Jeewon Kim Serrato is Norton Rose Fulbright's US Head of Data Protection, Privacy and Cybersecurity. She advises global companies, financial services institutions and public entities on cutting edge issues at the interaction of technology and law. Before joining the private sector, Jeewon served as Chief Privacy Officer of Fannie Mae, where she led, implemented and tested the organization's privacy program and data protection strategy. She also currently serves on the US Department of Homeland Security Data Privacy and Integrity Advisory Committee and Technology Subcommittee. Jeewon is a Certified Information Privacy Professional and holds a US Secret Clearance.
Jeewon began her career working on issues relating to counterterrorism, the use of data by law enforcement and intelligence agencies and the balance between privacy and security. Upon graduation from law school, she served for two years as legislative counsel to members of the U.S. House of Representatives, during which she managed a portfolio including the reauthorization of the PATRIOT Act, the use of the National Security Letters and wireless surveillance, Secure America and Orderly Immigration Act and other homeland security-related bills, and crisis management issues including pandemic flu preparedness. She continued to provide advice relating to homeland security and public safety issues at a Washington, D.C. law firm, where she served as lead counsel to a major telecom carrier in over 90 mediations with public safety agencies nationwide to improve wire and radio interoperability for first responders, which was a post 9/11 top priority of the Federal Communications Commission's Public Safety and Homeland Security Bureau.
Jeewon continued to work on technology projects that have an impact on data and consumer privacy by next serving as the top-level executive in charge of privacy at RELX Group (formerly Reed Elsevier) where she oversaw product design and data use policies for over 500 e-commerce and mobile products globally. Her practice focuses on helping companies navigate complex regulatory frameworks, spanning from US consumer protection laws to the European Union General Data Protection Regulation, as well as data ownership and onward transfer of data issues. Jeewon has experience designing enterprise-wide policies and programs in 60 countries and is a thought leader and frequent speaker at industry conferences, including IAPP and RSA.
In addition to her product, regulatory compliance and transactional experience, Jeewon has handled over 600 data security incidents over the course of her career and has experience designing and implementing consumer disputes processes for companies globally. She is often called upon by her clients to proactively manage cyber risk, draft crisis management plans, and test incident response protocols. Jeewon was named a 2017 Cybersecurity Trailblazer by the National Law Journal and recognized in Cybersecurity Docket's "Incident Response 30", a list of the 30 best and brightest data breach response lawyers.