Former Fannie Mae Chief Privacy Officer Joins Debevoise’s Growing Cybersecurity & Data Privacy Practice

8 September 2015

Debevoise & Plimpton LLP today announced that Jeewon Kim Serrato has joined the firm as a counsel in the Washington, D.C. office. Ms. Serrato joins the firm from Fannie Mae, where she was Chief Privacy Officer. She will practice in the firm’s Cybersecurity & Data Privacy practice, ranked as a leading global practice by The Legal 500.

As Chief Privacy Officer, Ms. Serrato managed Fannie Mae’s privacy program, a critical responsibility due to the large stores of personal information that Fannie Mae collects and maintains. In addition, she oversaw the organization’s privacy risk assessments, reviewed its operations from a privacy and cybersecurity perspective, and handled data security incidents. She is a member of the U.S. Department of Homeland Security’s Data Privacy and Integrity Advisory Committee and is also a member of the Chief Information Security Officer Group on the Dell Software President’s Advisory Board.

Jeremy Feigelson, who leads Debevoise’s Cybersecurity & Data Privacy practice, said: “Jeewon is a terrific addition to the firm and to our privacy and cyber team. With over 10 years of experience in the field, she brings our clients a great combination of practical in-house perspective, depth in privacy law and public policy expertise.”

Ms. Serrato said: “I am excited to join Debevoise, which has long established itself as a premier ‘go-to’ firm on privacy and cybersecurity issues. The firm has an exemplary culture and a renowned privacy and cybersecurity team. I look forward to helping the firm build on those top-tier capabilities.”

Fannie Mae was chartered by Congress in 1938 and is the leading source of residential mortgage credit in the U.S. secondary market. Prior to joining Fannie Mae, Ms. Serrato was in charge of managing the privacy program at Reed Elsevier Inc. and served in a senior position at the Woodrow Wilson International Center for Scholars. Earlier, she was an associate at a Washington, D.C. law firm. Ms. Serrato earned her J.D. from Boalt Hall School of Law at the University of California, Berkeley in 2004, and her B.A. in 2001 from the University of California, Berkeley, where she graduated summa cum laude and Phi Beta Kappa. Upon graduation, she served for two years as legislative counsel to a member of the U.S. House of Representatives.

Debevoise has maintained a robust practice in the privacy and cybersecurity space for over ten years. It is a comprehensive practice that handles a wide range of litigation, crisis management, counseling and transactional matters for clients in a broad array of industries. In addition to Mr. Feigelson, a partner in the New York office whose practice includes privacy litigation, data breach response and related counseling projects, the senior team includes:

  • Jeffrey P. Cunard, the managing partner of the firm’s Washington, D.C. office and an internationally recognized practitioner who regularly provides counseling and transactional advice to clients on data privacy and cybersecurity matters;

  • David A. O’Neil, a partner in the Washington office and formerly Acting Assistant Attorney General for the Criminal Division and former Deputy Assistant Attorney General for the Fraud Section at the Department of Justice, whose responsibilities at DOJ included the prosecution of cybercrimes and the oversight of complex international investigations of botnets, sophisticated malware schemes and state-sponsored cyber espionage;

  • Jim Pastore, a partner in the New York office, who helped pioneer cybersecurity enforcement as an Assistant U.S. Attorney in the Southern District of New York before rejoining Debevoise (where he began his career) in 2014; and

  • David Sarratt, counsel in the New York office, who formerly prosecuted pathbreaking cases of cybercrime against financial institutions as an Assistant United States Attorney in the Eastern District of New York. 

About the Cybersecurity & Data Privacy Practice

Debevoise’s Cybersecurity & Data Privacy practice provides a collaborative approach to help clients navigate their business-critical privacy, data protection and data security issues. The team has unique capabilities in helping clients navigate the forensic and legal aftermath of data breaches. The firm’s cross-border, interdisciplinary team also offers regulatory counseling, defends clients in government enforcement actions, litigates privacy-related class actions and other matters, assists clients with the development and updating of their policies and procedures for the handling of customer data and other sensitive information, and handles U.S. and cross-border transactions where data protection and security issues arise. The group’s current assignments include advising a major retailer in connection with matters arising out of its widely publicized data breach, serving as breach response counsel to a major financial institution, and providing confidential counseling and transactional advice on privacy and cybersecurity matters to clients in a wide range of industries.

About Debevoise & Plimpton LLP

Debevoise & Plimpton LLP is a premier law firm with market-leading practices, a global perspective and strong New York roots. We deliver effective solutions to our clients’ most important legal challenges, applying clear commercial judgment and a distinctively collaborative approach.