Jerel Pacis Agatep

Jerel is the Practice Innovation Attorney for the firm’s Data Privacy practice. In this role, Jerel is focused on optimizing client value, driving technology innovation, streamlining compliance requirements, and supporting the needs of start-up and emerging growth companies related to global privacy laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), the California Online Privacy Protection Act (CalOPPA), the Health Insurance Portability and Accountability Act (HIPAA), the Biometric Information Privacy Act (BIPA) and other sectoral privacy laws.

Prior to joining Gunderson Dettmer, Jerel was a senior associate and part of BakerHostetler’s Digital Assets and Data Management practice group. He has cross-functional expertise in data privacy, cybersecurity, and products & features counseling. Jerel also has extensive experience helping organizations with privacy program management and data governance, conducting data mapping, gap assessment, third-party risk management, and responding to investigations by the California Attorney General’s office. He also has experience handling data security incidents and breaches and litigating novel privacy causes of action.

Prior to practicing data privacy, Jerel was an associate at Jackson Lewis, practicing Labor & Employment. This background in employment law has enabled Jerel to establish a niche practice in workplace privacy, including litigation of common law invasion of privacy torts; the collection, use, disclosure, and retention of employee HR data; workplace monitoring (e.g., video/audio monitoring, GPS/smartphone monitoring, keystroke software, and biometric temperature scan); and automated decision making and the intersection with federal, state, and local employee discrimination, harassment, and retaliation laws.

Jerel is a Fellow of Information Privacy (FIP) as well as a Certified Information Privacy Professional (CIPP), holding the U.S. private-sector certification (CIPP/US), and the Information Privacy Manager certification (CIPM), each granted by the International Association of Privacy Professionals (IAPP). The FIP, CIPP, and CIPM designations are the global standard in privacy certification, and demonstrate a strong foundation in U.S. sector privacy laws and regulations and privacy program management. 

Jerel is admitted to practice in California, U.S. District Court Northern District of California, U.S. District Court Central District of California, and U.S. District Court Eastern District of California.

EXPERIENCE

• Prior Legal Secondee at a large multinational technology conglomerate advising on third-party risk management and oversight, including building frameworks and safeguards to protect user data and information shared with and received from the company’s third-party ecosystem as required by global regulations, including GDPR, FTC, CCPA, etc.
• Represented a Fortune 50 company in responding to CCPA noncompliance investigations by the State of California’s DOJ, Office of the Attorney General.
• Provided advice to internal Business Units of several companies, including marketing, sales, IT, analytics and customer service, to improve practices and procedures related to consumers exercising their privacy rights under the GDPR, CCPA and Nevada privacy law.
• Conducted data mapping, documentation, vendor management, data security and training management for global companies’ privacy offices.
• Assisted a COVID-19 vaccine provider in responding to Massachusetts Attorney General’s inquiry regarding the handling of patient data.
• Assisted a multinational IT company in responding to a large-scale data security breach affecting numerous other companies and updated and prepared its Computer Security Incident Response Plan.
• Advised a Fortune10 company in developing practices and procedures in handling of deceased employees’ pay records.
• Performed product reviews and best practices for compliance and consumer protection, as well as related risk assessments, including a high-level review of a COVID-19 contact tracing app and a software device that interprets speeches with the capability of simultaneous translation.
• Responded to numerous data security incidents and breaches involving ransomware, financial breach, HIPAA breach and more. Provided assessment of the data security problem and facilitation of all legal and commercial agreements and services to contain, analyze, investigate and remediate the incident. Also, provided breach notification letters to affected individuals and corresponding agencies.