Search form


Reviewing and developing enterprise-wide strategies for safeguarding data and maintaining compliance, including data breach response.

Cybersecurity Assessments

Businesses, in particular those in heavily regulated industries such as health care, banking/finance and insurance, have an increasing need to understand and address their cybersecurity risk. Our group works with key stakeholders across the organization to identify legal, contractual, ethical and other compliance requirements, risks and vulnerabilities concerning confidential company data and personal information of customers and employees through cybersecurity assessments and analyses of company privacy and data security practices.

Written Information Security Program Development

A web of federal and state laws require businesses to develop written policies and procedures that provide administrative, physical, technological and organizational safeguards to protect personal information—known as a “written information security program” or “WISP.” Our attorneys guide clients through the process of developing comprehensive WISPs, a process which starts with designing an appropriate risk assessment program to identify areas of vulnerability, considering cost, sensitivity of data and complexity of information systems.

BYOD and Device Management – Policy Development and Implementation

Whether companies issue company-owned devices or have moved to a “Bring Your Own Device” structure, managing communications and data on personal devices, and the devices themselves, is a critical enterprise-wide risk. We work with clients to design appropriate device management strategies including BYOD eligibility, access management protocols, data security safeguards, device-wipe policies, employee stipend and reimbursement programs, data breach protocols and related issues.

Cybersecurity, Ransomware Breach Preparedness, Response and Litigation

We assist companies with implementing protocols to avoid a data breach, including preparing appropriate data breach response plans. Should a breach occur, our attorneys immediately step in to guide our clients through investigating the incident and determining whether a reportable breach occurred; notifying affected individuals and agencies; responding to agency inquiries; defending litigation brought by affected persons and others concerning the breach; managing vendors involved in the breach; and reassessing the company’s policies and procedures to avoid similar breaches in the future.

Cybersecurity Awareness and Training Programs for Executives and Employees

The training we provide ranges from high-level presentations for executives, management, Chief Information Officers, Chief Information Security Officers, Chief Privacy Officers, Chief Compliance Officers and others concerning the emerging data privacy and security landscape to practical discussions with front-line employees covering the nuts and bolts of the company’s particular policies and procedures.

Vendor Management and Data Security Agreement Drafting and Negotiation

Frequently, the most critical data security vulnerability for a company is not the company itself, but the vendors that service that company. We help clients identify these vendors and then work with the client to address the vulnerability, including negotiating and drafting appropriate agreements. Many of our clients are often vendors themselves and we assist them with the data privacy and security demands of their clients.

Government Contractor Compliance

Government contractors generally are subject to the same data privacy and security standards as the government agencies with which they contract. We counsel these contractors regarding compliance with all applicable privacy and data security mandates, including the Federal Information Security Management Act of 2002, the Privacy Act of 1974, agency mandates and state law.

Strategy Development for Going Paperless and Cloud Computing

Businesses are increasingly embracing technology to manage their documents, files and data, with the ultimate goal of eliminating paper. The advent of “cloud computing” and similar technologies has accelerated this progression by allowing companies to move in this direction often at significantly less cost. We regularly advise clients concerning these new technologies including identifying applicable risks, developing policies and procedures and vendor management.

See AllPublications

September 24, 2018

Supreme Court Preview: 2018-2019 Term

September 24, 2018

The U.S. Supreme Court will begin its 2018-2019 Term with a docket full of cases significant to employers and businesses. Cases to watch involve questions on employment discrimination and class arbitration, among other things. Age Discrimination in Employment Act On the first day of the term, October 1, 2018, the Court will hear... Read More

See AllIn the News

Showing 1-3 of 7
Most Read
March 21, 2019
The Daily Swig

Joseph Lazzarotti Discusses New Jersey's Possible Expansion of its Data Breach Notification Law

March 21, 2019

Joseph Lazzarotti discusses the proposed changes to New Jersey's data breach notification laws in order to fall more in line with the current realities of our information economy in "New Jersey to expand data breach notification law," published by The Daily Swig. Subscription may be required to view article Read More

March 14, 2019

Joseph Lazzarotti Discusses Implications of the Amendment to New Jersey's Data Breach Notification Law

March 14, 2019

Joseph Lazzarotti discusses the implications of New Jersey's data breach notification requirements, including requiring businesses to notify consumers of online account security breaches in "New Jersey: Data breach amendment bill addresses 'a very real problem,'" published by DataGuidance. Subscription may be... Read More

February 5, 2019
PEO Insider

Joseph Lazzarotti Authors "Employee Benefits Plans, Cybersecurity, and PEOS"

February 5, 2019

Joseph Lazzarotti authors "Employee Benefits Plans, Cybersecurity, and PEOS" published by PEO Insider. Subscription may be required to view article Read More

Showing 1-3 of 7

See All Videos

Mar 5

Watch Now

State Data Breach Laws

Sarah Ryan and Daniel Moses discuss the various state laws governing data breach notification, the recent developments of GDPR and the California Consumer Privacy Act.

Watch Now

Nov 13

Watch Now

Privacy Issues and Data Breaches

Adam Guttell and Jeffrey Schlossberg discuss privacy issues and how employers can prevent data breaches.

Watch Now