The Sedona Conference

The Sedona Conference and WG11 are pleased to announce that the Commentary on U.S. Sanctions-Related Risks for Ransomware Payments ("Commentary") has been published for public comment. In the United States, no federal laws have been enacted specifically to limit the payment of cyber ransoms. However, the U.S. Treasury’s Office of Foreign Assets Control (OFAC) has explained that such payments may subject ransomware victims to liability under the Trading With The Enemy Act (TWEA) and/or the International Emergency Economic Powers Act (IEEPA). Generally, those laws prohibit U.S. persons from transacting or attempting to transact with an enemy of the U.S., certain related parties, and specified parties subject to U.S. sanctions or embargoes. OFAC has published two advisories in recent years on the subject of ransomware payments, both of which suggest that U.S. persons may be held strictly liable under TWEA and IEEPA when they make a ransomware payment to a sanctioned person or engage with an embargoed country or region. Contrary to OFAC’s advisories, TWEA and IEEPA and their regulations do not impose a strict-liability standard in all cases where a victim makes a ransomware payment to a threat actor on the Specially Designated Nationals and Blocked Persons list. However, OFAC’s interpretation of these statutes and regulations as imposing a strict-liability regime creates substantial uncertainty and unnecessary chilling effects when victims are forced to make ransomware payments. The Commentary aims to address this uncertainty through: (1) engaging in a thorough analysis of TWEA and IEEPA, OFAC’s recent guidance, and the purported strict-liability standard; (2) proposing a Framework for assisting organizations in identifying the source of an attack and likely recipient of a ransom, and evaluating organizations’ level of risk from OFAC if the organizations elect to pay; and (3) providing suggestions for a more reasoned basis for determining circumstances under which a ransomware payment might be made without the threat of OFAC sanctions. The Commentary is open for public comment through September 23, 2024. Questions and comments may be sent to comments@sedonaconference.org. The drafting team – which includes Jim Shook, John Gray, Eric B. Gyasi, CIPP/US, Bill Hardin, Emily Jennings, Robert Kirtley, Jon Polenberg, Daniel Raymond, W. Lawrence Wescott & Phil Yannella  – will carefully consider all comments received, and determine what edits are appropriate for the final version. The publication is available for download here: https://bit.ly/3zVQskn.

Register today for our webinar on Global Regulation of AI: Implications for Cross-Border Data Transfers, Privacy, and Data Security. The webinar will be this Wednesday, July 10 at 11 am EDT, and will run for 90 minutes. In this webinar, we will examine the bourgeoning regulation of AI across the globe, most principally the European Union’s Artificial Intelligence Act (“AI Act”), expected to largely go into effect in 2026. At present, the AI Act is set to be the most comprehensive extraterritorial regulation of AI by any government in the world. The panel will provide overviews of select regulatory regimes and international organization guidance, and the webinar will also focus on the implications for cross-border data transfers and the accompanying privacy and data security risks. The panel is comprised of expert attorneys, academics and regulators, including: Christian Schroeder, who will moderate the panel; Renato Opice Blum; Courtney Bowman; Dan Nechita; Christabel R. (Randolph); and Thomas Zerdick.   To register for the webinar today and for more information, please visit: https://lnkd.in/guWQhHQU.

Kenneth J. Withers appointed executive director of The Sedona Conference

The Sedona Conference and WG6 are pleased to announce that the Commentary on Proportionality in Cross-Border Discovery ("Commentary") has been published for public comment. The Commentary is available for free download here: https://bit.ly/3VRhnFo. This Commentary examines the landscape of overlapping proportionality and comity analyses, offering summaries and commentary on various approaches before recommending a framework that starts with proportionality as a first step — as a threshold issue of discovery scope — while recognizing that proper proportionality analysis may consider the effect of compliance with the non-U.S. law at issue. If the discovery is proportional to the needs of the case, when so considered, then a separate comity analysis should be conducted. Although those analyses share similar factors, applying them in strict order should minimize analytic and doctrinal problems. This Commentary also examines the potential costs and burdens of cross-border discovery, including nonmonetary risks and burdens associated with measures implemented to comply with non-U.S. laws, and advises that arguments based on such burdens should be made with sufficient specificity and detail. Further, parties and courts should employ and encourage practices that promote compliance with the non-U.S. laws while reducing burdens of cross-border discovery. The Commentary is open for public comment through August 28, 2024. Questions and comments may be sent to comments@sedonaconference.org. The drafting team — which includes Briordy Meyers, J.D., CIPP/E, Jay Yelton, Jim Calvert, William Marsillo, Judge Xavier Rodriguez, Joshua Samra, Anna-Patricia Stadler, Jeane A. Thomas, Bijal V. Vakil, and Michael C. Zogby — will carefully consider all comments received, and determine what edits are appropriate for the final version.

Come to a Sedona Conference and you know you'll get insightful dialogue from some of the most respected voices in the legal profession. Day 2 of our Artificial Intelligence and Intellectual Property Law conference began with a discussion on how A.I. can be expected to impact the future of patent and copyright law, featuring Kathi Vidal, Under Secretary of Commerce for Intellectual Property and Director of the U.S. Patent and Trademark Office, and conference co-chair Leah Poynter Waterland of Cisco. Our heartfelt thanks not only to director Vidal but all of our dialogue leaders for a fascinating two days of discussion on the AI revolution and how it relates to intellectual property issues.

We are all heartbroken at The Sedona Conference. As we go about processing the emotions of losing our leader and friend, we would like to thank all who have shared their kind words and sympathies. Craig's kindness and gentle spirit impacted so many, and we are truly, deeply moved by the overwhelming outpouring of support. We will be setting up a Thoughts and Remberances page on The Sedona Conference website. If you would like to share any stories or remembrances of Craig, or consent to having your comments here posted on the page, please email us at dbl@sedonaconference.org. With deepest gratitude, The Sedona Conference

The Sedona Conference mourns passing of executive director Craig Weinlein

The Sedona Conference is pleased to announce publication of Evaluating the FTC’s Authority to Enforce the GLBA’s Provisions Regarding the Security and Privacy of Consumer Financial Information: Lessons from Recent Case Law, co-authored by Douglas Meal, a Chair Emeritus of the WG11 Steering Committee, and Sharilyn Clark. The article will be included in The Sedona Conference Journal, Volume 25, to be published later this summer. The article focuses on the FTC’s enforcement authority under two provisions of the Graham-Leach-Bliley Act (“GLBA”) that govern the conduct, in the privacy and cybersecurity context, of “financial institutions” that are subject to the GLBA: Section 501(b) (“the GLBA Security Requirement”) and Section 521(a) (“the GLBA Pretexting Prohibition”). The article examines what lessons are to be learned regarding the FTC’s authority to enforce those two provisions from the recent decisions rendered by the U.S. District Court for the Southern District of New York in the first FTC enforcement action under the GLBA Pretexting Provision ever to be litigated through trial and judgment. Regarding the GLBA Pretexting Provision, the article criticizes a number of the Court’s rulings as being at odds with the relevant statutory language. Regarding the GLBA Security Requirement, the article points out that the GLBA gives the FTC much greater enforcement authority to the Pretexting Provision than it does to the Security Requirement. It also points out that the FTC has never engaged in rule making that would take full advantage of the enforcement authority it has under the Security Requirement, and as a result, the FTC currently has no authority to obtain relief of any sort for a violation of the Security Requirement unless that violation also violates Section 5 of the FTC Act. The article can be downloaded for free from The Sedona Conference website: https://bit.ly/4ebnmgj.

The Sedona Conference and its Working Group 1 on Electronic Document Retention and Production are extremely pleased to announce publication of the final, post-public-comment version of the Commentary on Privilege Logs. This challenging undertaking began with the formation of a brainstorming group in August 2020 and a drafting team a year later. After more than three years of dialoguing, drafting, refining, and redrafting, involving more than two dozen WG1 members, we are proud to present this consensus-driven Commentary that offers tools and strategies for both responding and requesting parties to mitigate the considerable burdens and competing interests that can be associated with privilege logs. We tip our hats to Adam Gajadharsingh and Meghan Podolny for their tireless efforts as team leaders since the project's inception. We also salute drafting team members Toni Baker, Travis Bustamante, MaryBeth V. Gibson, Nathaniel C. Giddings, Jennifer Scullion, Tom Vanaskie, Margot Want; Steering Committee liaisons Rebekah Bailey, Andrea D'Ambra, Tessa K. Jacob, Sandra Metallo-Barragan, Claudia Morgan; the 14 contributors to the initial brainstorming group; and all our members who provided feedback and suggestions throughout the drafting process. The Commentary is available to all from the Sedona Conference website. Download your free copy here: https://bit.ly/3uCywsD.

The Sedona Conference will continue its examination of the impact of Artificial Intelligence on the legal profession with Part 2 of its "AI and the Law" Conference on June 20-21 at the Hyatt Regency Reston in Reston, Va.   Part 1, which was devoted to AI in civil litigation, sold out, but there is still time to register for Part 2, which will focus on AI in Intellectual Property law and practice.   The conference will feature 10 sessions, dealing with AI as it relates to patent, trade secret, and copyright law, including a panel of regulators, judges, and a key federal legislator discussing the future of AI regulation and governance.   Our dialogue leaders will include U.S. Congressman Glenn Ivey of Maryland's 4th Congressional District, retired federal judges Paul R. Michel and Paul W. Grimm, and a diverse cross-section of thought leaders in the IP sector: Jim W. Ko, Leah Poynter Waterland, Kerri Braun, Cynthia Cole, Maura R. Grossman, John Hines, Jr., Scott M. Kelly, Dean Pelletier, Matt Powers, Andrew Russell, Jeanne Somma, Harry Strange, and Danny Tobey, M.D., J.D.   Our discounted group room rate at the Hyatt Regency expires on May 28, so be sure to register soon. Registration information and more details are available here: https://lnkd.in/gf2zyFSb.