Jake Bernstein is a partner in the firm’s Technology Transactions and Sourcing and Data Protection, Privacy, and Security practice groups. Jake is also a Certified Information Systems Security Professional licensed by (ISC)2. He can be heard discussing cybersecurity and privacy issues as the co-host of the popular Cyber Risk Management Podcast.
In addition to his Data Protection, Privacy, and Security work, Jake also leverages his background as an Assistant Attorney General in the Consumer Protection Division of the Washington State Office of the Attorney General to counsel clients on a host of regulatory matters, especially involving technology and the Internet.
The Washington State Supreme Court does not recognize certification of specialties in the practice of law and this certification is not a requirement to practice law in the state of Washington.
Jake began his career at the Washington State Office of the Attorney General, where he served for nearly eight years in the Consumer Protection Division. As an Assistant Attorney General, Jake regulated businesses subject to Washington’s Consumer Protection Act, focusing on internet advertising and marketing, “high tech” scams and consumer fraud, and cybersecurity and privacy. Jake served as lead counsel on dozens of investigations and regulatory enforcement actions, ranging from small businesses engaged in single-website deceptive practices to nationwide multi-state investigations of major industries.
Upon entering private practice, Jake focused his efforts on representing clients in litigation relating to the same or similar topics, including TCPA, CAN-SPAM and California Anti-Spam Law cases, false advertising cases, and multiple Consumer Protection Act disputes. One of Jake’s clients grew its online advertising and marketing business from approximately US$5 million in annual revenue to over US$200 million in annual revenue over the course of five years without any regulatory inquiries or incidents. Jake routinely advises clients on compliance with state and federal consumer protection laws, and draws upon his experience as a regulator to provide a unique perspective on these topics. With a particular interest in “dark patterns,” Jake continues to help clients understand exactly what “clear and conspicuous disclosure” requires and how to apply the concept to the online world.
Prior to joining the firm, Jake served as an attorney at two internet, media, and technology law firms in Seattle. Through these roles Jake ultimately focused his practice on cybersecurity and privacy, and provided incident response counseling and coaching, and proactively counseled clients on a wide range of cybersecurity issues including cybersecurity risk management, security architecture, vendor risk management, application security, and more. Additionally, Jake has advised rapidly-growing, technology-focused companies. He has experience in advising executives, sales managers, and engineers on regulatory compliance under a host of state, federal, and international laws including the California Consumer Privacy Act (CCPA), federal Gramm-Leach-Bliley Act (GLBA), NY SHIELD Act, and the European Union’s General Data Protection Regulation (GDPR). In his spare time, Jake enjoys reading the numerous state privacy and security bills released on a regular basis by enthusiastic legislatures. He remains cautiously optimistic that Congress will soon pass a federal law, even if it means the loss of this hobby.
- Recognized by Chambers USA for Privacy & Data Security in USA - Nationwide, 2025
- Named to Lawdragon's 500 Leading Global Cyber Lawyers, 2024
- Speaker, Data Governance and Data Policy in the Indo-Pacific, ITIF (Information Technology & Innovation Foundation), 13 March 2024
- Speaker, New Risks of the Evolving Workforce, Hybrid Work Group, K&L Gates, 23 June 2022
- Speaker, The Role of UX in Compliance and Product Counseling, K&L Gates In-House CLE, 16 June 2022
- Speaker, Conducting a Privacy and Cybersecurity Assessment, Internet Law Leadership Summit, 12 May 2022
- Speaker, Anatomy of a Ransomware Attack and the Lawyer’s Role During Response and Recovery, WSBA IP Institute, 28 April 2022
- Speaker, How to Avoid Getting Sued for Cyber Liability, The Shrimp Tank Podcast, 16 March 2022
- Speaker, SW West Coast Third Party Risk Panel, 22 November 2021
- Speaker, Ransomware: Is Your Sensitive Data Protected, or Will You Have to Pay Up?, 19 October 2021
- Speaker, The Ethics of Cybersecurity: How to Buy Cyber Insurance for Your Law Practice, Cyber Risk Opportunities, 15 September 2021
- PrivSec Global 2021 Appearances
- Host, Speaking Different Languages: What Data Protection & Privacy and Security departments have to learn about each other, 22 September 2021
- Panelist, Global Data Protection and Privacy Law Developments USA: Will Next Year see a Federal Privacy Law Under the Biden Administration?, 22 September 2021
- Panelist, Emerging Challenges in Cybersecurity: Implications of Biden’s Executive Order on Supply Chains and Third Party Risk Management, 23 September 2021
- Panelist, Why Most CCPA Cases Fail: Five Hurdles Plaintiffs Must Clear, 23 September 2021
- Speaker, Exploring the 2021 Verizon Data Breach Investigations Report, (ISC)2 Seattle Chapter, 2 September 2021
- Speaker, When Ransomware Attacks: Why You Should Call Your Lawyer Right Away, Cloud Security Alliance, 23 June 2021
- “Acquiring an AI Company,” Thomson Reuters Practical Law, January 2024
- “What Tech Firms Should Know About California’s Social Media Law,” Bloomberg Law, 4 November 2022
- The Cyber Risk Management Podcast
- "Don't Be Complacent About Cybersecurity," 425 Business, 20 June 2022
- Quoted, "A cybersecurity lawyer warns of the pitfalls of an unprotected network in manufacturing," Puget Sound Business Journal, 20 April 2022
