Jeewon K. Serrato

Partner

San Francisco
T +1.415.659.2620
F +1.415.659.2601

Overview

Jeewon Kim Serrato is co-lead of the Digital Transformation and Data Economy team. Jeewon's practice focuses on guiding organizations through periods of transformation and change, whether it is driven by innovation or crisis management. She counsels clients in the areas of consumer privacy, cybersecurity, data monetization and data science to help clients identify unique value propositions and further market differentiation.

Drawing from her experience working on Capitol Hill and serving as head privacy executive for a global data broker and a publicly-traded financial services company with $3.5 trillion in assets, Jeewon assists clients in pivoting their business models, accelerating growth as a new business, and developing strategic exit or divestiture plans.

Jeewon understands how digital strategy and data assets can shape the direction of business's corporate roadmap and advises C-suite level executives on the impact critical business events involving technology and data can have on the employees, customers and the bottom line. Jeewon has led initiatives to design and execute compliance programs for international corporations, as well as negotiate cross-border M&A deals, and advise on high-stakes investigation and dispute matters. She has a thorough understanding of U.S. and global privacy regulations, including the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR). Utilizing this knowledge, she helps companies create enterprise-wide privacy and data strategy programs from the ground up, assists in testing critical vulnerabilities and performs risk assessments. Having handled and managed hundreds of data breach incidents and internal investigations, she also works with companies to prepare crisis management policies and data breach response plans.

Jeewon currently serves on the U.S. Department of Homeland Security Data Privacy and Integrity Advisory Committee and on the California Lawyers Association's Antitrust, UCL & Privacy Section Executive Committee. She maintains an active U.S. Secret Clearance. She is also co-author of the International Association of Privacy Professionals (IAPP) publication, Data Processing Agreements: Coordination, Drafting and Negotiation (2019) and an editor for the IAPP California Consumer Privacy Act training.

Select Experience

  • Acted as Chief Privacy Officer for a major US financial services institution, in charge of the enterprise program for all data protection, privacy and cybersecurity risks.
  • Handled and managed over 600 information security incidents, including attacks involving nation state actors and insider threat issues.
  • Assisted in developing digital transformation and data economy strategies, programs, platforms, products and services.
More »

Experience

  • Acted as Chief Privacy Officer for a major US financial services institution, in charge of the enterprise program for all data protection, privacy and cybersecurity risks.
  • Handled and managed over 600 information security incidents, including attacks involving nation state actors and insider threat issues.
  • Assisted in developing digital transformation and data economy strategies, programs, platforms, products and services.
  • Developed incident response programs, and drafted, implemented and tested incident response plans for companies in a variety of industries, including financial services, healthcare, retail, hospitality, technology, communications and energy.
  • Developed and conducted training for various levels of employees, including legal, IT, IS, business lines, marketing departments, and senior management and boards on privacy and cybersecurity risks.
  • Provided product counseling and regulatory advice related to 500 e-commerce products and 20 mobile apps globally.
  • Experience providing legal advice for and operationalizing a 150-person consumer dispute and data quality support center which handled over 20,000 inquiries per year.
  • Experience advising in major M&A transactions, including a global industrial company about notice and consent laws in 60 countries.
  • Experience working on over 4,000 GDPR-related contracts and cross-border data transfer agreements.
  • Provided advice to companies relating to data collection, use, and transfer for emerging technologies such as biometric solutions, Big Data, Internet of Things (IoT), and artificial intelligence (AI).

Recognitions and Memberships

Recognitions

  • The Legal 500 United States (2019)
    • Recommended in General Commercial Disputes
  • Cybersecurity Docket "Incident Response 30" (2018)
  • National Law Journal Cybersecurity Trailblazer (2017)
  • International Association of Privacy Professionals, Certified Information Privacy Professional (CIPP/US)

Memberships

  • California Lawyers Association, Antitrust, UCL and Privacy Section: Executive Committee
  • U.S. Department of Homeland Security, Data Privacy and Integrity Advisory Committee, Technology Subcommittee

Community

  • Women In International Security (WIIS): STEM Group Founder and Administrator
  • Conference on Asian Pacific American Leadership, Board of Advisors: Chair

Featured Video

Leveraging Business Model Uncertainty to Drive Digital Transformation and Smart Data Strategies
Play Video

Listen to the legal implications surrounding COVID-19 for business leaders.

Prior Positions

  • Dell Security Software Solutions: Chief Information Security Officer Advisory Board
  • Fannie Mae: Chief Privacy Officer
  • LexisNexis: Senior Director of Privacy and Communications
  • U.S Representative Jan Schakowsky: Legislative Counsel

Admissions

  • California
  • District of Columbia

Education

  • J.D., University of California, Berkeley School of Law, 2004
  • B.A., University of California, Berkeley, 2001
  • International Program of Political Science and Social Sciences, Institut d'Etudes Politiques de Paris, 2000

Languages

  • Conversational French
  • Korean

Blog

In The Blogs

Previous Next
Data Counsel
California AG Begins CCPA Enforcement
By Stanton P. Burke, Andreas T. Kaltsounis, Jeewon K. Serrato
July 16, 2020
Last week, the International Association of Privacy Professionals hosted a keynote session with Stacey Schesser, supervising deputy attorney general (AG) of the California Department of Justice, to discuss the July 1 start of the AG’s...
Read More ->
Data Counsel
5 Key Things to Know about the Landmark Schrems II Decision
By Andreas T. Kaltsounis, Melinda L. McLellan, Jeewon K. Serrato, Nichole L. Sterling
July 16, 2020
Quick Links CJEU Press Release CJEU Decision Press Releases from the Parties Irish Data Protection Commission Max Schrems U.S. Department of Commerce Electronic Privacy Information Center (EPIC) BSA The Software Alliance DIGITALEUROPE 1...
Read More ->
Data Counsel
Ann O'Brien, Jeewon Serrato, Alyse Stach Author Article Examining Privacy and Antitrust Issues
By Ann M. O'Brien, Jeewon K. Serrato, Alyse F. Stach
June 29, 2020
Partners Ann O’Brien and Jeewon Serrato and Associate Alyse Stach authored an article published by the International Association of Privacy Professionals (IAPP) on June 23, 2020. The article, “The Thin Line Between Privacy and Antitrust,”...
Read More ->
Data Counsel
CCPA Final Regulations Published in Advance of July 1 Enforcement Date
By Alan L. Friel, Jeewon K. Serrato
June 10, 2020
On June 1, 2020, the Office of the California Attorney General (OAG) submitted the final proposed regulations (final regs) under the California Consumer Privacy Act (CCPA or the Title) to the California Office of Administrative Law (OAL)...
Read More ->
Data Counsel
CCPA Compliance Meets Trade Secret Protection: A Peaceful Coexistence?
By Alan L. Friel, C. Dennis Loomis, Jeewon K. Serrato, Catrina W. Wang
May 12, 2020
Since the California Consumer Privacy Act (CCPA) went live on January 1, 2020, businesses have been working to develop procedures for lawfully complying with requests from California consumers relating to their personal information. Such...
Read More ->