, and lawsuits. This panel will examine this evolving legal landscape and explore whether WG11 should consider a brainstorming group to address this important topic.  
11:45 — 1:00 Exploring greater efficiencies in data breach and privacy class action litigation

BergerChavesDavis, RhodesWesleyYannella*

  A panel of WG11 brainstorming group members will lead a dialogue on their outline that explores whether there are procedural or substantive changes to the current legal regime applicable to data breach and privacy class actions that would get such actions ripe for resolution more efficiently and cost-effectively. The panel will continue truly open dialogue exploring the strengths and weaknesses of litigation positions being taken today by both sides in data breach and privacy class actions, and how the current rules of the road might be changed to reduce litigation costs in such actions.  
1:00 — 2:00 Grab-and-go lunch (provided)  
Thursday, May 4, 2023 - 8:00am to Friday, May 5, 2023 - 1:00am