Search form

Privacy, e-Communication and Data Security

Accessing, maintaining, safeguarding and exchanging personal, consumer and business information fosters both unlimited possibilities and new risks and vulnerabilities for organizations across the globe.


Jackson Lewis’ interdisciplinary Privacy, e-Communication and Data Security Group, comprised of experienced attorneys many of whom are “Certified Information Privacy Professionals” (CIPP) by the International Association of Privacy Professionals, stays on the edge of legal developments affecting our clients’ workplace, business and marketing risks—and opportunities—in the digital age.

We fully appreciate the value and sensitivity of data and we take a holistic, value-add approach in advising clients, regularly coordinating with other subject matter experts, such as information technology vendors, to provide practical advice and preventive strategies that address the range of potential issues relating to privacy, e-communication and data security.

The group has three primary areas of focus. For each, we provide clients with preventive strategies and compliance advice, including policy development and training, and represent them in related administrative enforcement actions and litigation, including class actions.

24/7 Data Incident Response Team

Has an electronic device (laptop, smartphone, thumb drive, etc.) been lost or stolen? Are you locked out of your data because of ransomware? Have company records or data been improperly accessed? Has an employee been a victim of a phishing attack requesting tax records? Are your businesses’ electronic systems corrupted or under attack? Has something like this happened to one of your third-party service providers? Are you uncertain what to do now to respond to a potential data breach?

Our team has experienced, data breach response attorneys available to assist organizations that have encountered a data incident, ransomware attack, or potential data breach.

We are available 24/7 at 844-544-5296 or
Read More

Data Security

Reviewing and developing enterprise-wide strategies for safeguarding data and maintaining compliance, including data breach response.

  • Cybersecurity Assessments
  • Written Information Security Program Development
  • BYOD and Device Management
  • Cybersecurity, Ransomware Breach Preparedness, Response and Litigation
  • Cybersecurity Awareness and Training Programs for Executives and Employees
  • Vendor Management and Data Security Agreement Drafting and Negotiation
  • Government Contractor Compliance
  • Strategy Development for Going Paperless and Cloud Computing
  • Read More


Maximizing the effectiveness and efficiencies of electronic communications (e.g., social media, BYOD, telemarketing) while avoiding legal, contractual and ethical pitfalls.

  • Social Media and Other Online Communications
  • e-Communication Policy and Procedure Development
  • e-Application and Onboarding Program Design and Implementation
  • Telephone Consumer Protection Act Compliance and Litigation
  • Children’s Online Privacy Protection Act Compliance
  • SEC and FINRA e-Communication Monitoring and Recordkeeping Compliance
  • Read More


Achieving a balance between an entity’s need for use or disclosure of personal or confidential information with an individual’s or entity’s privacy rights and interests in an era of big data and high-powered analytics.

  • Big Data and Analytics
  • Monitoring and Surveillance of Customers, Employees and Others
  • HIPAA Privacy and Security Compliance for Providers, Plans and Business Associates
  • International/Cross Border Data Privacy Compliance
  • Records Access Management
  • Leave of Absence Management
  • Background Checks, Workplace Searches and Investigations
  • Strategies for Exchanges of Data in Mergers and Acquisitions
  • Read More

The Team

See All
Showing 1-8 of 22
Advanced Filtering
All A-Z
See All
Showing 1-8 of 22

See All Webinars


Watch Now

Is Your Company Prepared To Comply With The NYS Dep’t of Financial Services Cyber Regulations? First Compliance Deadline Is August 28

August 24, 2017 - 2:00 PM to 3:00 PM EST

Credits: Continuing education credit was offered for the live broadcast of this seminar.
You cannot earn credit for watching the archived webinar.

Watch Now


Watch Now

Cybersecurity Risk Management for Law Firms Webinar Series

April 19, 2017 - 1:00 PM to 2:00 PM EST

Credits: Continuing education credit was offered for the live broadcast of this seminar.
You cannot earn credit for watching the archived webinar.

Watch Now


Watch Now

Cybersecurity Risk Management for Law Firms - Webinar Series

April 5, 2017 - 1:00 PM to 2:00 PM EST

Credits: Continuing education credit was offered for the live broadcast of this seminar.
You cannot earn credit for watching the archived webinar.

Watch Now

See AllPublications

Advanced Filtering
Showing 1-3 of 39
Most Read
April 9, 2018

State Data Breach Notification Laws: Overview of the Patchwork

April 9, 2018

The nation’s patchwork of state data breach notification laws is now complete. All 50 states, as well as the District of Columbia, Puerto Rico, Guam, and the Virgin Islands, have enacted breach notification laws requiring private organizations or government entities to notify individuals of a security breach involving their personally... Read More

March 26, 2018

Federal Communications Commission Order on Telephone Calls Went Too Far, D.C. Circuit Court Rules

March 26, 2018

The U.S. Court of Appeals for the District of Columbia has issued a highly anticipated ruling reviewing the Federal Communications Commission’s July 2015 Declaratory Ruling and Order interpreting the Telephone Consumer Protection Act (TCPA). ACA Int’l, et al. v. FCC, et al., No. 15-1211 (D.C. Cir. Mar. 16, 2018). The TCPA generally... Read More

February 27, 2018

Is Employee Consent under EU Data Protection Regulation Possible?

February 27, 2018

U.S. organizations that control or process the personal data of European Union residents likely are subject to the EU’s new data protection requirements, the General Data Protection Regulation (GDPR). The GDPR takes effect on May 25, 2018. The GDPR, which supersedes the 1995 EU Data Protection Directive, imposes harsh penalties for... Read More

Showing 1-3 of 39

See AllIn the News

Showing 1-3 of 49
Most Read
May 2, 2018
Bloomberg BNA Big Law Business

Joseph Lazzarotti Discusses the ‘Golden State Killer’ Case and Genetic Testing Companies’ Privacy Policies

May 2, 2018

Joseph Lazzarotti discusses privacy rights to genetic material turned over to third parties in "‘Golden State Killer’ Case Exposes Genetic Data Privacy Concerns," published by Bloomberg BNA Big Law Business. Subscription may be required to view article Read More

April 25, 2018

Daniel Moses Authors "Oregon Enacts Tougher Data Breach Notification Law"

April 25, 2018

Daniel Moses authors "Oregon Enacts Tougher Data Breach Notification Law," published by SHRM. Subscription may be required to view article Read More

April 23, 2018
Human Resource Executive

Joseph Lazzarotti Comments on Rising Trends in Scammers Targeting Job Applicants on Employment Websites

April 23, 2018

Joseph Lazzarotti comments on how companies can be proactive about rooting out scam artists using their brand in fake job postings in "Screening Out Scammers," published by Human Resource Executive. Subscription may be required to view article Read More

Showing 1-3 of 49

See AllBlogs

Louisiana Updates its Data Breach Notification Law
June 18, 2018

And now it’s Louisiana’s turn! Read More

Survey Finds Healthcare Workers Understand Security Measures But Still Share Sensitive Information Through Non-Secure Email
June 13, 2018

According to reports on a recent survey, the vast majority of healthcare workers share sensitive medical information using non-secure email. The survey, conducted by Kickstand Communications, reportedly found that 87% of healthcare workers surveyed admitted to this practice. Read More

By Michael Bertoncini

The Supreme Court Will Rule on Data Breach Class Arbitration Suit
June 6, 2018

The U.S. Supreme Court recently granted a petition for review of a data breach lawsuit addressing the issue of whether parties can pursue a class arbitration when the language in the arbitration agreement does not explicitly allow for such, Lamps Plus, Inc. v. Varela , No. 17-988, certiorari granted April 30, 2018. Read More