Jeewon K. Serrato

She | Her | Hers

Partner

San Francisco
T +1.415.659.2620
F +1.415.659.2601

Overview

With her government and in-house experience, having served as chief privacy executive for two public companies, clients turn to Jeewon Kim Serrato for advice on high-stakes regulatory defense matters, complex security incident investigations, new and emerging data monetization strategies and cross-border M&A and tech transactions.

Jeewon is co-lead of the Digital Transformation and Data Economy team, San Francisco Leader of the Digital Assets and Data Management Group and co-lead of the U.S. Consumer Privacy practice at BakerHostetler. Her practice focuses on guiding organizations through periods of transformation and change, whether it is driven by innovation or crisis management. She counsels clients in the areas of consumer privacy, cybersecurity, data optimization and data science.

Drawing from her experience working on Capitol Hill and serving as head privacy executive for a global data broker and a publicly traded financial services company with $3.5 trillion in assets, Jeewon assists clients in pivoting their business models, accelerating growth as a new business and developing strategic acquisition, exit or divestiture plans.

Jeewon understands how digital strategy and data assets can shape the direction of a business’s corporate roadmap and she advises C-suite level executives on the impact that critical business events involving technology and data can have on the employees, customers and the bottom line. Jeewon has led initiatives to design and execute compliance programs for international corporations, as well as negotiate cross-border M&A deals, and advise on high-stakes investigation and dispute matters. She has a thorough understanding of U.S. and global privacy regulations, including the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR). Utilizing this knowledge, she helps companies create enterprise-wide privacy and data strategy programs from the ground up, assists in testing critical vulnerabilities and performs risk assessments. Having handled and managed hundreds of data breach incidents and internal investigations, she also works with companies to prepare crisis management policies and data breach response plans.

Jeewon formerly served on the U.S. Department of Homeland Security Data Privacy and Integrity Advisory Committee and as Inaugural Chair of the California Lawyers Association’s Privacy Law Section Executive Committee. She maintains an active U.S. Secret Clearance. She is also co-author of the International Association of Privacy Professionals (IAPP) publication, Data Processing Agreements: Coordination, Drafting and Negotiation (2019) and the “International Personal Data Protection and Cross-Border Data Transfers” chapter of Privacy Compliance and Litigation in California (2021), a publication of the Continuing Education of the Bar (CEB), a non-profit program of the University of California.

Select Experience

  • Acted as Chief Privacy Officer for a major U.S. financial services institution, in charge of the enterprise program for all data protection, privacy and cybersecurity risks.
  • Handled and managed over 600 information security incidents, including attacks involving nation state actors and insider threat issues.
  • Assisted in responding to CCPA Notice of Violation letters from the California Office of the Attorney General for several industry clients, including retail and financial services.
More »

Experience

  • Acted as Chief Privacy Officer for a major U.S. financial services institution, in charge of the enterprise program for all data protection, privacy and cybersecurity risks.
  • Handled and managed over 600 information security incidents, including attacks involving nation state actors and insider threat issues.
  • Assisted in responding to CCPA Notice of Violation letters from the California Office of the Attorney General for several industry clients, including retail and financial services.
  • Assisted in developing digital transformation and data economy strategies, programs, platforms, products and services.
  • Developed incident response programs, and drafted, implemented and tested incident response plans for companies in a variety of industries, including financial services, healthcare, retail, hospitality, technology, communications and energy.
  • Developed and conducted training for various levels of employees, including legal, IT, IS, business lines, marketing departments, and senior management and boards on privacy and cybersecurity risks.
  • Provided product counseling and regulatory advice related to 500 e-commerce products and 20 mobile apps globally.
  • Advised on biometric law requirements for new AR/VR product development and global launches.
  • Experience conducting privacy and cybersecurity risk assessments and data mapping for facial recognition products and services.
  • Advised on payment products and e-commerce integration for social media and other digital platforms.
  • Assisted in developing AI ethics strategies and testing.
  • Advised retail clients on AdTech and data monetization strategies for loyalty program data.
  • Experience providing legal advice for and operationalizing a 150-person consumer dispute and data quality support center which handled over 20,000 inquiries per year.
  • Experience advising in major M&A transactions, including a global industrial company about notice and consent laws in 60 countries.
  • Experience working on over 4,000 GDPR-related contracts and cross-border data transfer agreements.
  • Provided advice to companies relating to data collection, use and transfer for emerging technologies such as biometric solutions, Big Data, Internet of Things (IoT) and artificial intelligence (AI).

Recognitions and Memberships

Recognitions

  • The Legal 500 United States (2019, 2022)
    • Recommended in Media, Technology and Telecoms: Cyber Law (including Data Privacy and Data Protections) (2022)
    • Recommended in General Commercial Disputes (2019)
  • Cybersecurity Docket "Incident Response 30" (2018)
  • National Law Journal Cybersecurity Trailblazer (2017)
  • International Association of Privacy Professionals, Certified Information Privacy Professional (CIPP/US)

Memberships

  • California Lawyers Association
    • Privacy Law Section: Chair
    • Executive Committee

News

News

Press Releases

Community

  • Conference on Asian Pacific American Leadership, Board of Advisors

Featured Video

Leveraging Business Model Uncertainty to Drive Digital Transformation and Smart Data Strategies
Play Video

Listen to the legal implications surrounding COVID-19 for business leaders.

Prior Positions

  • Dell Security Software Solutions: Chief Information Security Officer Advisory Board
  • Fannie Mae: Chief Privacy Officer
  • LexisNexis: Senior Director of Privacy and Communications
  • U.S Representative Jan Schakowsky: Legislative Counsel

Admissions

  • California
  • District of Columbia

Education

  • J.D., University of California, Berkeley School of Law, 2004
  • B.A., University of California, Berkeley, 2001
  • International Program of Political Science and Social Sciences, Institut d'Etudes Politiques de Paris, 2000

Languages

  • Conversational French
  • Korean

Blog

In The Blogs

Previous Next
Data Counsel
CCPA/CPRA Rulemaking Update: What to Expect
By Shruti Bhutani Arora, Jiwon (Jamie) Kim, Jeewon K. Serrato
December 6, 2022
The California Privacy Protection Agency (“CPPA” or the “Agency”) published on November 3, 2022, a Public Notice of Proposed Modifications and Additional Materials Relied Upon, which starts what we hope is the last round of rulemaking to...
Read More ->
Data Counsel
California's AB 587: What You Need to Know About Social Media Content Moderation
By Jiwon (Jamie) Kim, Jeewon K. Serrato
November 21, 2022
On Sept. 13, California Gov. Gavin Newsom signed into law AB 587, which requires social media companies to publicly post their content moderation policies and semiannually report data on their enforcement of the policies to the attorney...
Read More ->
Data Counsel
White House Releases First-Ever Comprehensive Framework for Responsible Development of Digital Assets
By Jiwon (Jamie) Kim, Jeewon K. Serrato
October 13, 2022
On Sept. 16, 2022, the White House released a comprehensive framework for responsible digital asset development and, in particular, cryptocurrency. Agencies across the federal government have been working for the past six months to develop...
Read More ->
Data Counsel
California's Landmark Age-Appropriate Design Code Act: What You Need to Know
By Christine Mastromonaco, Jennifer L. Mitchell, Jeewon K. Serrato, Justin T. Yedor
September 8, 2022
On Aug. 29, California’s Senate unanimously passed Assembly Bill 2273, known as the Age-Appropriate Design Code Act (the CA AADC or the Bill). The Bill, which is anticipated to be signed into law by Gov. Gavin Newsom, is aimed at promoting...
Read More ->
Data Counsel
CCPA Employee and B2B Exemptions Set to Expire on Jan. 1, 2023
By Jerel Pacis Agatep, Shruti Bhutani Arora, Jeewon K. Serrato
September 7, 2022
The California Consumer Privacy Act (CCPA) exemptions for employee and business-to-business Personal Information (PI) likely will not be extended. Aug. 31, 2022 was the last day for each house to pass bills, per the California Constitution...
Read More ->