Jerel Pacis Agatep

Associate

San Francisco
T +1.415.659.2600
F +1.415.659.2601

Overview

A background in employment law has enabled Jerel Pacis Agatep to establish a niche practice in workplace privacy, including litigation of common law invasion of privacy torts and advising clients regarding COVID-19 remote work and return-to-work privacy pitfalls (e.g., video/audio monitoring, GPS/smartphone monitoring, keystroke software and biometric temperature scan) under the Electronic Communications Privacy Act (ECPA).

Jerel’s practice focuses on assisting clients with complex compliance questions related to global privacy laws, including the California Consumer Privacy Act (CCPA/CPRA), the General Data Protection Regulation (GDPR), the California Online Privacy Protection Act (CalOPPA), the Health Insurance Portability and Accountability Act (HIPAA), the Biometric Information Privacy Act (BIPA) and more. He has experience helping organizations with privacy program management and data governance, conducting data mapping, gap assessment and third-party risk management. He also has experience handling data security incidents and breaches and responding to investigations by the California Attorney General’s office.

Jerel is a Certified Information Privacy Professional (CIPP/US) and Certified Information Program Manager (CIPM), designations granted by the International Association of Privacy Professionals (IAPP).

Select Experience

  • Legal secondee at a large multinational technology conglomerate advising on third-party risk management and oversight, including building frameworks and safeguards to protect user data and information shared with and received from the company’s third-party ecosystem as required by global regulations, including GDPR, FTC, CCPA, etc.
  • Represents a Fortune 50 company in responding to CCPA noncompliance investigations by the State of California’s DOJ, Office of the Attorney General.
  • Provides advice to internal Business Units of several companies, including marketing, sales, IT, analytics and customer service, to improve practices and procedures related to consumers exercising their privacy rights under the GDPR, CCPA and Nevada privacy law.
More »

Experience

  • Legal Secondee at a large multinational technology conglomerate advising on third-party risk management and oversight, including building frameworks and safeguards to protect user data and information shared with and received from the company’s third-party ecosystem as required by global regulations, including GDPR, FTC, CCPA, etc.
  • Represents a Fortune 50 company in responding to CCPA noncompliance investigations by the State of California’s DOJ, Office of the Attorney General.
  • Provides advice to internal Business Units of several companies, including marketing, sales, IT, analytics and customer service, to improve practices and procedures related to consumers exercising their privacy rights under the GDPR, CCPA and Nevada privacy law.
  • Conducts data mapping, documentation, vendor management, data security and training management for global companies’ privacy offices.
  • Assisted a COVID-19 vaccine provider in responding to Massachusetts Attorney General’s inquiry regarding the handling of patient data.
  • Assisted a multinational IT company in responding to a large-scale data security breach affecting numerous other companies and updated and prepared its Computer Security Incident Response Plan.
  • Advised a Fortune10 company in developing practices and procedures in handling of deceased employees’ pay records.
  • Performed product reviews and best practices for compliance and consumer protection, as well as related risk assessments, including a high-level review of a COVID-19 contact tracing app and a software device that interprets speeches with the capability of simultaneous translation.
  • Responded to numerous data security incidents and breaches involving ransomware, financial breach, HIPAA breach and more. Provided assessment of the data security problem and facilitation of all legal and commercial agreements and services to contain, analyze, investigate and remediate the incident. Also, provided breach notification letters to affected individuals and corresponding agencies.

Recognitions and Memberships

Recognitions

  • Northern California Super Lawyers
    • Rising Star (2021 to 2022)  
  • Asian Pacific American Bar Association of Silicon Valley: Equal Justice Scholarship Awardee
  • Filipino Bar Association of Northern California: Inaugural NAPABA Scholarship Awardee
  • UC Hastings Pro Bono Society: Inductee (45 hours)

Memberships

  • International Association of Privacy Professionals (IAPP)
    • Certified Information Privacy Professional (CIPP)
    • Certified Information Privacy Manager (CIPM)
  • OneTrust Certified Privacy Management Professional
  • Filipino Bar Association of Northern California (FBANC): Co-Social Director/Communications Committee
  • Asian Pacific American Bar Association of Silicon Valley
  • Asian American Bar Association

Pro Bono

  • San Francisco Pathways to Citizenship Initiative: Volunteer Attorney
  • Pilipino Bayanihan Resource Center: Volunteer Attorney

Admissions

  • U.S. District Court, Northern District of California
  • U.S. District Court, Central District of California
  • U.S. District Court, Eastern District of California
  • California

Education

  • J.D., University of California, Hastings College of Law, 2016; Pro Bono Society
  • B.A., University of California, Irvine, 2010

Languages

  • Filipino
  • Ilocano

Blog

In The Blogs

Previous Next
Data Counsel
CCPA Employee and B2B Exemptions Set to Expire on Jan. 1, 2023
By Jerel Pacis Agatep, Shruti Bhutani Arora, Jeewon K. Serrato
September 7, 2022
The California Consumer Privacy Act (CCPA) exemptions for employee and business-to-business Personal Information (PI) likely will not be extended. Aug. 31, 2022 was the last day for each house to pass bills, per the California Constitution...
Read More ->
Data Counsel
CCPA Employee Exemption Set to Expire on Jan. 1
By Jerel Pacis Agatep, Jeewon K. Serrato
August 26, 2022
California Consumer Privacy Act (CCPA) exemptions for employee data will likely not be extended, and full consumer rights will apply to employees on Jan. 1, 2023. Aug. 25, 2022, was the last day that bills could be amended, and no...
Read More ->
Data Counsel
California AG Focuses CCPA Enforcement on Loyalty Programs
By Jerel Pacis Agatep, Shruti Bhutani Arora, Jeewon K. Serrato
February 3, 2022
On Jan. 28, 2022, the California Attorney General Rob Bonta (AG) published a statement putting businesses that operate loyalty programs on notice that the California Consumer Privacy Act (CCPA) requirements for a Notice of Financial...
Read More ->
Data Counsel
Nevada Gov. Sisolak Signs Senate Bill (SB) 260 Expanding the State's Internet Privacy Law
By Jerel Pacis Agatep
July 8, 2021
On June 2, 2021, Nevada Gov. Stephen F. Sisolak signed SB 260 approving amendments to the Nevada Privacy of Information Collected on the Internet from Consumers Act. Some key changes to the amended law include expanding the definition of...
Read More ->