Jeewon Kim Serrato is Norton Rose Fulbright's US Head of Data Protection, Privacy and Cybersecurity. She advises global companies, financial services institutions and public entities on cutting edge issues at the interaction of technology and law. Before joining the private sector, Jeewon served as Chief Privacy Officer of Fannie Mae, where she led, implemented and tested the organization's privacy program and data protection strategy. She also currently serves on the US Department of Homeland Security Data Privacy and Integrity Advisory Committee and Technology Subcommittee. Jeewon is a Certified Information Privacy Professional and holds a US Secret Clearance.
Jeewon began her career working on issues relating to counterterrorism, the use of data by law enforcement and intelligence agencies and the balance between privacy and security. Upon graduation from law school, she served for two years as legislative counsel to members of the U.S. House of Representatives, during which she managed a portfolio including the reauthorization of the PATRIOT Act, the use of the National Security Letters and wireless surveillance, Secure America and Orderly Immigration Act and other homeland security-related bills, and crisis management issues including pandemic flu preparedness. She continued to provide advice relating to homeland security and public safety issues at a Washington, D.C. law firm, where she served as lead counsel to a major telecom carrier in over 90 mediations with public safety agencies nationwide to improve wire and radio interoperability for first responders, which was a post 9/11 top priority of the Federal Communications Commission's Public Safety and Homeland Security Bureau.
Jeewon continued to work on technology projects that have an impact on data and consumer privacy by next serving as the top-level executive in charge of privacy at RELX Group (formerly Reed Elsevier) where she oversaw product design and data use policies for over 500 e-commerce and mobile products globally. Her practice focuses on helping companies navigate complex regulatory frameworks, spanning from US consumer protection laws to the European Union General Data Protection Regulation, as well as data ownership and onward transfer of data issues. Jeewon has experience designing enterprise-wide policies and programs in 60 countries and is a thought leader and frequent speaker at industry conferences, including IAPP and RSA.
In addition to her product, regulatory compliance and transactional experience, Jeewon has handled over 600 data security incidents over the course of her career and has experience designing and implementing consumer disputes processes for companies globally. She is often called upon by her clients to proactively manage cyber risk, draft crisis management plans, and test incident response protocols. Jeewon was named a 2017 Cybersecurity Trailblazer by the National Law Journal and recognized in Cybersecurity Docket's "Incident Response 30", a list of the 30 best and brightest data breach response lawyers.
JD, University of California, Berkeley School of Law
BA, University of California, Berkeley
International Program of Political Science and Social Sciences, Insititut D'Etudes Politiques de Paris
- California State Bar
- District of Columbia Bar
Rankings and recognitions
- Cybersecurity Trailblazer, National Law Journal, 2017
- "Incident Response 30," Cybersecurity Docket, 2018
- Co-author, "The European Parliament asks for the suspension of the privacy shield," Norton Rose Fulbright Data Protection Report, July 17, 2018
- Co-author, "US states pass data protection laws on the heels of the GDPR," Norton Rose Fulbright Data Protection Report, July 9, 2018
- Co-author, "California passes major legislation, expanding consumer privacy rights and legal exposure for US and global companies," Norton Rose Fulbright Data Protection Report, June 29, 2018
- Co-author, "US Supreme Court expands digital privacy rights in Carpenter v. United States," Norton Rose Fulbright Data Protection Report, June 27, 2018
- Co-author, "Drafting and Negotiating Data Processing Agreements," IAPP, June 2018
- Co-author, "One week into GDPR – what you need to know," Norton Rose Fulbright Data Protection Report, June 4, 2018
- Co-author, "GDPR is upon us: are you ready for what comes next?," Norton Rose Fulbright Data Protection Report, May 23, 2018
- Co-author, "Hacking scandals highlight vulnerabilities for teams and leagues," Street & Smith's Sports Business Journal, May 8, 2017
- Co-author, "Navigating personal data rights in an increasingly digital and machine world," Journal of Financial Compliance, Volume 1, Number 4, Spring 2018
- Co-author, "Dynamic Regulations and Shareholder Actions Guide the Board's Shifting Role in Cyber (Part 2)," The Cybersecurity Law Report, February 14, 2018
- Co-author, "Dynamic Regulations and Shareholder Actions Guide the Board's Shifting Role in Cyber (Part 1)," The Cybersecurity Law Report, January 31, 2018
- Co-author, "Unmanned Aerial Systems: Mobility on the Edge The SciTech Lawyer," American Bar Association, Volume 9 Nos. 3 & 4, Winter Spring 2013
- "How to Engineer Privacy Rights in the World of Artificial Intelligence," RSA Conference, San Francisco, April 18, 2018
- "Negotiating Data Processing Agreements," International Association of Privacy Professionals Privacy Bar Section Forum 2018, Washington, DC, March 29, 2018
- "NHTSA's Response to Hacking," KPMG's 7th Annual Automotive Executive Forum at the 2016 Los Angeles Auto Show, Los Angeles, Nov. 19, 2017
- "Cyber Security: What In-House Lawyers Need to Know," The Lawyer's In-House Counsel as Business Partner 2017 Conference," London, Nov. 5, 2017
- "RegTech, FinTech and Surveillance - How will developments in technology impact compliance and litigation?," European Compliance and Legal Conference, London, Sept. 19-20, 2017
- "The Emergence of Ransomware and Other Targeted Exploits: Prevention & Effective Response," Legalweek's Legaltech West Coast Conference, San Francisco, June 13, 2017
- "Cybersecurity and Data Protection Issues in M&A Transactions," Transatlantic General Counsel Summit 2017, London, June 8, 2017
- "Implementing Cyber Information Sharing," Financial Services Roundtable, Washington, DC, Feb. 24, 2016
Memberships and activities
- Member, U.S. Department of Homeland Security Data Privacy and Integrity Advisory Committee Technology Subcommittee
This Friday the European Union General Data Protection Regulation comes into force..
May 22, 2018
European organisations have been preparing for some time to comply with the European Union’s new data protection law, the General Data Protection Regulation (GDPR), which applies to all organisations in the EU..
May 16, 2018
Norton Rose Fulbright recently bolstered its Global Cyber Risk Group with the addition of three prominent privacy and cybersecurity lawyers: Chris Cwalina in Washington, DC, Jeewon Serrato in San Francisco and Steven Roosa in New York. Read Law360’s coverage (subscription required)..
June 13, 2018
Norton Rose Fulbright recently bolstered its Global Cyber Risk Group with the addition of three prominent privacy and cybersecurity lawyers: Chris Cwalina in Washington, DC, Jeewon Serrato in San Francisco and Steven Roosa in New York..
June 13, 2018