The Sedona Conference Working Group 11 on Data Security and Privacy Liability 2022 Annual Meeting

Doug Meal participated as a dialogue leader during the Sedona Conference's 2022 Annual Meeting of Working Group 11 on Data Security and Privacy Liability (WG11). With his fellow speakers, Doug discussed ransomware payments and when they are legal under U.S. law. The group also discussed how there is currently no legal authority that guides determination of whether a threat actor to whom one is considering making a ransomware payment either is itself, or is acting for the benefit of, an organization/entity listed on OFAC’s Specially Designated Nationals and Blocked Persons List (SDN List), such that making a ransomware payment to that threat actor would be prohibited. The group concluded the session with a brainstorm on whether WG11 should develop an independent standard and/or factors that would provide guidance on this issue.

Other topics covered during the WG11 Meeting included model data breach notification law; biometric privacy; notice and consent; incident response; and legislative and regulatory updates.