
Jeremy Berkowitz
Senior Privacy Director and Deputy Chief Privacy Officer
Overview
Jeremy Berkowitz is a senior director in the Paul Hastings Privacy and Cybersecurity Solutions Group. He has both a thorough understanding of global privacy and cybersecurity laws/regulations (e.g., GDPR, HIPAA, NYDFS Part 500), and extensive experience helping organizations understand the gaps in their programs. He has worked with clients for almost 16 years on pursuing the best strategies to enhance their privacy and cyber risk footprints.
Jeremy has also worked closely with global entities on building out their privacy/cyber programs in regard to people, processes and tools. He has redesigned first-, second- and third-line operations and made recommendations on staffing to better meet compliance needs. He also has worked with clients in operationalizing their cybersecurity programs in preparation for examination by regulators. Jeremy received his undergraduate degree from the University of Michigan and Juris Doctorate from the Catholic University Columbus School of Law. He is a member of both the Maryland and Washington, D.C. bars. Prior to law school, Jeremy was a special assistant for the Board of Directors of the U.S. Export-Import Bank.
Jeremy is an active member of the Federal Communications Bar Association where he has co-chaired the Privacy and Data Security Committee, as well as the Cybersecurity Committee. He also holds International Association of Privacy Professional (IAPP) certificates in European and U.S. privacy.
Representations
- Conducted more than 100 gap assessments for financial institutions, pharmaceutical companies and retail entities against various privacy/cyber laws and regulations. Based off those assessments, drafted and implemented remediation plans to improve compliance programs.
- Worked with financial institutions who are applying for different state money transmitter licenses and prepared their cybersecurity programs for regulator examination.
- Consulted on privacy considerations of corporate internal investigations involving the review of employee data/devices.
- Draft and conduct cybersecurity tabletop exercises with clients seeking to enhance their security incident practices.
- Worked with a major U.S. bank on evaluating the efficacy of implementing various tooling solutions to enhancing their privacy capabilities.
- Worked with several major financial institutions to analyze third-party tracking occurring on their websites and design strategies for complying with notice/consent requirements while still maximizing data collection.
- Worked with a multinational financial institution on building a privacy program, including conducting an assessment against best privacy practices, reviewing and drafting documentation, and developing a plan to build, staff, and operationalize a privacy office in a three-year time period.
- Led an eight-month engagement to evaluate a major U.S. county’s privacy and security program against the NIST Cybersecurity Framework and worked closely with county leadership to draft recommendations for improving their cybersecurity operations and revamping their CISO/CPO governance structure.
- Consulted with a global pharmaceutical company to review privacy practices enterprise-wide, including conducting a data mapping exercise of more than 100 processing activities, and ensure they were compliant with the California Consumer Privacy Act, before finalizing a merger with another major company.
Matters may have been completed before joining Paul Hastings.
Insights
- US Privacy Update: Where Things Stand at the Start of Q2 2025 - March 27th, 2025
- The Bybit Hack of 2025 — Potential Implications - March 14th, 2025
- Biometrics Litigation Update: First Class Action Complaint Filed Under Washington’s My Health My Data Act — Is Your Company Ready? - March 12th, 2025
- The New Administration’s Privacy and Security Updates - February 5th, 2025
- SEC Cybersecurity Incident Disclosure Report - December 18th, 2024
- Paul Hastings Hosts Panel on Privacy and Security Challenges for Fintechs - November 13th, 2024
- DOJ to Evaluate AI Compliance Programs - October 10th, 2024
- Switzerland Gives Green Light for New Data Transfer Framework - August 20th, 2024
- Getting to Know Michelle Reed - August 14th, 2024
- CFPB Rules Expected Soon on Chatbots - August 14th, 2024
- CPPA Declines to Advance New Draft CCPA Regulations - July 30th, 2024
- Right to Reproductive Health Care Privacy - May 3rd, 2024
- Latest Draft Comprehensive Data Privacy Legislation is Released - April 12th, 2024
- Biometrics Litigation Update: Washington Is Poised to Become a New Frontier for Private Litigants - March 11th, 2024
- NIST CSF 2.0 Goes Live - February 28th, 2024
- FTC Proposes Revisions to Children’s Online Privacy Protection Act - January 25th, 2024
- CPPA Releases Proposed Regulatory Framework for Automated Decision-Making Technology - December 7th, 2023
- New NYDFS Part 500 Requirements Continue to Become Effective - December 6th, 2023
- NYDFS Releases Major Update to Part 500 Cybersecurity Requirements for Financial Services Companies - November 2nd, 2023
- NYDFS Releases Major Update to Part 500 Cybersecurity Requirements for Financial Services Companies - November 2nd, 2023