Jeremy Berkowitz
Senior Privacy Director and Deputy Chief Privacy Officer
Overview
Jeremy Berkowitz is a Senior Director in the Paul Hastings Privacy and Cybersecurity Solutions Group. He has both a thorough understanding of global privacy and cybersecurity laws/regulations (e.g. GDPR, HIPAA, NYDFS Part 500), and extensive experience helping organizations understand the gaps in their programs. He has worked with clients for almost 15 years on pursuing the best strategies to enhance their privacy and cyber risk footprints.
Jeremy has also worked closely with global entities on building out their privacy/cyber programs in regard to people, processes, and tools. He has redesigned first, second-, and third-line operations and made recommendations on staffing to better meet compliance needs.
Jeremy received his undergraduate degree from the University of Michigan and Juris Doctorate from the Catholic University Columbus School of Law. He is a member of both the Maryland and Washington, DC Bars. Prior to law school, Jeremy was a special assistant for the Board of Directors of the U.S. Export-Import Bank.
Jeremy is an active member of the Federal Communications Bar Association where he co-chairs the Privacy and Data Security Committee. He also holds International Association of Privacy Professional (IAPP) certificates in European and US privacy.
Representations
- Conducted several dozen gap assessments for financial institutions, pharmaceutical companies, and retail entities against various privacy/cyber laws and regulations. Based off those assessments, drafted and implemented remediation plans to improve compliance programs.
- Consulted on privacy considerations of corporate internal investigations involving the review of employee data/devices.
- Worked with a major US bank on evaluating the efficacy of implementing various tooling solutions to enhancing their privacy capabilities.
- Worked with several major financial institutions to analyze third-party tracking occurring on their websites and design strategies for complying with notice/consent requirements while still maximizing data collection.
- Worked with a multinational financial institution on building a privacy program, including conducting an assessment against best privacy practices, reviewing and drafting documentation, and developing a plan to build, staff, and operationalize a privacy office in a three-year time period.
- Led an eight-month engagement to evaluate a major US county’s privacy and security program against the NIST Cybersecurity Framework and worked closely with county leadership to draft recommendations for improving their cybersecurity operations and revamping their CISO/CPO governance structure.
- Consulted with a global pharmaceutical company to review privacy practices enterprise-wide, including conducting a data mapping exercise of more than 100 processing activities, and ensure they were compliant with the California Consumer Privacy Act, before finalizing a merger with another major company.
Matters may have been completed before joining Paul Hastings.
insights
- DOJ to Evaluate AI Compliance Programs - October 10th, 2024
- Switzerland Gives Green Light for New Data Transfer Framework - August 20th, 2024
- Getting to Know Michelle Reed - August 14th, 2024
- CFPB Rules Expected Soon on Chatbots - August 14th, 2024
- CPPA Declines to Advance New Draft CCPA Regulations - July 30th, 2024
- Right to Reproductive Health Care Privacy - May 3rd, 2024
- Latest Draft Comprehensive Data Privacy Legislation is Released - April 12th, 2024
- Biometrics Litigation Update: Washington Is Poised to Become a New Frontier for Private Litigants - March 11th, 2024
- NIST CSF 2.0 Goes Live - February 28th, 2024
- FTC Proposes Revisions to Children’s Online Privacy Protection Act - January 25th, 2024
- CPPA Releases Proposed Regulatory Framework for Automated Decision-Making Technology - December 7th, 2023
- New NYDFS Part 500 Requirements Continue to Become Effective - December 6th, 2023
- NYDFS Releases Major Update to Part 500 Cybersecurity Requirements for Financial Services Companies - November 2nd, 2023
- NYDFS Releases Major Update to Part 500 Cybersecurity Requirements for Financial Services Companies - November 2nd, 2023
- FTC Approves New Incident Reporting Requirements for Safeguards Rule - November 1st, 2023
- California’s Delete Act Signed Into Law - October 12th, 2023
- SEC Cyber Rules Published in Federal Register - August 4th, 2023
- The SEC Adopts Cybersecurity Disclosure Regime for Public Companies - July 26th, 2023
- NYDFS Proposes Further Changes to Part 500 Rules - July 5th, 2023
- SEC Delays Finalized Cybersecurity Rules until Fall 2023 - June 29th, 2023