Jason Sarfati, Director of Privacy and Data Ethics with Treliant, is an experienced data privacy consultant and attorney who specializes in addressing the privacy, data protection, and cybersecurity challenges faced by large multinational organizations.

He advises companies on how to comply with international, federal, and state privacy laws that govern the collection, use, and disclosure of private or otherwise sensitive information. These include the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), Children’s Online Privacy Protection Act (COPPA), Gramm-Leach-Bliley Act (GLBA), and Health Insurance Portability and Accountability Act (HIPAA).

To satisfy the obligations established by these privacy regimes, Jason has a track record of implementing global privacy operating models, performing privacy risk assessments, and supporting organizations as they navigate privacy-related government investigations. He has worked with clients across a broad range of industries including financial services, biotech, pharma, high-fashion retail, and others.

Jason is a firm believer that businesses should view data privacy and cybersecurity as an opportunity, not as a cost-related headache. By establishing internal controls that ensure the rapid and secure transfer of information, he seeks to empower businesses to maximize the value of their data without running afoul of consumers’ and regulators’ growing expectations of privacy. This type of holistic approach makes him an ideal partner for any growing business.

Prior to joining Treliant, Jason worked as Privacy Associate and Counsel for a Washington-based consulting firm, as well as performing similar roles in two metropolitan area law firms.

Jason holds a BA in International Business from Virginia Tech and a JD from George Mason University. He is a member of the bar in Virginia and Maryland.

Jason also belongs to the International Association of Privacy Professionals (IAPP) and holds the Certified Information Privacy Professional certification with a U.S. concentration (CIPP/US), making him well versed in the data privacy laws that govern the private sector in the United States.

He is a frequent contributor to publications and speaker on trending privacy issues.

Areas of Specialization

  • Compliance Audits
  • Compliance Programs
  • Consumer Laws / Regulations
  • Corporate Governance
  • Cybersecurity
  • Data Privacy
  • Data Risk Management / Data Science
  • Ethics Programs
  • FinTech Compliance
  • Information Security
  • Risk Assessments
  • Technology Services