Jeewon Kim Serrato is a counsel and Co-Head of the Global Privacy & Data Protection Group where she advises companies on privacy, cybersecurity, data protection and crisis management issues. She has extensive experience in developing and structuring comprehensive data and trade secrets protection programs, implementing and testing information security controls, and helping companies mitigate cyber risks and handle data breaches.
Before joining Shearman & Sterling, Ms. Serrato was Chief Privacy Officer of Fannie Mae, where she led the organization’s privacy risk assessments, reviewed its operations from a privacy and cybersecurity perspective, and handled data security incidents. Ms. Serrato also currently serves on the Department of Homeland Security Data Privacy and Integrity Advisory Committee Technology Subcommittee and the Dell Security Solutions Chief Information Security Officer Advisory Board.
Ms. Serrato began her career working on issues relating to counterterrorism, the use of data by law enforcement and intelligence agencies and the balance between privacy and security. Upon graduation from law school, she served for two years as legislative counsel to members of the U.S. House of Representatives, during which she managed a portfolio including the reauthorization of the PATRIOT Act, the use of the National Security Letters and wireless surveillance, Secure America and Orderly Immigration Act and other homeland security-related bills, and crisis management issues including pandemic flu preparedness. Ms. Serrato continued to provide advice relating to homeland security and public safety issues at a Washington, D.C. law firm, where she served as lead counsel to a major telecom carrier in over 90 mediations with public safety agencies nationwide to improve wire and radio interoperability for first responders, which was a top priority of the Federal Communications Commission’s Public Safety and Homeland Security Bureau. Ms. Serrato continued to work on technology projects that have an impact on data and consumer privacy by next serving as the top-level executive in charge of privacy at RELX Group (formerly Reed Elsevier) where she oversaw the development and implementation of privacy policies for over 500 e-commerce and mobile products globally. She also served briefly in a senior position at the Woodrow Wilson International Center for Scholars and as a Counsel in Debevoise & Plimpton’s Cybersecurity and Data Privacy Practice.