Photo of Jena M. Valdetero

Jena M. Valdetero serves as Co-Chair of the firm’s U.S. Data, Privacy and Cybersecurity Practice where she advises clients on complex data privacy and security issues. She has led more than 1,000 data breach investigations. A litigator by background, Jena defends companies against privacy and data breach litigation, with an emphasis on class action lawsuits. She has designed and conducted dozens of data breach tabletop exercises to empower clients to respond effectively to a data security incident. She also counsels companies on data privacy and security compliance programs and advises on cyber risks associated with mergers and transactions. Jena also advises a diverse array of clients on compliance with existing and emerging privacy laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Gramm Leach Bliley Act (GLBA), and the Health Insurance Portability and Accountability Act (HIPAA). She is a certified privacy professional through the International Association of Privacy Professionals (CIPP/US), for which she is a former KnowledgeNet Co-Chair.
Jena is a passionate advocate of diversity and inclusion. She currently serves as a board member of the Chicago chapter of Women in Law Empowerment Forum.

The past 12 months have seen an increase in cybersecurity attacks against major companies, placing data breaches on the front page of virtually every major newspaper. The U.S. government has taken notice. In May, the Biden administration issued an executive order requiring government agencies and certain government contractors to comply with cybersecurity requirements. In July,

The California Consumer Privacy Act provided plaintiffs with a private right of action to pursue statutory damages following data security breaches that impact certain sensitive categories of information and are caused by a business’s failure to institute reasonable and appropriate security. Although the CCPA does not permit private suits with respect to alleged violations of

The California Consumer Privacy Act provided plaintiffs with a private right of action to pursue statutory damages following data security breaches that impact certain sensitive categories of information and are caused by a business’s failure to institute reasonable and appropriate security. Although the CCPA does not permit private suits with respect to alleged violations of

The California Consumer Privacy Act provided plaintiffs with a private right of action to pursue statutory damages following data security breaches that impact certain sensitive categories of personal information and are caused by a business’s failure to institute reasonable and appropriate security. Although the CCPA does not permit private suits with respect to alleged violations

Possibly, yes. The European Data Protection Board (EDPB) has issued draft practical guidance on various types of data breaches to assist companies with identifying situations in which a data security incident may need to be reported to EU supervisory authorities (the government regulator for privacy in various EU member countries).

The EDPB addresses a common

Possibly. The European Data Protection Board (EDPB) issued draft practical guidance on various types of data breaches to assist companies with identifying situations in which a data security incident may need to be reported to EU supervisory authorities (the government regulator for privacy in various EU member countries). In instances of a lost or stolen

Possibly. The European Data Protection Board (EDPB) issued draft practical guidance on various types of data breaches to assist companies with identifying situations in which a data security incident may need to be reported to EU supervisory authorities (the government regulator for privacy in various EU member countries). The guidance addresses the common scenario of

Maybe not. The European Data Protection Board (EDPB) issued draft practical guidance on various types of data breaches to assist companies with identifying situations in which a data security incident may need to be reported to EU supervisory authorities (the government regulator for privacy in various EU member countries).

The EDPB addresses a very common

The European Data Protection Board (EDPB) issued draft practical guidance on various types of data breaches to assist companies with identifying situations in which a data security incident may need to be reported to EU supervisory authorities (the government regulator for privacy in various EU member countries) and to the individuals themselves. One example discussed

The European Data Protection Board (EDPB) issued draft practical guidance on various types of data breaches to assist companies with identifying situations in which a data security incident may need to be reported to EU supervisory authorities (the government regulator for privacy in various EU member countries). The guidance includes how to respond to a