The Sedona Conference Working Group 11 Annual Meeting 2025

Zach Willenbrink and a panel of data privacy, cybersecurity and technology attorneys speak during the Sedona Working Group 11 Annual Meeting 2025 on May 8. Their session, "Individual Liability for Data Security Failures," focuses on a draft Commentary that examines both the current legal bases and what as a policy matter the legal bases should be, for holding individuals liable when an entity violates the various legal regimes that impose data security obligations on entities with regard to personal information they collect or maintain. The legal regimes that the draft Commentary addresses include both those that impose such data security obligations expressly (e.g., U.S. federal and state, and non-U.S, statutes and regulations that expressly require “reasonable” or “appropriate” or specified cybersecurity measures) and those that impose such obligations only as a matter of interpretation (e.g., the FTC Act and state UDAP statutes).