Jeewon Kim Serrato


Jeewon Kim Serrato is counsel and Head of the Global Privacy & Data Protection Group. She advises companies on privacy, cybersecurity, data protection and crisis management issues. She has extensive experience in developing and structuring comprehensive data and trade secrets protection programs, implementing and testing information security controls, and helping companies mitigate cyber risks and handle data breaches. In 2017, she was named a Cybersecurity Trailblazer by the National Law Journal.

Before joining Shearman & Sterling, Jeewon was Chief Privacy Officer of Fannie Mae, where she led the organization’s privacy risk assessments, reviewed its operations from a privacy and cybersecurity perspective, and handled data security incidents. She also currently serves on the U.S. Department of Homeland Security Data Privacy and Integrity Advisory Committee’s Technology Subcommittee.

Jeewon began her career working on issues relating to counterterrorism, the use of data by law enforcement and intelligence agencies and the balance between privacy and security.  Upon graduation from law school, she served for two years as legislative counsel to members of the U.S. House of Representatives, during which she managed a portfolio including the reauthorization of the PATRIOT Act, the use of the National Security Letters and wireless surveillance, Secure America and Orderly Immigration Act and other homeland security-related bills, and crisis management issues including pandemic flu preparedness. She continued to provide advice relating to homeland security and public safety issues at a Washington, D.C. law firm, where she served as lead counsel to a major telecom carrier in over 90 mediations with public safety agencies nationwide to improve wire and radio interoperability for first responders, which was a top priority of the Federal Communications Commission’s Public Safety and Homeland Security Bureau.

Jeewon continued to work on technology projects that have an impact on data and consumer privacy by next serving as the top-level executive in charge of privacy at RELX Group (formerly Reed Elsevier) where she oversaw the development and implementation of privacy policies for over 500 e-commerce and mobile products globally.   She also served briefly in a senior position at the Woodrow Wilson International Center for Scholars and as a Counsel in Debevoise & Plimpton’s Cybersecurity and Data Privacy Practice.

Selected Experience

  • Experience advising on best practices and policy development, consulting on product design, and conducting readiness assessments for the EU General Data Protection Regulation (GDPR)
  • Advised a South American bank in launching a new banking service in the U.S. and developing a privacy notice for its customers
  • Reviewed and revised website privacy policies for a financial services digital platform
  • Advised a healthcare industry client on compliance matters relating to the EU GDPR
  • Assisted a UK organization in developing notice and consent mechanisms for cross-border data transfers

Selected Publications

  • Co-Author, Unmanned Aerial Systems: Mobility on the Edge, American Bar Association The SciTech Lawyer 2013


  • University of California, Berkeley School of Law, J.D.
  • University of California, Berkeley, B.A.
  • Institut d’Études Politiques de Paris International Program of Political Science and Social Sciences


Connect With Us