Jeewon K. Serrato

She | Her | Hers

Partner

San Francisco
T +1.415.659.2620
F +1.415.659.2601

Overview

Jeewon Kim Serrato is co-lead of the Digital Transformation and Data Economy team, California Leader of Digital Assets and Data Management Group and co-lead of the U.S. Consumer Privacy practice at BakerHostetler. Jeewon’s practice focuses on guiding organizations through periods of transformation and change, whether it is driven by innovation or crisis management. She counsels clients in the areas of consumer privacy, cybersecurity, data optimization and data science.

Drawing from her experience working on Capitol Hill and serving as head privacy executive for a global data broker and a publicly traded financial services company with $3.5 trillion in assets, Jeewon assists clients in pivoting their business models, accelerating growth as a new business, and developing strategic acquisition, exit or divestiture plans.

Jeewon understands how digital strategy and data assets can shape the direction of business's corporate roadmap and advises C-suite level executives on the impact critical business events involving technology and data can have on the employees, customers and the bottom line. Jeewon has led initiatives to design and execute compliance programs for international corporations, as well as negotiate cross-border M&A deals, and advise on high-stakes investigation and dispute matters. She has a thorough understanding of U.S. and global privacy regulations, including the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR). Utilizing this knowledge, she helps companies create enterprise-wide privacy and data strategy programs from the ground up, assists in testing critical vulnerabilities and performs risk assessments. Having handled and managed hundreds of data breach incidents and internal investigations, she also works with companies to prepare crisis management policies and data breach response plans.

Jeewon formerly served on the U.S. Department of Homeland Security Data Privacy and Integrity Advisory Committee and as Inaugural Chair of the California Lawyers Association’s Privacy Law Section Executive Committee. She maintains an active U.S. Secret Clearance. She is also co-author of the International Association of Privacy Professionals (IAPP) publication, Data Processing Agreements: Coordination, Drafting and Negotiation (2019) and the “International Personal Data Protection and Cross-Border Data Transfers” chapter of Privacy Compliance and Litigation in California (2021), a publication the Continuing Education of the Bar (CEB), a non-profit program of the University of California.

Select Experience

  • Acted as Chief Privacy Officer for a major US financial services institution, in charge of the enterprise program for all data protection, privacy and cybersecurity risks.
  • Handled and managed over 600 information security incidents, including attacks involving nation state actors and insider threat issues.
  • Assisted in responding to CCPA Notice of Violation letters from the California Office of the Attorney General.
More »

Experience

  • Acted as Chief Privacy Officer for a major US financial services institution, in charge of the enterprise program for all data protection, privacy and cybersecurity risks.
  • Handled and managed over 600 information security incidents, including attacks involving nation state actors and insider threat issues.
  • Assisted in responding to CCPA Notice of Violation letters from the California Office of the Attorney General.
  • Assisted in developing digital transformation and data economy strategies, programs, platforms, products and services.
  • Developed incident response programs, and drafted, implemented and tested incident response plans for companies in a variety of industries, including financial services, healthcare, retail, hospitality, technology, communications and energy.
  • Developed and conducted training for various levels of employees, including legal, IT, IS, business lines, marketing departments, and senior management and boards on privacy and cybersecurity risks.
  • Provided product counseling and regulatory advice related to 500 e-commerce products and 20 mobile apps globally.
  • Experience providing legal advice for and operationalizing a 150-person consumer dispute and data quality support center which handled over 20,000 inquiries per year.
  • Experience advising in major M&A transactions, including a global industrial company about notice and consent laws in 60 countries.
  • Experience working on over 4,000 GDPR-related contracts and cross-border data transfer agreements.
  • Provided advice to companies relating to data collection, use, and transfer for emerging technologies such as biometric solutions, Big Data, Internet of Things (IoT), and artificial intelligence (AI).

Recognitions and Memberships

Recognitions

  • The Legal 500 United States (2019)
    • Recommended in General Commercial Disputes (2019)
  • Cybersecurity Docket "Incident Response 30" (2018)
  • National Law Journal Cybersecurity Trailblazer (2017)
  • International Association of Privacy Professionals, Certified Information Privacy Professional (CIPP/US)

Memberships

  • California Lawyers Association
    • Privacy Law Section: Chair
    • Executive Committee

News

News

Press Releases

Blog Posts

Community

  • Conference on Asian Pacific American Leadership, Board of Advisors

Featured Video

Leveraging Business Model Uncertainty to Drive Digital Transformation and Smart Data Strategies
Play Video

Listen to the legal implications surrounding COVID-19 for business leaders.

Prior Positions

  • Dell Security Software Solutions: Chief Information Security Officer Advisory Board
  • Fannie Mae: Chief Privacy Officer
  • LexisNexis: Senior Director of Privacy and Communications
  • U.S Representative Jan Schakowsky: Legislative Counsel

Admissions

  • California
  • District of Columbia

Education

  • J.D., University of California, Berkeley School of Law, 2004
  • B.A., University of California, Berkeley, 2001
  • International Program of Political Science and Social Sciences, Institut d'Etudes Politiques de Paris, 2000

Languages

  • Conversational French
  • Korean

Blog

In The Blogs

Previous Next
Data Counsel
California Privacy Protection Agency Board Chair Discusses CPRA Rulemaking Process and Agency Authority
By Jeewon K. Serrato, Justin T. Yedor
October 15, 2021
Justin T. Yedor and Jeewon Serrato On October 5, 2021, Jennifer Urban, who serves as Chair of the Board the California Privacy Protection Agency (the CPPA) spoke with members of the California Lawyer’s Association about the Board’s work to...
Read More ->
Data Counsel
8 Key Takeaways for Initial Defenses Under the CCPA and CPRA
By Stanton P. Burke, Casie D. Collignon, Marshall J. Mattera, Jeewon K. Serrato
October 7, 2021
Authors: Marshall Mattera, Jeewon Serrato, Casie Collignon and Stanton Burke Since the Jan. 1, 2020 kickoff for private enforcement under the California Consumer Privacy Act (CCPA), plaintiffs have filed scores of class actions invoking...
Read More ->
Data Counsel
CPRA Rulemaking Begins with an Invitation by the New California Privacy Protection Agency
By Stanton P. Burke, Jeewon K. Serrato, Justin T. Yedor
September 23, 2021
By Justin Yedor, Stanton Burke, and Jeewon K. Serrato For businesses awaiting guidance on how to comply with the California Privacy Rights Act (the “CPRA”), the new California Privacy Protection Agency (“CPPA”) began the rulemaking process...
Read More ->
Data Counsel
Welcome to the Digital Transformation and Data Economy Newsletter – April 2021 Issue
By Jeewon K. Serrato
April 27, 2021
Across the economy, businesses are using digital technology to pivot into innovative service lines, accelerate growth and transform their businesses altogether. These businesses’ digital strategies and data assets play important roles in...
Read More ->
Data Counsel
Welcome to the Digital Transformation and Data Economy Newsletter – March 2021 Issue
By Jerel Pacis Agatep, Jeewon K. Serrato
March 26, 2021
Across the economy, businesses are using digital technology to pivot into innovative service lines, accelerate growth and transform their businesses altogether. These businesses’ digital strategies and data assets play important roles in...
Read More ->