Live from Workplace Horizons 2025: Amidst Explosion in Data Privacy and Security Litigation, Prevention and Defense Best Practices Emerge

Transcript

INTRO

You're listening to a special edition of We get work®, recorded live from Workplace Horizons 2025 in New York City, Jackson Lewis' annual Labor and Employment Law Conference. Over 500 representatives from 260 companies gathered together to share valuable insights and best practices on workplace law issues impacting their business today. Here's your personal invitation to get the insights from the conference delivered directly to you. We'll see you in 2026.

CONTENT

Alitia Faccone
Senior Director, Business Development 

Good afternoon, and welcome to the We get work® podcast Live from Workplace Horizons 2025. In the studio with me this afternoon, we have Damon Silver, principal in our New York City office, and Jason Gavejian, office managing principal of the Berkeley Heights Office of Jackson Lewis. 

Just take a minute, if you would, for me and tell me a little bit about your practice and the issues that your clients are facing here in 2025. Damon, we’ll start with you. 

Damon Silver
Principal, New York City

At its core, our Privacy, Data and Cybersecurity Group helps our clients handle their data safely. What that means in practice is that we work with them to prevent and respond to data breaches. We help them comply with the various different data privacy and security laws they may be subject to. Then, increasingly, we help them when they face various types of claims and litigation, including those related to data breaches and their use of website tracking technologies and biometric information.

Faccone

Jason?

Jason Gavejian
Office Managing Principal, Berkeley Heights

Very much along the same lines. My practice primarily focuses now on litigation, but I still do a ton of advice and counsel work for clients on privacy, data and security issues. Again, right now we're seeing a big influx of litigation that's really driving the majority of my practice.

Faccone 

Thank you. The title of your presentation today was, ‘Amidst Explosion in Data Privacy and Security Litigation, How Do We Prevent, Defend and Create Best Practices?’ Jason, can you tell us a little bit about what you covered in your session here at Workplace Horizons today?

Gavejian 

We tried to run the full gamut for our clients. We talked to them a lot about what types of litigation we're currently seeing, as Damon mentioned, data breach litigation, California Invasion of Privacy Act claims related to website tracking, as well as Biometric Information Privacy Act and Genetic Information Privacy Act claims. We also talked to them about some common defenses and ways that they can ultimately, hopefully, win a lawsuit or position themselves for a good settlement. As well as some steps that they can take on the proactive side to avoid litigation in the first place.

Faccone

With all of those topics and issues to cover, how did you decide what to include here in your presentation? What are your clients talking to you about back in the office?

Silver

Litigation in general was something of a sideshow in the data privacy and security space up until somewhat recently. It's only been the last few years that litigation has become the focus for our clients. When we go to conferences, it's increasingly what's being talked about on panels. It's increasingly what a lot of members of our team are spending their time on. 

There have been a couple of different reasons for that, one of which is that for a long time after data breaches occurred, unless it was a really significant breach, like tens of millions of people, perhaps, that were impacted, we oftentimes did not see litigation. A lot of the notification laws do not have private rights of action, and the plaintiff's firms did not see an opportunity to bring a lot of litigation in this area. That has completely changed. If you look at the per-year numbers going back to 2022, it's basically doubling several years in a row. We're seeing increases of several hundred cases from last year to this year. As a result, many more of our clients are having to spend a lot more of their time, energy and money thinking about how to prevent and respond to these types of claims. 

Another area that's really blown up in recent years on the litigation front is litigation related to the use of website tracking technologies like cookies and pixels. Again, the plaintiff's firms have seen an opportunity relying on laws that have been around forever. They have repurposed those laws and have found ways to bring claims that are pretty likely to survive a motion to dismiss. As a result, it has been a very fruitful area for the plaintiff's bar, and we anticipate it will continue to be that way for a while.

Faccone 

Jason, Damon just mentioned the plaintiff's bar. Is that the root cause of this change? Are there other factors contributing to this increase in litigation? During your presentation, what issues really resonated with our attendees when you discussed them?

Gavejian 

I do think that the plaintiff's bar is having a big impact on the number of claims that are filed or threatened claims that are sent to clients, as far as an attorney demand letter. A big part of that from the plaintiff's bar is that they found a number of statutes that have statutory damages and may make it an easier sell for them to get a good settlement or to ultimately win the day at a trial or before a court. 

In addition to that, clients are really collecting a significant amount of data in today's day and age, and the technologies that they continue to implement at the organizational level are only going to increase that amount. In addition, all of us are becoming more and more conscious of the types of privacy concerns that we might have when data collection is occurring and the potential risk that may arise when anybody is collecting our data and not ultimately safeguarding it.

Faccone

Thanks, Jason. Damon, what would you say, given all of the changes, issues, how much more aware we are of data and how much more reliant we've become on data, what would you say are some of the key takeaways you can share not only with the folks listening to this podcast, but that you spoke about during your presentation?

Silver

There are two intertwined key takeaways. The first is that you really do need to take the steps necessary to get an understanding of what data you're collecting, who that data relates to, how you're using it, where you're storing it and how long you're keeping it. There are processes for doing that. They can be a bit onerous, but there is a process called data mapping and there are data security risk assessments. If you do those on a regular basis, you're going to have a much better sense of what your data risk profile looks like and what the areas that you need to focus on are. 

Related to that, once you have that information, you really need to think about how you're going to operationalize it. One of the key ways you'll likely want to operationalize it is through the concept of data minimization. You're going to take a look at whether there are repositories of data that have data that no one is interacting with. It's not serving any value to the organization, but nevertheless, it's sitting around waiting to potentially be breached or misused by someone at your organization. Based on that assessment, there may be steps you can take. You may be able to archive or purge that data. You may be able to create subfolders in your major data repositories so that you can put access controls on what certain categories of employees are able to access. None of those steps, I wouldn't say, are easy, but they're also not as complicated as many people suppose they may be, and they really do make a huge difference.

Faccone

Jason, how can Jackson Lewis help the organizations deal with the issues that Damon just mentioned?

Gavejian

Obviously, on the litigation front, we can serve as defense counsel, and we are serving as defense counsel for hundreds of our clients in this space. In addition to that, we can also help you take some proactive steps, whether that's on the compliance side or even identifying risks that we might see arise in the litigation  and how clients can ultimately address those to avoid any potential threats of a claim in the future.

Faccone 

Jason, Damon, thank you so much for being here in the studio with us this afternoon and enjoy the rest of the conference. 

OUTRO

Thank you for joining us on We get work®. Please tune into our next program where we will continue to tell you not only what’s legal, but what is effective. We get work® is available to stream and subscribe to on Apple Podcasts, Spotify and YouTube. For more information on today’s topic, our presenters and other Jackson Lewis resources, visit jacksonlewis.com.