Search form

Joseph J. Lazzarotti

Principal
Morristown

P 973-451-6363
F 973-540-9015
Joseph.Lazzarotti@jacksonlewis.com

Biography

Joseph J. Lazzarotti is a Principal in the Morristown, New Jersey, office of Jackson Lewis P.C. He founded and currently helps to co-lead the firm's Privacy, e-Communication and Data Security Practice, edits the firm’s Privacy Blog, and is a Certified Information Privacy Professional (CIPP) with the International Association of Privacy Professionals.

In short, his practice focuses on the matrix of laws governing the privacy, security and management of data, as well as the impact and regulation of social media. He also counsels companies on compliance, fiduciary, taxation, and administrative matters with respect to health and welfare plans, and is a member of the firm's Health Care Reform Team.

Mr. Lazzarotti speaks and writes regularly on current employee benefits and data privacy and security topics and his work has been published in leading employment and business journals such as Bender's Labor and Employment Bulletin, the Australian Privacy Law Bulletin and the Privacy and Data Security Law Journal. He has discussed his views on these issues in a number of media outlets, including Inside Counsel, The National Law Journal, Financial Times, Business Insurance Magazine, HR Magazine and NPR.

Mr. Lazzarotti served as a judicial law clerk for the Honorable Laura Denvir Stith on the Missouri Court of Appeals.

Honors and Recognitions

The Legal 500 - The Clients Guide to Law Firms

Privacy, Social Media and Information Management Experience

As a part of Mr. Lazzarotti's work in the area of privacy, social media and information management, he counsels multinational, national and regional companies in all industries on the broad array of mandates, best practices and preventive safeguards. For example, he advises health care providers and group health plan sponsors concerning HIPAA/HITECH compliance, as well as retail, health care, entertainment and other companies in developing social media strategies and policies. His work includes developing written information security programs (WISPs), conducting on-site executive and employee trainings and helping clients through the process of responding to breaches of personal information. He has also represented companies with respect to inquiries concerning privacy and security from the HHS Office of Civil Rights and other agencies and negotiates numerous business associate agreements and other data privacy and security agreements.

Benefits Counseling Experience

Mr. Lazzarotti's work in the benefits counseling area covers many areas of employee benefits law. For example, as part of the Firm's Health Care Reform Team, he advises employers and plan sponsors regarding the establishment, administration and operation of fully insured and self-funded health and welfare plans, which includes counseling concerning the new reform law, as well as assisting in the set up of administrative and other arrangements with third-party administrators, claims administrators and other vendors. He also provides counsel with respect to the design, implementation and operation of severance and fringe benefit plans. His work often involves day-to-day legal advice concerning employee benefit plan operation and administration and trouble-shooting with respect to errors in operation.

Professional Associations and Activities

  • American Bar Association
  • International Association of Privacy Professionals, CIPP
  • National Association of Professional Employer Organizations (NAPEO): Cybersecurity Taskforce, Chair

Published Works

  • Inside The Minds – Complying With Health Care Privacy Laws (NA: Aspatore Books, 2008) [Contributing Author]
  • "A Survey of the Same-sex Marriage Landscape for New Jersey Employers Following United States v. Windsor and Garden State Equality v. Dow," NJ Labor & Employment Law Quarterly Vol. 35, No. 2 (February 2014) [Co-Author]
  • "Joseph J. Lazzarotti on State Data Privacy and Security Laws," Available in LexisNexis, Emerging Issues (February 8, 2008) [Interview Exclusive]
  • "“EFCA” Employee Free Choice Act," Bender’s Labor & Employment Bulletin 8.12 (2008) [Co-Author]
  • "The Emergence of State Data Privacy and Security Laws Affecting Employers," Hofstra Labor & Employment Law Journal 25.2 (Spring 2008) [Author]
  • "California Expands Data Breach Notification Requirements to Include Medical and Health Insurance Information," Privacy & Data Security Law Journal 75 (January 2008) [Author]
  • "Massachusetts Identity Theft Law Creates Data Breach Notification, Protection, and Destruction Requirements," Privacy & Data Security Law Journal 69 (January 2008) [Author]
  • "Oregon and Washington Employers Face Enhanced Data Privacy and Security Obligations," Privacy & Data Security Law Journal 63 (January 2008) [Co-Author]
  • "The US approach to notifying individuals of a breach of their personal information," Privacy Law Bulletin 4.6 (November/December 2007) [Author]
  • "HIPAA Enforcement: Farce or Reality?" Privacy & Data Security Law Journal 2.8 (July 2007) [Author]
  • "Recent Developments in State Privacy and Data Security: Assessing New Business Risks," Professional Liability Underwriting Society Journal 20.4 (April 2007) [Author]
  • "Recent Developments in State Privacy and Data Security Laws Increase Business Risks," Hudson Valley Business Journal (March 19, 2007) [Author]
  • "Starting the year off right," Hudson Valley Business Journal (January 22, 2007) [Co-Author]
  • "Recent Developments in Privacy for the Healthcare Employer," MyZiva's Nursing Home Business 2 (January/February 2007) [Author]
  • "Voluntary Individual Benefit Programs: Meeting the Demands of a Varied Workforce at Minimal Cost," Bender's Labor & Employment Bulletin 572.6 (December 2006) [Co-Author]
  • "Responding to an Unauthorized Breach of Your Company's Electronic Personal Information: A Discussion of State Breach Notification Laws and Preventive Strategies," Privacy & Data Security Law Journal 1.12 (November 2006) [Author]
  • "Wellness programs can benefit the bottom line," Hudson Valley Business Journal 17.17 (September 4, 2006) [Author]
  • "An Introduction to Wellness Programs: The Legal Implications of “Bona Fide Wellness Programs,"" Bender’s Labor & Employment Bulletin 6.6 (June 2006) [Author]
  • "What Are A Small Employer's Obligations Under The HIPAA Security Rules?" Bender’s Labor & Employment Bulletin 6.4 (April 2006) [Author]
  • "What Are A Small Employer's Obligations Under The HIPAA Security Rules?" Privacy & Data Security Law Journal 1.6 (May 2006) [Author]
  • "ERISA Basics - What Is a Summary Plan Description," Bender's Labor & Employment Bulletin 5 (October 2005) [Author]
  • "A Review of the Key changes in the Final HIPAA Portability Regulations," Bender's Labor & Employment Bulletin 5.3 (March 2005) [Author]
  • "Department of Labor Issues Final COBRA Notice Regulations," Bender's Labor & Employment Bulletin 4.9 (September 2004) [Co-Author]
  • "What Are a Small Employer's Obligations under the HIPAA Privacy Rules?" Bender's Labor & Employment Bulletin 4.3 (March 2004) [Author]
  • "Small Business and HIPAA Privacy Rules," Westchester County Business Journal (February 9, 2004) [Author]
  • "Public Use or Public Abuse," 68 UMKC Law Review 49 68.49 (January 2000) [Author]

Speeches and Presentations

  • "How to Comply with GDPR Requirements: What Every U.S. Company Needs to Know,” EVERFI Webinar (May 2018)
  • "An Interactive Simulation for the HR Professional," Employment Law Seminar - Salt Lake SHRM (Salt Lake City, UT, April 2018)          
  • "Cybersecurity Risks, Obligations and Opportunities," Retirement Industry Trust Association (Washington, DC, March 2018)                      
  • "Data Breach Simulation," Jackson Lewis 2018 Corporate Counsel Conference (Miami, FL, March 2018)
  • "2018 Employment and Americans with Disabilities Act Update Seminar," Sullivan Benefits Seminar (Tampa, FL, February 2018)
  • "Atlanta Annual Surveying the Workplace Law Landscape," Jackson Lewis P.C. (Atlanta, GA, December 2017)
  • "Cybersecurity for In-House Counsel," Association of Corporate Counsel (Philadelphia, PA, December 2017)
  • "Cyber Security Event," American Society of Pension Professionals & Actuaries (Cleveland, OH, November 2017)
  • "2017 Affordable Care Act and Americans with Disabilities Act Update Seminar," Sullivan Benefits Seminar (Orlando, FL, October 2017)
  • "Cybersecurity: An Introduction," Pace University Law School (White Plains, NY, October 2017)
  • "Cybersecurity and Benefit Plans: What Service Providers and Employers Need to Know," American Society of Pension Professionals & Actuaries (Webinar, September 2017)
  • "Affordable Care Act and Americans with Disabilities Act Update Seminar," Sullivan Benefits Seminar (Tampa, FL, February 2018)
  • "Are You Prepared: Data Breach Readiness," Merchants Information Solutions (Webinar, September 2017)
  • "Cybersecurity Readiness – Data Breach Simulation," NAPEO's 2017 Annual Conference & Marketplace (Orlando, FL, September 2017)
  • "Cybersecurity Overview Session at NAPEO CFO/COO Conference," NAPEO Conference (Minneapolis, MN, July 2017)
  • "Affordable Care Act and Americans with Disabilities Act Update," Sullivan Benefits Seminar (Miami, FL, June 2017)
  • "Balancing Employee Privacy and Sound Company Management," PLI’s Eighteenth Annual Institute on Privacy and Data Security Law (Chicago, IL, June 2017)
  • "NetDiligence Cyber Risk & Privacy Forum East Coast 2017," HB Litigation Conferences LLC (Philadelphia, PA, June 2017)
  • "HIPAA Basics," American Association of Women Dentists 57th Street Study Club (New York, NY, May 2017)
  • "The Virtual Workplace," PLI’s TechLaw Institute 2017 (New York, NY, March 2017)
  • "The Virtual Workplace," Third Annual Employment Law Institute CLE Program (New York, NY, March 2017)
  • "Cyber Security & Your PEO in 2017," NAPEO Conference (Tampa, FL, February 2017)
  • "Cybersecurity: What ERISA Service Providers & Plan Sponsors Need to Know," American Society of Pension Professionals & Actuaries (Portland, OR, February 2017)
  • "Cybersecurity: What ERISA Service Providers & Plan Sponsors Need to Know," American Society of Pension Professionals & Actuaries (Seattle, WA, February 2017)
  • "Break the Silos: How Employment Law, Privacy, and the ACA Impact Immigration Decision-making," American Immigration Lawyers Association, Midwinter CLE Conference (St. Maarten, January 2017)
  • "ACA Take a Deep Breath and Re-evaluate," Compeat Users’ Conference (Austin, TX, October 2016)
  • "Data Privacy and Social Media in Your Restaurant Operations," Compeat Users’ Conference (Austin, TX, October 2016)
  • "Employment and Workplace Privacy," Cyber Security & Privacy Conference, New Jersey State Bar Association (Somerset, NJ, September 2016)
  • "Data Breach Response Strategies," NAPEO Annual Conference (Austin, TX, September 2016)
  • "ACA Update," Sullivan Benefits Seminar (Tampa, FL, August 2016)
  • "Social Media and Employment Law," Sullivan Benefits Seminar (Tampa, FL, August 2016)
  • "Privacy and Security Developments in the Workplace," PLI’s Seventeenth Annual Institute on Privacy and Data Security Law (Chicago, IL, July 2016)
  • "ACA Update," Sullivan Benefits Seminar (Orlando, FL, May 2016)
  • "Social Media and Employment Law," Sullivan Benefits Seminar (Orlando, FL, May 2016)
  • "Data Privacy/Security & Social Media in the Workplace," New Jersey Association of Corporate Counsel (NJACC) (May 2016)
  • "ACA Update," Sullivan Benefits Seminar (Naples, FL, April 2016)
  • "Social Media and Employment Law," Sullivan Benefits Seminar (Naples, FL, April 2016)
  • "ACA Updates and ERISA Basics," HR Innovation Conference, CheckPoint HR (New York, NY, April 2016)
  • "Employee Monitoring and Surveillance," Jackson Lewis Symposium (Philadelphia, PA, March 2016)
  • "Wellness Programs: EEOC and ADA and Related Issues," America’s Health Insurance Plan’s Human Resource Council Meeting (Washington, DC, March 2016)
  • “The $36,000 Question: An In-Depth Review of the ACA’s $100 a Day Penalty,” United Benefits Advisors Webinar (November 2015)
  • “Wellness Programs–A Business Imperative,” Association of Corporate Counsel, New Jersey’s Annual CLE Conference, (Whippany, NJ, September 2015) (Co-Presenter)
  • “ACA Employer Reporting Requirements and Same-Sex Marriage Developments,” Sullivan Benefits (Tampa, FL, September 2015)
  • “Impact of the Obergerfell Same-Sex Marriage Decision on Benefit Plans,” United Benefits Advisors Webinar (August 2015)
  • “Privacy and Security Developments in the Workplace,” Sixteenth Annual Institute on Privacy and Data Security Law, Practicing Law Institute (PLI) (Chicago, IL, July 2015) (Co-Presenter)
  • “Data Breaches and Preparation,” National Association of Security Companies (NASCO) Annual Conference (Washington, DC, June 2015)
  • “ACA Reporting Requirements,” Sullivan Benefits (Ft. Lauderdale, FL, May 2015)
  • “HIPAA Privacy Compliance and Developing Effective Training Program,” Assisted Living Federation of America (ALFA) Annual Conference (Tampa, FL, May 2015)
  • “ACA Reporting Requirements,” Sullivan Benefits (Ft. Myers, FL, April 2015)
  • “Data Security and Breach,” Jackson Lewis (Philadelphia, PA, March 2015)
  • “Privacy 101: Data Security and Social Media Traps for the Unwary,” Jackson Lewis (Morristown, NJ, March 2015) (Co-Presenter)
  • “Data Security and Breach,” Jackson Lewis (San Juan, PR, March 2015)
  • “ACA Reporting Requirements,” United Benefits Advisors Webinar (March 2015)
  • “ACA Reporting Requirements,” Sullivan Benefits (Orlando, FL, February 2015)
  • “Legal Requirements of Voluntary Insurance Programs,” United Benefits Advisors Webinar (February 2015)
  • "Ebola Preparedness," Association of Corporate Counsel Washington D.C. Chapter, Webinar (November 2014) (Co-Presenter)
  • "Wellness Program Compliance," United Benefits Advisors Webinar (October 2014)
  • “Data Breach Response Workshop,” IAPP KnowledgeNet (Morristown, NJ, September 2014) (Co-Presenter)
  • "HIPAA Compliance Update for Providers," Connecticut Assisted Living Association (Wallingford, CT, September 2014)
  • "Managing Remote Workforce - Employment and Data Security Issues," Association of Corporate Counsel, Miami, FL Chapter (September 2014) (Co-Presenter)
  • "Data Privacy, Data Breaches and Monitoring," Stafford Webinar (August 2014) (Co-Presenter)
  • "Data Breach Law Update," Executive Roundtable, PA Association of Mutual Insurance Companies (Leola, PA, June 2014)
  • Global Data Privacy Roundtable, Global Counsel Congress (New York, NY, June 2014)
  • "Yes, You Need To Safeguard Personal and Company Data…A Survey of the Laws Applying to Customer and Employee and Data Breach Survival Plan," Jackson Lewis Information and Data Security Symposium (Detroit, MI, April 2014) (Keynote Speaker)
  • "#Employers: Social Media in the Workplace," Jackson Lewis San Juan 1st Annual Labor and Employment Conference, Surveying the Workplace Law Landscape (San Juan, PR, March 2014) (Co-Presenter)
  • “Data Privacy and Security: Considerations and Best Practices Including BYOD Issues," Jackson Lewis 3rd Annual Raleigh-Durham Symposium (Raleigh, NC , February 2014) (Co-Presenter)
  • Data Privacy Roundtable, People’s United Bank (Westchester, NY, June 2013)
  • Keynote Address: "Compliance Risks Health Care Reform and Data Privacy," Jackson Lewis White Plains Symposium, (Westchester, NY, June 2013) (Co-Presenter)
  • "Big Data: Data Privacy and Security, Risks," Jackson Lewis Hartford Symposium (Hartford, CT, June 2013)
  • "HIPAA Privacy and Security Update," Interagency Council of Developmental Disabilities Agencies, Inc. Graduate Center, CUNY (New York, NY, May 2013)
  • "What The Affordable Care Act Means For Your Business," Connecticut Business and Industry Association (Southington, CT, May 2013)
  • "Health Care Reform: Key Provisions Affecting Employees," NYS Community Action Association (Mahwah, NJ, May 2013)
  • "Human Resources Boot Camp for New Jersey Employers," Health Care Reform and Data Privacy Segments, Pro Bono Partnership, Seton Hall Law School (Newark, NJ, May 2013)
  • "HIPAA Privacy and Security Update," United Benefits Advisors Webinar (May 2013)
  • "The eWorkplace: Privacy and Information Security Policy," 2013 Labor and Employment Conference (Dallas, TX, May 2013)
  • "Health Care Reform Update," Memphis, TN SHRM Chapter (Memphis, TN, March 2013)
  • "Health Care Reform Update," Somerset, NJ SHRM Chapter (Somerset, NJ, January 2013)
  • "Data Security and Social Networking," NJ Institute for Continuing Legal Education (New Brunswick, NJ, December 2012)
  • "Protecting Company and Personal Data: Spotting Issues and Removing Silos ... HR and Beyond," Jackson Lewis Employment Law Workshop (Las Vegas, NV, November 2012)
  • "Affordable Care Act Update," Tarpey Group (Montclair, NJ, November 2012)
  • "Uses of Social Media Risks and Reward for CPA Firms," CNA Webinar (September 2012) (Co-Presenter)

See AllJoseph J. Lazzarotti in the News

Showing 1-3 of 38
Newest
Most Read
December 7, 2018
AARP

Joseph Lazzarotti Comments on W-2 Form Phishing Schemes Targeting Businesses and Employees

December 7, 2018

Joseph Lazzarotti comments on phishing email schemes in which crooks pose as company owners or executives in an attempt to steal valuable tax and personnel information in "Scammers Are Phishing for Your W-2 Form," published by AARP. Subscription may be required to view article Read More

November 21, 2018
The Washington Post

Joseph Lazzarotti Discusses Implications of Data Breaches Exposing Employee Information

November 21, 2018

Joseph Lazzarotti discusses how companies should respond to data breaches exposing personal employee information in "You’ve come to expect your data is at risk when you shop. Don’t forget about when you’re at work." published by the Washington Post. Subscription may be required to view article Read More

October 30, 2018
ABA Journal

Joseph Lazzarotti Discusses the Vulnerability of Devices to Data Security Breaches

October 30, 2018

Joseph Lazzarotti discusses data security risks created by easily accessible software and office devices in "Any piece of technology that stores information could be compromised—even obsolete devices that get thrown out with the garbage," published by ABA Journal.  Subscription may be required to view article Read More

Showing 1-3 of 38

See AllPublications

Advanced Filtering
Showing 1-3 of 18
Newest
Most Read
July 9, 2018

Brett Kavanaugh Nominated to U.S. Supreme Court

July 9, 2018

In the wake of Justice Anthony Kennedy’s retirement, President Donald Trump was presented with the rare opportunity to make his second U.S. Supreme Court nomination in as many years, nominating the Honorable Brett M. Kavanaugh to succeed Justice Kennedy. If confirmed by the Senate, Judge Kavanaugh would bring more than a dozen years of... Read More

April 9, 2018

State Data Breach Notification Laws: Overview of the Patchwork

April 9, 2018

The nation’s patchwork of state data breach notification laws is now complete. All 50 states, as well as the District of Columbia, Puerto Rico, Guam, and the Virgin Islands, have enacted breach notification laws requiring private organizations or government entities to notify individuals of a security breach involving their personally... Read More

February 27, 2018

Is Employee Consent under EU Data Protection Regulation Possible?

February 27, 2018

U.S. organizations that control or process the personal data of European Union residents likely are subject to the EU’s new data protection requirements, the General Data Protection Regulation (GDPR). The GDPR takes effect on May 25, 2018. The GDPR, which supersedes the 1995 EU Data Protection Directive, imposes harsh penalties for... Read More

Showing 1-3 of 18

See All Webinars

Archived

Watch Now

Is Your Company Prepared To Comply With The NYS Dep’t of Financial Services Cyber Regulations? First Compliance Deadline Is August 28

August 24, 2017 - 2:00 PM to 3:00 PM EST

Credits: Continuing education credit was offered for the live broadcast of this seminar.
You cannot earn credit for watching the archived webinar.

Watch Now

Archived

Watch Now

Cybersecurity Risk Management for Law Firms Webinar Series

April 19, 2017 - 1:00 PM to 2:00 PM EST

Credits: Continuing education credit was offered for the live broadcast of this seminar.
You cannot earn credit for watching the archived webinar.

Watch Now

Archived

Watch Now

Cybersecurity Risk Management for Law Firms - Webinar Series

April 5, 2017 - 1:00 PM to 2:00 PM EST

Credits: Continuing education credit was offered for the live broadcast of this seminar.
You cannot earn credit for watching the archived webinar.

Watch Now

See AllBlog Posts by Joseph J. Lazzarotti

ONC and OCR Update HIPAA Security Risk Assessment Tool for National Cyber Security Awareness Month
October 30, 2018

October 2018 marks the 15th annual National Cyber Security Awareness Month. Read More

California Consumer Privacy Act Amendment Signed Into Law
September 25, 2018

On September 23, 2018, Governor Jerry Brown signed into law SB-1121 amending certain provisions of the California Consumer Privacy Act of 2018 (CCPA) which was enacted in June of this year. Read More

Hurricane Florence – Another Reminder to Develop a Disaster Recovery Plan
September 13, 2018

As with prior hurricanes, Florence is a reminder to all organizations of the importance of disaster recovery planning. When a storm approaches, a business’s first concern is protecting its employees/customers, and then its physical property. Read More