Jake Bernstein is a partner in the firm’s Technology Transactions and Sourcing and Data Protection, Privacy, and Security practice groups. A Certified Information Systems Security Professional (CISSP) and Certified Information Privacy Professional/US (CIPP/US), Jake is recognized for translating complex technical and legal concepts into clear, actionable counsel. He co hosts the widely followed Cyber Risk Management Podcast, where he explores emerging cybersecurity, privacy, and artificial intelligence trends.
Drawing on nearly eight years as an Assistant Attorney General in Washington State’s Consumer Protection Division, Jake helps companies navigate the alphabet soup of data protection and consumer protection laws—including GDPR, CCPA/CPRA, GLBA, HIPAA, Section 5 of the FTC Act, NY SHIELD Act, and state AI governance bills—while launching and scaling innovative products. His practice now includes responsible artificial intelligence (AI) governance, where he drafts enterprise wide AI acceptable use policies, operationalizes the NIST AI Risk Management Framework (AI RMF), and negotiates AI enabled SaaS and cloud agreements. Jake’s guidance secures data protection safeguards, bias mitigation covenants, and defensible intellectual property terms in sectors ranging from digital health and fintech to gaming and ag tech.
The Washington State Supreme Court does not recognize certification of specialties in the practice of law and this certification is not a requirement to practice law in the state of Washington.
Jake began his career at the Washington State Office of the Attorney General, serving nearly eight years in the Consumer Protection Division. As an Assistant Attorney General, he regulated businesses subject to Washington’s Consumer Protection Act, focusing on internet advertising and marketing, “high tech” scams and consumer fraud, and cybersecurity and privacy. He served as lead counsel on dozens of investigations and regulatory enforcement actions, ranging from single website deceptive practices to nationwide multi state investigations.
Upon entering private practice, Jake represented clients in litigation involving TCPA, CAN SPAM, false advertising, and Consumer Protection Act disputes. One client grew its online marketing business from approximately US\$5 million to more than US\$200 million in annual revenue over five years without regulatory inquiry. He routinely advises on compliance with state and federal consumer protection laws, with a particular interest in “dark patterns” and what constitutes “clear and conspicuous” online disclosure.
Prior to joining the firm, Jake practiced at two Seattle based internet, media, and technology law firms, concentrating on cybersecurity risk management, security architecture, vendor risk management, application security, incident response coaching, and proactive privacy counseling under the CCPA, GLBA, NY SHIELD Act, GDPR, and other regimes.
In his spare time, he reads draft state privacy and security bills—though he remains cautiously optimistic that Congress will pass a federal privacy law, even if it means the loss of this hobby.
- Recognized by Chambers USA for Privacy & Data Security in USA - Nationwide, 2025
- Named to Lawdragon's 500 Leading Global Cyber Lawyers, 2024
- Co-host, Cyber Risk Management Podcast (bi weekly)
- Member, International Association of Privacy Professionals (IAPP)
- Adjunct Professor, Seattle University School of Law
- Speaker, Cybersecurity for Law Firms, WSBA Summer School (virtual), 15 July 2025
- Speaker, Data Privacy Primer CLE, K&L Gates (internal), 24 June 2025
- Speaker, The Hype is Over. AI is Here. What Now?, Client's In-House Legal Retreat, 06 May 2025 and Tennessee Association of Corporate Counsel (virtual), 3 December 2024
- Speaker, Daubert, Frye, QC and AI—Oh My! Are Results Legally Admissible?, RSA Conference USA, 30 April 2025
- Speaker, HIPAA Security Rule Update, SecureWorld Health Virtual Conference, 22 April 2025
- Speaker, Ethics of Generative AI CLE, Firm Client, March 2025
- Speaker, Safeguarding Your Mission: Strategies for Managing Cybersecurity Risks for Nonprofits and Foundations, K&L Gates x Fulcrum Capital Lunch & Learn, 05 March 2025
- Speaker, Generative AI and the Risk Related Costs, InfoSec BC Society (virtual), 13 December 2024
- Panelist, How IT Can Improve Your GRC Program, SecureWorld West (virtual), 11 December 2024
- Speaker, Our Favorite NIST Special Publications, Live Recording of the Cyber Risk Management Podcast, ISC2 Seattle Chapter Meeting, 05 December 2024
- Speaker, Managing the Massive Changes to Privacy Law in the US, SecureWorld Seattle, 07 November 2024
- Panelist, Securing Success: The Impact of Networking, Education, and Certifications in Cybersecurity, SecureWorld Seattle, 06 November 2024
- Panelist, Beyond the Single Point of Failure: Lessons from Recent Vendor Incidents and Strategies for Resilience, SecureWorld Seattle, 06 November 2024
- Speaker, Cutting Through AI Hype, ISACA Seattle Chapter Meeting, 10 September 2024
- Speaker, The Proliferation of Privacy (& AI) Laws: 2025 Edition CLE, K&L Gates Tech Trans, 12 July 2024
- Panelist, The Use of Artificial Intelligence in Healthcare, NCBA Health Law Section CLE, 26 April 2024
- Speaker, Data Governance and Data Policy in the Indo-Pacific, ITIF (Information Technology & Innovation Foundation), 13 March 2024
- Speaker, Generative AI: What Clean Tech Business Leaders and Decision-Makers Need to Know, K&L Gates CleanTech Networking Reception, 27 February 2024
- Speaker, Securing the Future: Exploring Legal and AI Frontiers in Cybersecurity, SecureWorld Seattle, 08 November 2023
- Panelist, Implications of ChatGPT and Similar AI Tools, SecureWorld Seattle Advisory Council, 08 November 2023
- Panelist, Artificial Intelligence, The Future Is Here: Panel and Mixer, K&L Gates, 17 May 2023
- Speaker, The Proliferation of Privacy Laws: An Update for Non Privacy Specialists, King County Bar Association CLE, January 2023
- Speaker, Conducting a Privacy and Cybersecurity Assessment, Internet Law Leadership Summit, 12 May 2022
- Speaker, Anatomy of a Ransomware Attack and the Lawyer’s Role During Response and Recovery, WSBA IP Institute, 28 April 2022
- Speaker, How to Avoid Getting Sued for Cyber Liability, The Shrimp Tank Podcast CLE, 16 March 2022
- Panelist, SW West Coast Third Party Risk Panel, Seattle, 22 November 2021
- Speaker, Ransomware: Is Your Sensitive Data Protected, or Will You Have to Pay Up?, Cybersecurity Forum, 19 October 2021
- Speaker, The Ethics of Cybersecurity: How to Buy Cyber Insurance for Your Law Practice, Cyber Risk Opportunities, 15 September 2021
- PrivSec Global 2021 Appearances
- Host, Speaking Different Languages: What Data Protection & Privacy and Security departments have to learn about each other, 22 September 2021
- Panelist, Global Data Protection and Privacy Law Developments USA: Will Next Year see a Federal Privacy Law Under the Biden Administration?, 22 September 2021
- Panelist, Emerging Challenges in Cybersecurity: Implications of Biden’s Executive Order on Supply Chains and Third Party Risk Management, 23 September 2021
- Panelist, Why Most CCPA Cases Fail: Five Hurdles Plaintiffs Must Clear, 23 September 2021
- Speaker, Exploring the 2021 Verizon Data Breach Investigations Report, (ISC)2 Seattle Chapter, 02 September 2021
- Speaker, When Ransomware Attacks: Why You Should Call Your Lawyer Right Away, Cloud Security Alliance, 23 June 2021
- “Acquiring an AI Company,” Thomson Reuters Practical Law, January 2024
- “What Tech Firms Should Know About California's Social Media Law,” Bloomberg Law, 4 November 2022
- "Don't Be Complacent About Cybersecurity," 425 Business, 20 June 2022
- Quoted, "A cybersecurity lawyer warns of the pitfalls of an unprotected network in manufacturing," Puget Sound Business Journal, 20 April 2022