Search form

Joseph J. Lazzarotti


P   973-451-6363
F   973-540-9015

vCard Connect


Joseph J. Lazzarotti is a Shareholder in the Morristown, New Jersey, office of Jackson Lewis P.C. He founded and currently helps to lead the firm's Privacy, e-Communication and Data Security Practice, edits the firm’s Privacy Blog, and is a Certified Information Privacy Professional (CIPP) with the International Association of Privacy Professionals.

In short, his practice focuses on the matrix of laws governing the privacy, security and management of data, as well as the impact and regulation of social media. He also counsels companies on compliance, fiduciary, taxation, and administrative matters with respect to health and welfare plans, and is a member of the firm's Health Care Reform Team.

Mr. Lazzarotti speaks and writes regularly on current employee benefits and data privacy and security topics and his work has been published in leading employment and business journals such as Bender's Labor and Employment Bulletin, the Australian Privacy Law Bulletin and the Privacy and Data Security Law Journal. He has discussed his views on these issues in a number of media outlets, including Inside Counsel, The National Law Journal, Financial Times, Business Insurance Magazine, HR Magazine and NPR.

Mr. Lazzarotti served as a judicial law clerk for the Honorable Laura Denvir Stith on the Missouri Court of Appeals.

Privacy, Social Media and Information Management Experience

As a part of Mr. Lazzarotti's work in the area of privacy, social media and information management, he counsels multinational, national and regional companies in all industries on the broad array of mandates, best practices and preventive safeguards. For example, he advises health care providers and group health plan sponsors concerning HIPAA/HITECH compliance, as well as retail, health care, entertainment and other companies in developing social media strategies and policies. His work includes developing written information security programs (WISPs), conducting on-site executive and employee trainings and helping clients through the process of responding to breaches of personal information. He has also represented companies with respect to inquiries concerning privacy and security from the HHS Office of Civil Rights and other agencies and negotiates numerous business associate agreements and other data privacy and security agreements.

Benefits Counseling Experience

Mr. Lazzarotti's work in the benefits counseling area covers many areas of employee benefits law. For example, as part of the Firm's Health Care Reform Team, he advises employers and plan sponsors regarding the establishment, administration and operation of fully insured and self-funded health and welfare plans, which includes counseling concerning the new reform law, as well as assisting in the set up of administrative and other arrangements with third-party administrators, claims administrators and other vendors. He also provides counsel with respect to the design, implementation and operation of severance and fringe benefit plans. His work often involves day-to-day legal advice concerning employee benefit plan operation and administration and trouble-shooting with respect to errors in operation.

Professional Associations and Activities

  • American Bar Association
  • International Association of Privacy Professionals, CIPP

Published Works

  • Inside The Minds – Complying With Health Care Privacy Laws (NA: Aspatore Books, 2008) [Contributing Author]
  • "A Survey of the Same-sex Marriage Landscape for New Jersey Employers Following United States v. Windsor and Garden State Equality v. Dow," NJ Labor & Employment Law Quarterly Vol. 35, No. 2 (February 2014) [Co-Author]
  • "Joseph J. Lazzarotti on State Data Privacy and Security Laws," Available in LexisNexis, Emerging Issues (February 8, 2008) [Interview Exclusive]
  • "“EFCA” Employee Free Choice Act," Bender’s Labor & Employment Bulletin 8.12 (2008) [Co-Author]
  • "The Emergence of State Data Privacy and Security Laws Affecting Employers," Hofstra Labor & Employment Law Journal 25.2 (Spring 2008) [Author]
  • "California Expands Data Breach Notification Requirements to Include Medical and Health Insurance Information," Privacy & Data Security Law Journal 75 (January 2008) [Author]
  • "Massachusetts Identity Theft Law Creates Data Breach Notification, Protection, and Destruction Requirements," Privacy & Data Security Law Journal 69 (January 2008) [Author]
  • "Oregon and Washington Employers Face Enhanced Data Privacy and Security Obligations," Privacy & Data Security Law Journal 63 (January 2008) [Co-Author]
  • "The US approach to notifying individuals of a breach of their personal information," Privacy Law Bulletin 4.6 (November/December 2007) [Author]
  • "HIPAA Enforcement: Farce or Reality?" Privacy & Data Security Law Journal 2.8 (July 2007) [Author]
  • "Recent Developments in State Privacy and Data Security: Assessing New Business Risks," Professional Liability Underwriting Society Journal 20.4 (April 2007) [Author]
  • "Recent Developments in State Privacy and Data Security Laws Increase Business Risks," Hudson Valley Business Journal (March 19, 2007) [Author]
  • "Starting the year off right," Hudson Valley Business Journal (Jauary 22, 2007) [Co-Author]
  • "Recent Developments in Privacy for the Healthcare Employer," MyZiva's Nursing Home Business 2 (January/February 2007) [Author]
  • "Voluntary Individual Benefit Programs: Meeting the Demands of a Varied Workforce at Minimal Cost," Bender's Labor & Employment Bulletin 572.6 (December 2006) [Co-Author]
  • "Responding to an Unauthorized Breach of Your Company's Electronic Personal Information: A Discussion of State Breach Notification Laws and Preventive Strategies," Privacy & Data Security Law Journal 1.12 (November 2006) [Author]
  • "Wellness programs can benefit the bottom line," Hudson Valley Business Journal 17.17 (September 4, 2006) [Author]
  • "An Introduction to Wellness Programs: The Legal Implications of “Bona Fide Wellness Programs,"" Bender’s Labor & Employment Bulletin 6.6 (June 2006) [Author]
  • "What Are A Small Employer's Obligations Under The HIPAA Security Rules?" Bender’s Labor & Employment Bulletin 6.4 (April 2006) [Author]
  • "What Are A Small Employer's Obligations Under The HIPAA Security Rules?" Privacy & Data Security Law Journal 1.6 (May 2006) [Author]
  • "ERISA Basics - What Is a Summary Plan Description," Bender's Labor & Employment Bulletin 5 (October 2005) [Author]
  • "A Review of the Key changes in the Final HIPAA Portability Regulations," Bender's Labor & Employment Bulletin 5.3 (March 2005) [Author]
  • "Department of Labor Issues Final COBRA Notice Regulations," Bender's Labor & Employment Bulletin 4.9 (September 2004) [Co-Author]
  • "What Are a Small Employer's Obligations under the HIPAA Privacy Rules?" Bender's Labor & Employment Bulletin 4.3 (March 2004) [Author]
  • "Small Business and HIPAA Privacy Rules," Westchester County Business Journal (Feburary 9, 2004) [Author]
  • "Public Use or Public Abuse," 68 UMKC Law Review 49 68.49 (January 2000) [Author]

Speeches and Presentations

  • "Data Privacy and Security: Considerations and Best Practices Including BYOD Issues," Jackson Lewis 3rd Annual Raleigh-Durham Symposium, Raleigh, NC (February 2014) [Co-Presenter]
  • "#Employers: Social Media in the Workplace," Jackson Lewis San Juan 1st Annual Labor and Employment Conference, Surveying the Workplace Law Landscape, San Juan, PR (March 2014) [Co-Presenter]
  • "Yes, You Need To Safeguard Personal and Company Data…A Survey of the Laws Applying to Customer and Employee and Data Breach Survival Plan," Jackson Lewis Information and Data Security Symposium, Detroit, MI (April 2014) [Keynote Speaker]
  • Global Data Privacy Roundtable, Global Counsel Congress, New York, NY (June 2014) [Co-Presenter]
  • "Data Breach Law Update," PA Association of Mutual Insurance Companies, Leola, PA, Executive Roundtable (June 2014)
  • "Data Privacy, Data Breaches and Monitoring," Stafford Webinar (August 2014) [Co-Presenter]
  • "Managing Remote Workforce - Employment and Data Security Issues," Association of Corporate Counsel, Miami, FL Chapter (September 2014) [Co-Presenter]
  • "HIPAA Compliance Update for Providers," Connecticut Assisted Living Association, Wallingford, CT (September 2014)
  • Data Breach Response Workshop, IAPP KnowledgeNet, Morristown, NJ (September 2014) [Co-Presenter]
  • "Wellness Program Compliance," United Benefits Advisors, Webinar (October 2014)
  • "Ebola Preparedness," Association of Corporate Counsel Washington D.C. Chapter, Webinar (November 2014) [Co-Presenter]
  • Data Privacy Roundtable, People’s United Bank, Westchester, NY (June 2013)
  • Keynote Address: "Compliance Risks Health Care Reform and Data Privacy," Jackson Lewis White Plains Symposium, Westchester, NY (June 2013) [Co-Presenter]
  • "Big Data: Data Privacy and Security, Risks," Jackson Lewis Hartford Symposium, Hartford, CT (June 2013)
  • "HIPAA Privacy and Security Update," Interagency Council of Developmental Disabilities Agencies, Inc. Graduate Center, CUNY, New York, NY (May 2013)
  • "What The Affordable Care Act Means For Your Business," Connecticut Business and Industry Association, Southington, CT (May 2013)
  • "Health Care Reform: Key Provisions Affecting Employees," NYS Community Action Association, Sheraton Hotel, Mahwah, NJ (May 2013)
  • "Human Resources Boot Camp for New Jersey Employers," Health Care Reform and Data Privacy Segments, Pro Bono Partnership, Seton Hall Law School, Newark, NJ (May 2013)
  • "HIPAA Privacy and Security Update," Nationwide webinar for United Benefits Advisors member (May 2013)
  • "The eWorkplace: Privacy and Information Security Policy," 2013 Labor and Employment Conference, Jackson Lewis, The Pavilion at the Belo Mansion, Dallas, TX (May 2013)
  • "Health Care Reform Update," Memphis, TN SHRM Chapter, Memphis, TN (March 2013)
  • "Health Care Reform Update," Somerset, NJ SHRM Chapter, Somerset, NJ (January 2013)
  • "Data Security and Social Networking," NJ Institute for Continuing Legal Education, New Jersey Law Center, New Brunswick, NJ (December 2012)
  • "Protecting Company and Personal Data: Spotting Issues and Removing Silos ... HR and Beyond," Jackson Lewis Employment Law Workshop, Las Vegas, NV (November 2012)
  • "Affordable Care Act Update," Tarpey Group, Upper Montclair Country Club, Montclair, NJ (Nocember 2012)
  • "Uses of Social Media Risks and Reward for CPA Firms," CNA Nationwide webinar (September 2012) [Co-Presenter]

See AllJoseph J. Lazzarotti in the News

Showing 1-3 of 5
Most Read
August 27, 2015

Joseph Lazzarotti Comments on Employer Smartphone Policies

August 27, 2015

Joseph Lazzarotti comments on employer smartphone policies in CNN Money's "Can your employer see everything you do on your company phone?" Subscription may be required to view article Read More

August 13, 2015
Employee Benefit News

Joseph Lazzarotti Discusses Gay Marriage Ruling

August 13, 2015

Joseph Lazzarotti was quoted in "How the Gay Marriage Ruling Impacts Group Benefits," published in Employee Benefit News. Subscription may be required to view article. Read More

May 22, 2015

Joe Lazzarotti Comments on the U.S. Postal Service's Data Breach Settlement

May 22, 2015

Joe Lazzarotti comments on the U.S. Postal Service's data breach settlement in Politico Pro's "Postal Service will settle over data breach." View Article (subscription may be required) Read More

Showing 1-3 of 5

See AllPublications

Advanced Filtering
Showing 1-3 of 43
Most Read
August 11, 2015

New Florida Law Offers Employers Leverage Against Employees’ Unauthorized Access of Data, Files

August 11, 2015

Effective October 1, 2015, Florida’s Computer Abuse and Data Recovery Act (Sections 668.801- 668.805, Florida Statutes) (CADRA) provides a new remedy to employers and other businesses that suffer harm or loss due to unauthorized access to their computers or to information stored on their computers. CADRA provides a civil cause... Read More

July 23, 2015

Connecticut Adds Significant Data Security Mandates for State Contractors, Certain Health Insurance Industry Businesses

July 23, 2015

Connecticut has amended its breach notification statute to require that covered businesses provide one year of identity theft protection services to persons affected by certain breaches of their personal information. Senate Bill 949 also establishes significant data security requirements for entities contracting with state agencies... Read More

June 17, 2015

New Connecticut Law Requires Businesses Offer Identity Theft Protection Services after a Data Breach

June 17, 2015

Beginning October 1, 2015, companies that experience a data breach affecting a Connecticut resident must offer that individual free identity-theft prevention services and, if applicable, identity theft mitigation services for at least one year. The breach must include the resident’s name and Social Security number (SSN). The new... Read More

Showing 1-3 of 43

See All Upcoming Joseph J. Lazzarotti Events

October 27

Hollywood, FL

Employment Class Action Summit

October 27, 2015
8:30 AM - 6:30 PM EST
Seminole Hard Rock Hotel & Casino Hollywood
1 Seminole Way
Conference Center
Hollywood, FL 33314

Presented by leading attorneys with a wide range of class action expertise, this full-day CLE program will dive into ... Read More

Blog Posts by Joseph J. Lazzarotti

Wearables, Wellness and Privacy
September 22, 2015

Bloomberg BNA (subscription) recently reported that this fall the Center for Democracy & Technology (CDT) will be issuing a report on Fitbit Inc.’s privacy practices. Avid runners, walkers or those up on the latest gadgets likely know about Fitbit, and its line of wearable fitness devices. Read More

HIPAA Audits Maybe, But Audit Preparedness Definitely!
September 11, 2015

According to a Bloomberg article, the second phase of HIPAA audits by the Office for Civil Rights (OCR), originally set to commence in 2014, may be coming soon. Read More

DoD Issues Interim Rule For Contractors on Incident Reporting and Cloud Computing Services
September 9, 2015

Government contractors have a wide range of unique challenges (find out more about these here), not the least of which is data security. A good example is the interim rule the Department of Defense (DoD) issued last month that implements sections of the National Defense Authorization Act for Fiscal Years 2013 and 2015. Read More