Photo of Jena M. Valdetero

Jena M. Valdetero

Jena M. Valdetero serves as Co-Chair of the firm’s U.S. Data Privacy and Cybersecurity Practice, and is a trusted advisor to clients facing complex and high-stakes data privacy and security challenges. With a track record of leading thousands of data breach investigations for more than 20 years, Jena combines her broad litigation experience with a deep understanding of the evolving privacy landscape to protect her clients’ interests. She is highly skilled in defending companies in privacy and data breach litigation, particularly class actions, and is proactive in helping clients prepare for incidents by designing and facilitating customized tabletop exercises.

Jena offers practical, results-driven counsel on data privacy and security compliance programs and guides clients through privacy and cyber risk considerations in mergers, acquisitions, venture capital, and securities transactions. Her experience spans a wide range of privacy laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Gramm Leach Bliley Act (GLBA), and the Health Insurance Portability and Accountability Act (HIPAA). Certified as a privacy professional through the International Association of Privacy Professionals (CIPP/US),  Jena provides clients with actionable insights on both current and emerging privacy regulations. She previously served as KnowledgeNet Co-Chair for the International Association of Privacy Professionals, further reflecting her leadership in the field. Jena is a founding board member of the Chicago Compassion Project, a nonprofit supporting low-income families in Chicago.

Jena has been recognized by Chambers USA as a leading privacy and data security lawyer, with clients praising her “very deep knowledge of subject matter” and calling her “extremely responsive and business-minded.” She is trusted for her “great strategic advice” and practical approach to complex data privacy issues, with one client saying, “I’d unequivocally recommend her to anybody with any kind of privacy or data breach concerns.”

The last remaining provisions of the amendments to the New York Department of Financial Services’ (DFS) cybersecurity regulation called Part 500 came into effect Nov. 1, 2025.

Continue Reading NYDFS Final Cybersecurity Rules – MFA, Asset Inventory, and Third-Party Risk

On Oct. 22, 2024, the SEC announced settled administrative actions against four current or formerly public technology companies, finding that the companies all made materially misleading disclosures to investors in

Continue Reading SEC Files Actions Against 4 Public Companies for Negligent Cybersecurity Disclosures

On May 16, 2024, the U.S. Securities and Exchange Commission finalized amendments to Regulation S-P (the Amendments) that largely adopt the proposed amendments the SEC issued in 2023. As discussed

Continue Reading SEC Adopts Cybersecurity Amendments to Regulation S-P

On July 26, 2023, the Securities and Exchange Commission (SEC) adopted the long-awaited final rule requiring that public companies disclose information about cybersecurity incidents within four business days of determining

Continue Reading SEC Finalizes Cyber Rules for Public Companies: What You Need to Know

On Feb. 9, 2022, the SEC released its long-awaited proposed cybersecurity rule, and there’s a lot to unpack. As GT reported previously, the SEC increased enforcement of cybersecurity
Continue Reading SEC Issues Proposed Cyber Rule, Including 48-Hour Breach Reporting Requirement