May 17, 2021

Volume XI, Number 137


May 17, 2021

Subscribe to Latest Legal News and Analysis

The Sedona Conference Commentary on Quantifying Violations Under U.S. Privacy Laws Published for Public Comment

The end of last month the Sedona Conference and its Working Group 11 on Data Security and Privacy Liability (WG11) announced that The Sedona Conference Commentary on Quantifying Violations under U.S. Privacy Laws (“Commentary”) has been published for public comment.  Read on for some key takeaways.

First, for those who are not so familiar, a brief introduction.  What is The Sedona Conference?  It is a nonpartisan, research and educational institute dedicated to the advanced study of law and policy in the areas of antitrust law, complex litigation, intellectual property rights, and data security and privacy law.

Since its inception, The Sedona Conference has had multiple Working Groups.  These Working Groups, or “think-tanks”, are tasked with confronting some of the most challenging legal issues.  For example, the first Working Group (WG1) met on October 17-18, 2002, and was dedicated to the development of guidelines for electronic document retention and production.  The guidelines became the industry standard for managing electronic discovery compliance, and eventually led to the enactment of the federal rules on eDiscovery in 2006.

Fast forward 19 years, the mission of Working Group 11 (WG11) is to identify and comment on trends in data security and privacy law, in an effort to help organizations prepare for and respond to data breaches, and to assist attorneys and judicial officers in resolving questions of legal liability and damages.  In this recently released public comment version of its publication on quantifying violations under U.S. privacy laws, the Sedona Conference is now seeking comments, which will be reviewed and incorporated as deemed appropriate, prior to the release of the final version of the publication.  The comments can be submitted until June 26, 2021.

With the increase in state privacy and data breach laws, there are a lot of uncertainties regarding damages and statutory penalties.  WG11 is hoping to address this pressure point for the industry.  For example, many state laws do not clearly define how a “violation” should be calculated (is it the number of days information may have been exposed, or alternatively, the number of times it may have been exposed?)

Some of WG11’s suggested possible methodologies for calculating violations include: calculation based singularly on defendant’s failure to comply, regardless of number of impacted consumers or parts of the law violated, while other suggestions include calculations based exclusively on number of parts of the statute violated.  Other formulations include calculating violations based on the number of consumers impacted, or the number of pieces of personal information impacted, or even the number of days violation occurred.  By using hypotheticals under California Consumer Privacy Act, Colorado Security Breach Notification Law and the Illinois Biometric Information Privacy Act, WG11 has also addressed the ongoing challenges both the industry and the judiciary is facing in determining “violations.”

Comments on the draft can be submitted to

© Copyright 2021 Squire Patton Boggs (US) LLPNational Law Review, Volume XI, Number 123



About this Author

Zarish Baig Litigation Attorney Squire Patton Boggs Los Angeles, CA

Zarish Baig is an associate in our Litigation Practice, managing a wide variety of cases, including data privacy, Telephone Consumer Protection Act, breach of contract, white collar criminal matters, and internal and government investigations.

Before joining the firm, Zarish worked as a litigator in a mid-sized firm in the San Francisco Bay Area; and prior to that, as a litigator in Calgary, Canada. Zarish has experience representing clients from all over the world.

Zarish is a skilled trial lawyer and has participated in all stages of litigation on behalf of her clients....

Kristin L. Bryan Litigation Attorney Squire Patton Boggs Cleveland, OH & New York, NY
Senior Associate

Kristin Bryan is a litigator experienced in the efficient resolution of contract, commercial and complex business disputes, including multidistrict litigation and putative class actions, in courts nationwide.

She has successfully represented Fortune 15 clients in high-stakes cases involving a wide range of subject matters.

As a natural extension of her experience litigating data privacy disputes, Kristin is also experienced in providing business-oriented privacy advice to a wide range of clients, with a particular focus on companies handling customers’ personal data. In this...