Search form


Achieving a balance between an entity’s need for use or disclosure of personal or confidential information with an individual’s or entity’s privacy rights and interests in an era of big data and high-powered analytics.

Big Data and Analytics

The utilization of “big data” and analytics technologies in systems and devices is here to stay and affects virtually everyone. Influencing decisions about who to hire/fire, who to promote, who to assign for a particular task, what/when/how much to buy and where to advertise, big data and analytics technologies require amassing large quantities of data, including data from and between devices. Despite the many benefits that can result, privacy objections flowing from concerns about the data collected, maintained and processed in the course of the analysis present challenges that have yet to be fully articulated, developed and regulated. We help clients to identify these issues and address the potential legal risks while maximizing available developing technologies and their emerging applications.

Monitoring and Surveillance of Customers, Employees and Others

GPS, radio frequency identification (RFID), spyware, biometrics, and other technologies and devices have propelled us to a brave new world, where our ability to view, record, transmit and store information about individuals’ activities and communications has been dramatically enhanced. In this environment, we advise clients and represent them in litigation on matters such as:

  • Advice concerning the consumer protection, labor and other considerations affecting the ability to and legal risks associated with monitoring individuals’ information systems, telephone, internet and social media activity;
  • Compliance with the Wiretap Act, Electronic Communications Privacy Act and the Stored Communications Act;
  • Collection and use of medical information pertaining to patients, customers, employees and other individuals; and
  • Surveillance of individuals through devices and technologies including, but not limited to GPS, RFID and spyware.

HIPAA Privacy and Security Compliance for Providers, Plans and Business Associates

HIPAA reaches well beyond your doctor’s office or health plan; it can apply to a wide range of entities in the health care industry, including businesses that service those entities such as software vendors, cloud service and data storage companies, medical device manufacturers, benefits brokers, law firms, accounting firms and others. We work with covered entities and business associates to achieve compliance, in areas such as:

  • Writing policies and procedures to safeguard protected health information (PHI);
  • Handling breaches of unsecured protected health information;
  • Responding to complaints filed with the Department of Health and Human Services’ Office for Civil Rights;
  • Training;
  • Using and disclosing PHI in administrative and judicial proceedings; and
  • Negotiating and drafting business associate agreements and data security agreements.

For more information about the HIPAA privacy and security rules and their application to wellness programs, please go to our practice page for Wellness Programs.

International/Cross Border Data Privacy Compliance

The patchwork of data privacy and security laws becomes even more complex when viewed globally as countries and groups of countries have adopted their own standards, principles and directives. We work in coordination with our International Employment Issues Practice Group and L&E Global affiliates to help clients address such challenges, including U.S./EU Safe Harbor compliance and cloud computing.

Records Access Management

Records pertaining to employees, patients, customers and others can be subject to a web of federal and state law requirements concerning access and retention requirements. We help companies navigate these requirements and develop strategies for efficient management of such records, including establishing protocols for appropriate access to and use of those records.

Leave of Absence Management

As companies struggle with the complex web of federal, state, and local leave and related laws, we work with the firm’s Disability, Leave and Health Management Practice Group to help clients deal with the highly sensitive personal data that is regularly at the heart of their decision making. This includes complying with confidentiality requirements under the ADA, FMLA and GINA, and ensuring the company’s third-party vendors are appropriately accessing, disclosing and safeguarding such information.

Background Checks, Workplace Searches and Investigations

We work with our Background Checks and Corporate Governance and Internal Investigations attorneys to help employers conduct background checks, searches and investigations appropriately to avoid violations under the Electronic Communications Privacy Act and the Stored Communications Act, as well as other attorney client privilege and employee privacy expectations and/or rights.

Strategies for Exchanges of Data in Mergers and Acquisitions

We advise clients on handling confidential and personal information in transactions and assist in negotiating and drafting data security agreements that apply over the course of the transaction.

See AllPublications

January 24, 2018

2018: The Year Ahead for Employers

January 24, 2018

An executive summary of recent changes in workplace law and a look ahead to 2018. Read More

See AllIn the News

Showing 1-3 of 8
Most Read
July 9, 2019
Jackson Lewis

Jackson Lewis and Merchants Information Solutions Launch New Data Security and Compliance Tool JLSecure™

July 9, 2019

Joseph Lazzarotti comments on the launch of  JLSecure™, a cutting-edge data security and compliance tool created by Merchants Information Solutions, Inc. and Jackson Lewis in "Merchants Information Solutions Extends Alliance with Jackson Lewis to Bring JLSecure™ Data Security Compliance Portal to SmartIDentity for Business... Read More

March 21, 2019
The Daily Swig

Joseph Lazzarotti Discusses New Jersey's Possible Expansion of its Data Breach Notification Law

March 21, 2019

Joseph Lazzarotti discusses the proposed changes to New Jersey's data breach notification laws in order to fall more in line with the current realities of our information economy in "New Jersey to expand data breach notification law," published by The Daily Swig. Subscription may be required to view article Read More

March 14, 2019

Joseph Lazzarotti Discusses Implications of the Amendment to New Jersey's Data Breach Notification Law

March 14, 2019

Joseph Lazzarotti discusses the implications of New Jersey's data breach notification requirements, including requiring businesses to notify consumers of online account security breaches in "New Jersey: Data breach amendment bill addresses 'a very real problem,'" published by DataGuidance. Subscription may be... Read More

Showing 1-3 of 8

See All Videos

Mar 5

Watch Now

State Data Breach Laws

Sarah Ryan and Daniel Moses discuss the various state laws governing data breach notification, the recent developments of GDPR and the California Consumer Privacy Act.

Watch Now

Nov 13

Watch Now

Privacy Issues and Data Breaches

Adam Guttell and Jeffrey Schlossberg discuss privacy issues and how employers can prevent data breaches.

Watch Now