(p) 303.325.3528 (e) email@example.com
David Navetta is one of the Founding Partners of the Information Law Group. David has practiced law for over twelve years, including technology, privacy, information security and intellectual property law. He is also a Certified Information Privacy Professional through the International Association of Privacy Professionals.
David has enjoyed a wide variety of legal experiences over his career that have provided him with a unique perspective and legal skill set, including work at a large international law firm, in-house experience at a multinational financial institution, and an entrepreneurial endeavor running his own law firm.
- Information technology, privacy and data security transactions
- Privacy and data security compliance and policies
- Privacy breach notice and incident response
- Intellectual property and licensing
- E-commerce, outsourcing, cloud computing, software as a service
- Insurance law, including “cyber” and technology liability policy analysis and drafting
- American Bar Association: Information Security Committee; Electronic Discovery and Digital Evidence Committee
- International Association of Privacy Professionals (IAPP)
- John Marshall Law School, Information Technology LLM (pending)
- DePaul University College of Law, JD (top 16% of class)
- Michigan State University, BA Accounting
- “Cloud Computing Customers’ ‘Bill of Rights’” ISSA Journal, January 2011
- “Data Breach in the Clouds” Hiscox Global Technology News, January 2011
- “The Legal Defensibility Era” ISSA Journal, August 2010
- “The PCI Compliance and Encryption Requirements of Nevada’s Security of Personal Information Law” DataGuidance, April 2010
- “Potential Changes to the US Breach Notice Risk Landscape” dataprotectionlaw&policy, February 2010
- “Interpreting ‘Risk’ in the Massachusetts Data Protection Law.” SearchSecurity.com, November 2009
- “Who is Minding the Legal Risks around PCI?” ISSA Journal, April 2009
- “Legally Mandated Encryption – Two New State Laws Mandate Encryption of Personal Information.” BNA Privacy & Security Law Reporter, November 2008
- “PCI Liability Theories – Minnesota’s Plastic Card Protection Law and a New Third Circuit Case Could Open the Door to Potential Liability for Merchants.” IAPP Privacy Tracker, November 2008
- “The Legal Implications and Risks of the Payment Card Industry (PCI) Data Security Standard.” ABA SciTech Lawyer, June 2008.
- “The Legal Implications of the PCI Data Security Standard.” SC Magazine Online, April 2008
- “The New Privacy Insurance Coverage.” ABA SciTech Lawyer, Summer 2006.
Select Speaking Engagements
- “Cloud Computing Legal, Security and Contracting Issues.” IAOP Risk Management & Data Security in an Outsourced World, Denver, CO, January 11, 2011
- “The Tension Between New Technologies and Privacy: Does America Really Believe in Privacy? If Not, Why Care?” The 19th Annual Conference on Current Developments in Technology Law, Seattle, WA December 9-10, 2010
- “Emerging Cyber & Privacy Exposures and Insurance Solutions.” Cyber Liability Workshop, Denver, CO, November 4, 2010
- “Assessing the Impact of Recent Litigation over Privacy/Security Breaches: Current Theories of Liability and Claims.” 4th Annual Advanced Forum on Cyber and Data Risk Insurance, New York, NY, September 27 – 28, 2010
- “Legally Defensible, Proactively Protected.” ISSA International Conference, Atlanta, GA, September 15 -17, 2010
- “Privacy and Security Regulatory Trends.” The NetDiligence Cyber Risk & Privacy Liability Forum, Philadelphia, PA, June 7-8, 2010
- “Fraud Prevention: Protect Your Customers and Your Institution from Web Vulnerabilities”, Bank Information Security Webinars, May 2010
- “Negotiating and Preparing Cloud Contracts.” IAPP Web Conference, May 3, 2010
- “Electronic Identity: Who Are You…and When Does it Matter.” RSA Security Conference, San Francisco, CA March 2010
- “Hot Topics in Information Security Law.” RSA Security Conference, San Francisco, CA, March 2010
- “Information Security Standards and the Law.” RSA Security Conference, San Francisco, CA, March 2010
- Hot Topics in InfoSec & Privacy Law 2009, IAPP Knowledgenet, Denver, CO May 2010
- “When Big, Bad Things Happen to Small Companies: Data Security and the Small-to-Mid-size Business.” PLUS Professional Risk Symposium, April 2009
- “PCI in 2009: A Look at the Legal and Practical Aspects of the PCI-DSS”, RSA Security Conference, San Francisco, CA, April 2009
- “Hot Topics” in InfoSec Law”, RSA Security Conference, San Francisco, CA, April 2009
- “Bridging the Communications Divide Between IT, Risk and Legal.” 2009 Hospitality Law Conference, Houston, TX, February 2009
- “Information Security and Privacy Legal Compliance.” Public Agency Risk Management Association 2009 Conference, Rancho Mirage, CA, February 2009
- “Information Security and Privacy Legal Compliance.” Hiscox Privacy Seminar, Chicago, IL, October 2008
- “Overview of the Legal Implications of the Payment Card Industry Data Security Standard.” Colorado Information Management Association’s 2008 Fall Conference, Vail, CO, October 2008
- “Risk Transfer: Fitting Information Security Insurance into the Risk Management Puzzle.” Information Security Compliance and Risk Management Institute, Seattle, WA, September 2008.
- “The Integration of Information Security and the Law.” Symantec Denver Seminar, Denver, CO, June 2008
- “Integrated Security and Privacy Risk Management” Lockton Cyber Seminar, Denver, CO, May 2008
- “The Legal Implications and Risks of the Payment Card Industry (PCI) Data Security Standard.” American Bar Association Continuing Legal Education (CLE) Webinar, April 2008
- “Hot Topics” in InfoSec Law.” RSA Security Conference, San Francisco, CA, April 2008
- “Technology Solutions for Integrated Role-based Information Security Risk Management.” SC Magazine IT Security Executive Forum 2007, Oakland, CA, October 2007.
- “Emerging Security and Privacy Risks and Solutions for the Retail Industry.” Webinar series for the Retail Industry Leaders Association, October 2007 and November 2007.
- “Public Policies and Enterprise Risks.” Information Security Compliance and Risk Management Institute, Seattle, WA, September 2007.
- “PCI and Service Provider Contracting Briefing.” Fishnet Security Client Briefing Series, Kansas City, MO, September 2007.
- “Concurrent Educational Session: Emerging Privacy Issues – Challenges and Opportunities for the Insurance Industry.” PLUS International Conference, Chicago, IL, November 2006.
- “Contractor Cyber Liability and Risk Mitigation.” The Virginia Technology Alliance Tech Events, Norfolk, VA, November 2006.
- “Contracting for Information Security & Privacy Risks
- “ What Every General Counsel and Transactional Attorney Need to Know about Information Security.” American Bar Association Continuing Legal Education (CLE) Webinar, June 2006
- “Business & Technology Solutions that Promote Privacy and Data Security.” National Forum on Privacy Information & Security in the Insurance Industry, New York, NY June 2005.
- “Data Protection – The Convergence of Privacy & Security.” Practicing Law Institute’s 6th Annual Institute on Privacy Law, New York, NY June 2005.
- “Law and Policy Panel.” RSA Security Conference, San Francisco, CA, February 2005.