Jeewon K. Serrato

Drawing from her experience working on Capitol Hill and serving as head privacy executive for a global data broker and a publicly traded financial services company with $3.5 trillion in assets, Jeewon assists clients in pivoting their business models, accelerating growth as a new business and developing strategic acquisition, investment or risk mitigation plans.

Jeewon understands how digital strategy and data assets can shape the direction of a business’s corporate roadmap, and she advises C-suite level executives on the impact that critical business events involving technology and data can have on the employees, customers and the bottom line. Jeewon leads initiatives to design and execute compliance programs for international corporations, as well as negotiate cross-border M&A deals, and advises on high-stakes investigation and dispute matters. She has a thorough understanding of U.S. and global privacy regulations, including the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR). Utilizing this knowledge, she helps companies create enterprise-wide privacy and data strategy programs from the ground up and assists in testing critical vulnerabilities and performing risk assessments. Having handled and managed hundreds of data breach incidents and internal investigations, she also works with companies to prepare crisis management policies and data breach response plans and handle disputes. Jeewon represented Sephora in the first-ever CCPA settlement with the California Department of Justice and has specific experience handling regulatory defense matters and advising companies on issues relating to adtech, profiling and data monetization.

Jeewon formerly served on the U.S. Department of Homeland Security Data Privacy and Integrity Advisory Committee and helped found the California Lawyers Association’s Privacy Law Section and served as inaugural chair of the Executive Committee. She is co-author of the International Association of Privacy Professionals (IAPP) publication, Data Processing Agreements: Coordination, Drafting and Negotiation (2019) and the “International Personal Data Protection and Cross-Border Data Transfers” chapter of Privacy Compliance and Litigation in California (2021), a publication of the Continuing Education of the Bar (CEB), a nonprofit program of the University of California. Jeewon is also a lecturer at the Maastricht University European Centre on Privacy & Cybersecurity.

• Defended numerous clients in actions involving privacy litigation, such as the California Invasion of Privacy Act and the Video Privacy Protection Act (VPPA).
• Assisted in developing digital transformation and data economy strategies, programs, platforms, products and services.
• Developed incident response programs, and drafted, implemented and tested incident response plans for companies in a variety of industries, including financial services, health care, retail, hospitality, technology, communications and energy.
• Developed and conducted training for various levels of employees, including legal, IT, IS, business lines, marketing departments, and senior management and boards on privacy and cybersecurity risks.
• Provided product counseling and regulatory advice related to 500 e-commerce products and 20 mobile apps globally.
• Advised on biometric law requirements for new AR/VR product development and global launches.
• Conducted privacy and cybersecurity risk assessments and data mapping for facial recognition products and services.
• Advised on payment products and e-commerce integration for social media and other digital platforms.
• Assisted in developing AI ethics strategies and testing.
• Advised retail clients on adtech and data monetization strategies for loyalty program data.
• Provided legal advice for and operationalizing a 150-person consumer dispute and data quality support center, which handled over 20,000 inquiries per year.
• Advised in major M&A transactions, including a global industrial company about notice and consent laws in 60 countries.
• Worked on over 4,000 GDPR-related contracts and cross-border data transfer agreements.
• Provided advice to companies relating to data collection, use and transfer for emerging technologies, such as biometric solutions, Big Data, Internet of Things (IoT) and artificial intelligence (AI).

• Recognized by International Association of Privacy Professionals, Certified Information Privacy Professional (CIPP/U.S.)
• California Lawyers Association (Privacy Law Section: Chair and Executive Committee)
• Conference on Asian Pacific American Leadership, Board of Advisors
• Prior Positions
  • Dell Security Software Solutions: Chief Information Security Officer Advisory Board
  • Fannie Mae: Chief Privacy Officer
  • LexisNexis: Senior Director of Privacy and Communications
  • U.S. Representative Jan Schakowsky: Legislative Counsel