Jeewon K. Serrato

She | Her | Hers

Partner

San Francisco
T +1.415.659.2620
F +1.415.659.2601

Overview

With her government and in-house experience, having served as chief privacy executive for two public companies, clients turn to Jeewon Kim Serrato for advice on high-stakes regulatory defense matters, complex security incident investigations, new and emerging data monetization strategies and cross-border M&A and tech transactions.

Jeewon is co-lead of the Digital Transformation and Data Economy team, San Francisco Leader of the Digital Assets and Data Management Group and co-lead of the U.S. Consumer Privacy practice at BakerHostetler. Her practice focuses on guiding organizations through periods of transformation and change, whether it is driven by innovation or crisis management. She counsels clients in the areas of consumer privacy, cybersecurity, data optimization and data science.

Drawing from her experience working on Capitol Hill and serving as head privacy executive for a global data broker and a publicly traded financial services company with $3.5 trillion in assets, Jeewon assists clients in pivoting their business models, accelerating growth as a new business and developing strategic acquisition, exit or divestiture plans.

Jeewon understands how digital strategy and data assets can shape the direction of a business’s corporate roadmap and she advises C-suite level executives on the impact that critical business events involving technology and data can have on the employees, customers and the bottom line. Jeewon has led initiatives to design and execute compliance programs for international corporations, as well as negotiate cross-border M&A deals, and advise on high-stakes investigation and dispute matters. She has a thorough understanding of U.S. and global privacy regulations, including the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR). Utilizing this knowledge, she helps companies create enterprise-wide privacy and data strategy programs from the ground up, assists in testing critical vulnerabilities and performs risk assessments. Having handled and managed hundreds of data breach incidents and internal investigations, she also works with companies to prepare crisis management policies and data breach response plans.

Jeewon formerly served on the U.S. Department of Homeland Security Data Privacy and Integrity Advisory Committee and as Inaugural Chair of the California Lawyers Association’s Privacy Law Section Executive Committee. She maintains an active U.S. Secret Clearance. She is also co-author of the International Association of Privacy Professionals (IAPP) publication, Data Processing Agreements: Coordination, Drafting and Negotiation (2019) and the “International Personal Data Protection and Cross-Border Data Transfers” chapter of Privacy Compliance and Litigation in California (2021), a publication of the Continuing Education of the Bar (CEB), a non-profit program of the University of California.

Select Experience

  • Acted as Chief Privacy Officer for a major U.S. financial services institution, in charge of the enterprise program for all data protection, privacy and cybersecurity risks.
  • Handled and managed over 600 information security incidents, including attacks involving nation state actors and insider threat issues.
  • Assisted in responding to CCPA Notice of Violation letters from the California Office of the Attorney General for several industry clients, including retail and financial services.
More »

Experience

  • Acted as Chief Privacy Officer for a major U.S. financial services institution, in charge of the enterprise program for all data protection, privacy and cybersecurity risks.
  • Handled and managed over 600 information security incidents, including attacks involving nation state actors and insider threat issues.
  • Assisted in responding to CCPA Notice of Violation letters from the California Office of the Attorney General for several industry clients, including retail and financial services.
  • Assisted in developing digital transformation and data economy strategies, programs, platforms, products and services.
  • Developed incident response programs, and drafted, implemented and tested incident response plans for companies in a variety of industries, including financial services, healthcare, retail, hospitality, technology, communications and energy.
  • Developed and conducted training for various levels of employees, including legal, IT, IS, business lines, marketing departments, and senior management and boards on privacy and cybersecurity risks.
  • Provided product counseling and regulatory advice related to 500 e-commerce products and 20 mobile apps globally.
  • Advised on biometric law requirements for new AR/VR product development and global launches.
  • Experience conducting privacy and cybersecurity risk assessments and data mapping for facial recognition products and services.
  • Advised on payment products and e-commerce integration for social media and other digital platforms.
  • Assisted in developing AI ethics strategies and testing.
  • Advised retail clients on AdTech and data monetization strategies for loyalty program data.
  • Experience providing legal advice for and operationalizing a 150-person consumer dispute and data quality support center which handled over 20,000 inquiries per year.
  • Experience advising in major M&A transactions, including a global industrial company about notice and consent laws in 60 countries.
  • Experience working on over 4,000 GDPR-related contracts and cross-border data transfer agreements.
  • Provided advice to companies relating to data collection, use and transfer for emerging technologies such as biometric solutions, Big Data, Internet of Things (IoT) and artificial intelligence (AI).

Recognitions and Memberships

Recognitions

  • The Legal 500 United States (2019, 2022)
    • Recommended in Media, Technology and Telecoms: Cyber Law (including Data Privacy and Data Proections) (2022)
    • Recommended in General Commercial Disputes (2019)
  • Cybersecurity Docket "Incident Response 30" (2018)
  • National Law Journal Cybersecurity Trailblazer (2017)
  • International Association of Privacy Professionals, Certified Information Privacy Professional (CIPP/US)

Memberships

  • California Lawyers Association
    • Privacy Law Section: Chair
    • Executive Committee

News

News

Press Releases

Blog Posts

Community

  • Conference on Asian Pacific American Leadership, Board of Advisors

Featured Video

Leveraging Business Model Uncertainty to Drive Digital Transformation and Smart Data Strategies
Play Video

Listen to the legal implications surrounding COVID-19 for business leaders.

Prior Positions

  • Dell Security Software Solutions: Chief Information Security Officer Advisory Board
  • Fannie Mae: Chief Privacy Officer
  • LexisNexis: Senior Director of Privacy and Communications
  • U.S Representative Jan Schakowsky: Legislative Counsel

Admissions

  • California
  • District of Columbia

Education

  • J.D., University of California, Berkeley School of Law, 2004
  • B.A., University of California, Berkeley, 2001
  • International Program of Political Science and Social Sciences, Institut d'Etudes Politiques de Paris, 2000

Languages

  • Conversational French
  • Korean

Blog

In The Blogs

Previous Next
Data Counsel
CPPA Publishes Notice of Proposed Rulemaking
By Shruti Bhutani Arora, Christine Mastromonaco, Jeewon K. Serrato
July 8, 2022
On July 8, the California Privacy Protection Agency Board (CPPA, Agency or Board) announced the Notice of Proposed Rulemaking (NPRM), which begins the 45-day comment period for the draft regulations. As we previously reported, the...
Read More ->
Data Counsel
CPPA Begins CPRA Rulemaking
By Jennifer L. Mitchell, Jeewon K. Serrato, Justin T. Yedor
June 2, 2022
On May 26, 2022, the California Privacy Protection Agency (CPPA or the Agency) held a public board meeting to provide updates on the Agency’s rulemaking process. The next day, the CPPA released draft regulations for the California Privacy...
Read More ->
Data Counsel
CPRA Rulemaking Explained and CPRA Amendments Push Forward, Including Employee and Business-to-Business Exemptions
By Jeewon K. Serrato
February 24, 2022
On Feb. 18, Chairperson Jennifer Urban of the California Privacy Protection Agency (CPPA) addressed the California state bar and clarified the announcements that were made during the CPPA board meeting on Feb. 17. Read on for an...
Read More ->
Data Counsel
CPRA Regulations Postponed
By Jeewon K. Serrato, Justin T. Yedor
February 18, 2022
On Feb. 17, 2022, the California Privacy Protection Agency (CPPA or the Agency) held a public board meeting to address several topics, including the rulemaking under the California Privacy Rights Act (CPRA). Although the CPRA includes a...
Read More ->
Data Counsel
California AG Focuses CCPA Enforcement on Loyalty Programs
By Jerel Pacis Agatep, Shruti Bhutani Arora, Jeewon K. Serrato
February 3, 2022
On Jan. 28, 2022, the California Attorney General Rob Bonta (AG) published a statement putting businesses that operate loyalty programs on notice that the California Consumer Privacy Act (CCPA) requirements for a Notice of Financial...
Read More ->