Jeremy Berkowitz
Senior Privacy Director and Deputy Chief Privacy Officer
Overview
Jeremy Berkowitz is a Senior Director in the Paul Hastings Privacy and Cybersecurity Solutions Group. He has both a thorough understanding of global privacy and cybersecurity laws/regulations (e.g. GDPR, HIPAA, NYDFS Part 500), and extensive experience helping organizations understand the gaps in their programs. He has worked with clients for almost 15 years on pursuing the best strategies to enhance their privacy and cyber risk footprints.
Jeremy has also worked closely with global entities on building out their privacy/cyber programs in regard to people, processes, and tools. He has redesigned first, second-, and third-line operations and made recommendations on staffing to better meet compliance needs.
Jeremy received his undergraduate degree from the University of Michigan and Juris Doctorate from the Catholic University Columbus School of Law. He is a member of both the Maryland and Washington, DC Bars. Prior to law school, Jeremy was a special assistant for the Board of Directors of the U.S. Export-Import Bank.
Jeremy is an active member of the Federal Communications Bar Association where he co-chairs the Privacy and Data Security Committee. He also holds International Association of Privacy Professional (IAPP) certificates in European and US privacy.
Representations
- Conducted several dozen gap assessments for financial institutions, pharmaceutical companies, and retail entities against various privacy/cyber laws and regulations. Based off those assessments, drafted and implemented remediation plans to improve compliance programs.
- Consulted on privacy considerations of corporate internal investigations involving the review of employee data/devices.
- Worked with a major US bank on evaluating the efficacy of implementing various tooling solutions to enhancing their privacy capabilities.
- Worked with several major financial institutions to analyze third-party tracking occurring on their websites and design strategies for complying with notice/consent requirements while still maximizing data collection.
- Worked with a multinational financial institution on building a privacy program, including conducting an assessment against best privacy practices, reviewing and drafting documentation, and developing a plan to build, staff, and operationalize a privacy office in a three-year time period.
- Led an eight-month engagement to evaluate a major US county’s privacy and security program against the NIST Cybersecurity Framework and worked closely with county leadership to draft recommendations for improving their cybersecurity operations and revamping their CISO/CPO governance structure.
- Consulted with a global pharmaceutical company to review privacy practices enterprise-wide, including conducting a data mapping exercise of more than 100 processing activities, and ensure they were compliant with the California Consumer Privacy Act, before finalizing a merger with another major company.
Matters may have been completed before joining Paul Hastings.