David J. Navetta

Partner

  • Virtual Office

312.529.0893

More ways to contact David J. Navetta

David advises clients on all aspects of technology and data law, including data privacy, information security, artificial intelligence (AI), financial reporting, data governance, technology-related transactions, and data monetization and use. His pragmatic, risk-based approach helps clients see around corners and achieve their objectives.

Articles + Publications

Regulatory Oversight Newsletter — August 2025
Overview
Insights
Awards

David has extensive experience enabling his clients’ data leverage and monetization strategies, business plans, and products and services as they confront the novel and rapidly evolving complexities in this space. He combines deep knowledge of the privacy, security, and data landscape with practical risk-informed compliance advice, which is highly valued by technology and traditional companies seeking to build their data and technology strategies.

David has advised clients on a multitude of privacy, data, and technology-related issues, including data ownership and use rights, compliance with U.S., federal, and international privacy laws, data localization and transfers, commercial technology transactions, identity management, data brokerage, advertising and media data issues, data mapping, consent-flow management, privacy and cyber financial reporting, and privacy and data due diligence related to hundreds venture financing, mergers and acquisitions, and IPO transactions.

David is a pioneer in the data protection space and is regularly sought after to handle complex and cutting-edge data security and protection issues, including data breach response, cybersecurity risk management, incident response planning and preparedness, cyber insurance coverage, and running multidisciplinary tabletop and scenario-base exercises for information security teams, top management, and boards. He is a leading voice on incident response strategies, communications, and impact mitigation, and has helped thousands of companies successfully respond to security incidents, including navigating the SEC’s cyber security rule, and developing materiality assessment processes and playbooks.

David’s clients range from startups to Fortune 500 multinationals across all industries, including ecommerce, data brokers, consumer products, hospitality, social media, technology, health care, AI, finance, and energy. He co-founded a Chambers USA-ranked law firm and is a top-ranked attorney in multiple categories by Chambers USA and Chambers Global in privacy, cybersecurity, and incident response. David is also recognized by Legal 500 USA, and WWL: Data for his experience in privacy and data security.

David’s career has included roles such as U.S. practice group leader of a prior technology firm’s Chambers-ranked practice, global co-chair of another major law firm’s data protection practice, and assistant general counsel at AIG. David has also held leadership positions in the American Bar Association, including chairing the Science and Technology Law Section’s Information Security Committee. He frequently speaks and writes, is interviewed on technology, privacy, and data security issues, and is a highly respected in the field.

  • Chambers USA: Privacy & Data Security: Cybersecurity – Nationwide (2024-2025)
  • Chambers USA: Privacy & Data Security: Privacy – Nationwide (2019-2025)
  • Chambers Global USA: Band 1 for Privacy & Data Security: Incident Response – Nationwide (2023)
  • Chambers USA: Privacy & Data Security: Incident Response – Nationwide (2021-2022)
  • The Legal 500 US: Leading Lawyer in Cyber Law (Including Data Privacy and Data Protection) (2023-2025)
Overview

David has extensive experience enabling his clients’ data leverage and monetization strategies, business plans, and products and services as they confront the novel and rapidly evolving complexities in this space. He combines deep knowledge of the privacy, security, and data landscape with practical risk-informed compliance advice, which is highly valued by technology and traditional companies seeking to build their data and technology strategies.

David has advised clients on a multitude of privacy, data, and technology-related issues, including data ownership and use rights, compliance with U.S., federal, and international privacy laws, data localization and transfers, commercial technology transactions, identity management, data brokerage, advertising and media data issues, data mapping, consent-flow management, privacy and cyber financial reporting, and privacy and data due diligence related to hundreds venture financing, mergers and acquisitions, and IPO transactions.

David is a pioneer in the data protection space and is regularly sought after to handle complex and cutting-edge data security and protection issues, including data breach response, cybersecurity risk management, incident response planning and preparedness, cyber insurance coverage, and running multidisciplinary tabletop and scenario-base exercises for information security teams, top management, and boards. He is a leading voice on incident response strategies, communications, and impact mitigation, and has helped thousands of companies successfully respond to security incidents, including navigating the SEC’s cyber security rule, and developing materiality assessment processes and playbooks.

David’s clients range from startups to Fortune 500 multinationals across all industries, including ecommerce, data brokers, consumer products, hospitality, social media, technology, health care, AI, finance, and energy. He co-founded a Chambers USA-ranked law firm and is a top-ranked attorney in multiple categories by Chambers USA and Chambers Global in privacy, cybersecurity, and incident response. David is also recognized by Legal 500 USA, and WWL: Data for his experience in privacy and data security.

David’s career has included roles such as U.S. practice group leader of a prior technology firm’s Chambers-ranked practice, global co-chair of another major law firm’s data protection practice, and assistant general counsel at AIG. David has also held leadership positions in the American Bar Association, including chairing the Science and Technology Law Section’s Information Security Committee. He frequently speaks and writes, is interviewed on technology, privacy, and data security issues, and is a highly respected in the field.

Insights

Articles + Publications

Regulatory Oversight Newsletter — August 2025

Firm News

Troutman Pepper Locke Adds Privacy and Cybersecurity Ace David Stauss as Partner

Speaking Engagements

State Privacy Law Evolution: New Legislative and Regulatory Enforcement Approaches

Speaking Engagements

State Privacy Law Evolution: New Legislative and Regulatory Enforcement Approaches

See all insights from David J. Navetta

Awards
  • Chambers USA: Privacy & Data Security: Cybersecurity – Nationwide (2024-2025)
  • Chambers USA: Privacy & Data Security: Privacy – Nationwide (2019-2025)
  • Chambers Global USA: Band 1 for Privacy & Data Security: Incident Response – Nationwide (2023)
  • Chambers USA: Privacy & Data Security: Incident Response – Nationwide (2021-2022)
  • The Legal 500 US: Leading Lawyer in Cyber Law (Including Data Privacy and Data Protection) (2023-2025)

Top areas of focus

  • International Association of Privacy Professionals

Education

  • DePaul University College of Law, J.D., 1996
  • Michigan State University, B.A., 1992, accounting

Bar Admissions

  • Colorado
  • Illinois
  • Speaker, “State Privacy Law Evolution: New Legislative and Regulatory Enforcement Approaches,” Troutman Pepper Locke and myLawCLE, July 23, 2025.
  • Panelist, “U.S. Privacy Law Update and Overview,” California Lawyers Association 48th IP Law Institute, March 7, 2025.
  • Panelist, “Year One of the SEC’s 8-K Cyber Rule Filings,” PLUS D&O Symposium, March 4, 2025.
  • Panelist, “Privacy Forum,” Rocky Mountain Information Security Conference, June 7, 2023.
  • Presenter, “Beyond Personal Data: Data Regulations, Localizations and Limitations,” 21st Annual Rocky Mountain Intellectual Property & Technology Law Conference, June 2, 2023.
  • Panelist, “Cyber Resilience & the Evolving Cyber Threat Landscape,” American Institute of Certified Public Accountants (AICPA) Conference, November 15, 2022.
  • Guest, Privacy Governance v. Cybersecurity Governance, “ADCG on Privacy & Cybersecurity” podcast, Association for Data and Cyber Governance, August 22, 2022.
  • Panelist, “Customer Loyalty, Privacy & Governance,” SPOKES Privacy Technology Conference, June 23, 2022.
  • Presenter, “Privacy and Cybersecurity Developments: The Americas,” CLE presentation to Marsh McLennan, June 22, 2022.
  • Speaker, “You’ve got to move it: Data protection and privacy with cross-border transfers,” The Master’s Thought Leadership Conference, June 21, 2022.
  • Presenter, “2022 Data Privacy & Security Update,” 20th Annual Rocky Mountain Intellectual Property & Technology Law Institute, June 2, 2022.
  • Moderator, “Ransomware Response,” The Institute for Law and Technology’s Cybersecurity and Data Privacy Law Conference, September 22, 2021.
  • Presenter, “Data Breach – A War Game,” 19th Annual Rocky Mountain Intellectual Property & Technology Law Institute, June 3, 2021.
  • Speaker, “Employee DSARs: The Coming Deluge,” Exterro webinar, March 4, 2021.
  • Speaker, “Cyber Insurance Trends,” Association of Corporate Counsel (ACC) Foundation’s Virtual Cybersecurity Summit, March 4, 2021.
  • Speaker, “The Cybersecurity War Room: Practicing Your Response to the First 72 Hours of a Breach,” ACC SoCal webinar, June 9, 2020.