Skip to main content

Joseph J. Lazzarotti is a principal in the Tampa, Florida, office of Jackson Lewis P.C. He founded and currently co-leads the firm's Privacy, Data and Cybersecurity practice group, edits the firm’s Privacy Blog, and is a Certified Information Privacy Professional (CIPP) with the International Association of Privacy Professionals. Trained as an employee benefits lawyer, focused on compliance, Joe also is a member of the firm’s Employee Benefits practice group.

In short, his practice focuses on the matrix of laws governing the privacy, security, and management of data, as well as the impact and regulation of social media. He also counsels companies on compliance, fiduciary, taxation, and administrative matters with respect to employee benefit plans.

Privacy and cybersecurity experience - Joe counsels multinational, national and regional companies in all industries on the broad array of laws, regulations, best practices, and preventive safeguards. The following are examples of areas of focus in his practice:

  • Advising health care providers, business associates, and group health plan sponsors concerning HIPAA/HITECH compliance, including risk assessments, policies and procedures, incident response plan development, vendor assessment and management programs, and training.
  • Coached hundreds of companies through the investigation, remediation, notification, and overall response to data breaches of all kinds – PHI, PII, payment card, etc.
  • Helping organizations address questions about the application, implementation, and overall compliance with European Union’s General Data Protection Regulation (GDPR) and, in particular, its implications in the U.S., together with preparing for the California Consumer Privacy Act.
  • Working with organizations to develop and implement video, audio, and data-driven monitoring and surveillance programs. For instance, in the transportation and related industries, Joe has worked with numerous clients on fleet management programs involving the use of telematics, dash-cams, event data recorders (EDR), and related technologies. He also has advised many clients in the use of biometrics including with regard to consent, data security, and retention issues under BIPA and other laws.
  • Assisting clients with growing state data security mandates to safeguard personal information, including steering clients through detailed risk assessments and converting those assessments into practical “best practice” risk management solutions, including written information security programs (WISPs). Related work includes compliance advice concerning FTC Act, Regulation S-P, GLBA, and New York Reg. 500.
  • Advising clients about best practices for electronic communications, including in social media, as well as when communicating under a “bring your own device” (BYOD) or “company owned personally enabled device” (COPE) environment.
  • Conducting various levels of privacy and data security training for executives and employees
  • Supports organizations through mergers, acquisitions, and reorganizations with regard to the handling of employee and customer data, and the safeguarding of that data during the transaction.
  • Representing organizations in matters involving inquiries into privacy and data security compliance before federal and state agencies including the HHS Office of Civil Rights, Federal Trade Commission, and various state Attorneys General.

Benefits counseling experience - Joe's work in the benefits counseling area covers many areas of employee benefits law. Below are some examples of that work:

  • As part of the Firm's Health Care Reform Team, he advises employers and plan sponsors regarding the establishment, administration and operation of fully insured and self-funded health and welfare plans to comply with ERISA, IRC, ACA/PPACA, HIPAA, COBRA, ADA, GINA, and other related laws.
  • Guiding clients through the selection of plan service providers, along with negotiating service agreements with vendors to address plan compliance and operations, while leveraging data security experience to ensure plan data is safeguarded.
  • Counsels plan sponsors on day-to-day compliance and administrative issues affecting plans.
  • Assists in the design and drafting of benefit plan documents, including severance and fringe benefit plans.
  • Advises plan sponsors concerning employee benefit plan operation, administration and correcting errors in operation.

Joe speaks and writes regularly on current employee benefits and data privacy and cybersecurity topics and his work has been published in leading business and legal journals and media outlets, such as The Washington Post, Inside Counsel, Bloomberg, The National Law Journal, Financial Times, Business Insurance, HR Magazine and NPR, as well as the ABA Journal, The American Lawyer, Law360, Bender's Labor and Employment Bulletin, the Australian Privacy Law Bulletin and the Privacy, and Data Security Law Journal.  

Joe served as a judicial law clerk for the Honorable Laura Denvir Stith on the Missouri Court of Appeals.

Honors and Recognitions

  • JD Supra, "Reader's Choice Top Author" (2020, 2024)
  • Legal 500 USA, "Recommended Attorney" (2020)
  • The National Law Review, "Go To Thought Leader" (2019)

Published Works

  • "Subrogating a Cybersecurity Attack" Claims Magazine (Nov/Dec 2021 issue) [Contributing Co-Author]
  • "New York Latest State to Enact Cybersecurity Law," Today's General Counsel (June 2020) [Author]
  • “Businesses small and large face growing cybersecurity issues,” Midlands Business Journal (April 2019) [Contributing Commentary]
  • Inside The Minds – Complying With Health Care Privacy Laws (NA: Aspatore Books, 2008) [Contributing Author]
  • "A Survey of the Same-sex Marriage Landscape for New Jersey Employers Following United States v. Windsor and Garden State Equality v. Dow," NJ Labor & Employment Law Quarterly Vol. 35, No. 2 (February 2014) [Co-Author]
  • "Joseph J. Lazzarotti on State Data Privacy and Security Laws," Available in LexisNexis, Emerging Issues (February 8, 2008) [Interview Exclusive]
  • "“EFCA” Employee Free Choice Act," Bender’s Labor & Employment Bulletin 8.12 (2008) [Co-Author]
  • "The Emergence of State Data Privacy and Security Laws Affecting Employers," Hofstra Labor & Employment Law Journal 25.2 (Spring 2008) [Author]
  • "California Expands Data Breach Notification Requirements to Include Medical and Health Insurance Information," Privacy & Data Security Law Journal 75 (January 2008) [Author]
  • "Massachusetts Identity Theft Law Creates Data Breach Notification, Protection, and Destruction Requirements," Privacy & Data Security Law Journal 69 (January 2008) [Author]
  • "Oregon and Washington Employers Face Enhanced Data Privacy and Security Obligations," Privacy & Data Security Law Journal 63 (January 2008) [Co-Author]
  • "The US approach to notifying individuals of a breach of their personal information," Privacy Law Bulletin 4.6 (November/December 2007) [Author]
  • "HIPAA Enforcement: Farce or Reality?" Privacy & Data Security Law Journal 2.8 (July 2007) [Author]
  • "Recent Developments in State Privacy and Data Security: Assessing New Business Risks," Professional Liability Underwriting Society Journal 20.4 (April 2007) [Author]
  • "Recent Developments in State Privacy and Data Security Laws Increase Business Risks," Hudson Valley Business Journal (March 19, 2007) [Author]
  • "Starting the year off right," Hudson Valley Business Journal (January 22, 2007) [Co-Author]
  • "Recent Developments in Privacy for the Healthcare Employer," MyZiva's Nursing Home Business 2 (January/February 2007) [Author]
  • "Voluntary Individual Benefit Programs: Meeting the Demands of a Varied Workforce at Minimal Cost," Bender's Labor & Employment Bulletin 572.6 (December 2006) [Co-Author]
  • "Responding to an Unauthorized Breach of Your Company's Electronic Personal Information: A Discussion of State Breach Notification Laws and Preventive Strategies," Privacy & Data Security Law Journal 1.12 (November 2006) [Author]
  • "Wellness programs can benefit the bottom line," Hudson Valley Business Journal 17.17 (September 4, 2006) [Author]
  • "An Introduction to Wellness Programs: The Legal Implications of “Bona Fide Wellness Programs,"" Bender’s Labor & Employment Bulletin 6.6 (June 2006) [Author]
  • "What Are A Small Employer's Obligations Under The HIPAA Security Rules?" Bender’s Labor & Employment Bulletin 6.4 (April 2006) [Author]
  • "What Are A Small Employer's Obligations Under The HIPAA Security Rules?" Privacy & Data Security Law Journal 1.6 (May 2006) [Author]
  • "ERISA Basics - What Is a Summary Plan Description," Bender's Labor & Employment Bulletin 5 (October 2005) [Author]
  • "A Review of the Key changes in the Final HIPAA Portability Regulations," Bender's Labor & Employment Bulletin 5.3 (March 2005) [Author]
  • "Department of Labor Issues Final COBRA Notice Regulations," Bender's Labor & Employment Bulletin 4.9 (September 2004) [Co-Author]
  • "What Are a Small Employer's Obligations under the HIPAA Privacy Rules?" Bender's Labor & Employment Bulletin 4.3 (March 2004) [Author]
  • "Small Business and HIPAA Privacy Rules," Westchester County Business Journal (February 9, 2004) [Author]
  • "Public Use or Public Abuse," 68 UMKC Law Review 49 68.49 (January 2000) [Author]

Speeches

  • “Cyber Security and Safety in a Heightened Risk Environment: Review of Important International and Domestic Cyber Trends and Issues for the Legal Community,” 2023 NJSBA Annual Meeting and Convention (Atlantic City, NJ May 2023)
  • “What Employers Need to Know Today About Artificial Intelligence,” 2023 Corporate Counsel Conference (Dana Point, CA, March 2023)
  • "Internet Harassment in the Workplace,” Rutgers School of Law, Rutgers Computer & Technology Law Journal (Newark, NJ, March 2023)
  • “Protecting Employee Data: Compliance Obligations and Best Practices,” ICBA Live 2023 (Honolulu, HI, March 2023)
  • “Offboarding Risks: Securing Your Business Against Departing Employee Threats,” NetDiligence Cyber Risk Summit (Ft. Lauderdale, FL, February 2023)
  • “Crisis Management: Who, What, When, and Where?,” NAPEO’S 2022 Cybersecurity Webinar Series (October 2022)
    “Cybersecurity - Fundamentals of Cyber Incident Response” NAPEO 2022 Annual Conference & MarketPlace (Palm Desert, CA, September 2022)
  • “Employee Data – Emerging Compliance Obligations and Best Practices,” ICBA Community Bank Human Resources Seminar (Minnesota, August 2022)
  • “AI in the Workplace,” ICBA Community Bank Human Resources Seminar (Minnesota, August 2022)
  • “AI in the Workplace,” Legal Forum at National Association of Security Companies 2022 D.C. Contract Security Summit (Washington, D.C., June 2022)
  • “Applying E-Discovery and Forensic Techniques to Incident Response,” NetDiligence Cyber Risk Summit (Santa Monica, CA, October 2021)
  • "Ever Wonder Whether HIPAA and Other Data Privacy and Security Laws Apply to Your PEO?," PrismHR LIVE 2019 (Boston, MA, June 2019)
  • "Internal Investigations – Balancing Employees Privacy Rights and Company’s Goals and Obligations," Twentieth Annual Institute on Privacy and Data Security Law (Chicago, IL, June 2019)    
  • "Your Company Has Been Hacked: An Interactive Data Breach Simulation," Salt Lake SHRM Employment Law Seminar (Salt Lake City, UT, April 2019)   
  • "Cybersecurity and Your PEO's Risk," NAPEO's 2019 Risk Management Workshop (Nashville, TN, March 2019)
  • "The Heaviest Lift in Your Fitness Business: Managing a Sea of Personal Data in an Efficient and Compliant Manner," Jackson Lewis webinar (January 2019)
  • "Privacy and Cybersecurity — The Basics," Disability Management Employer Coalition webinar (November 2018)
  • "The Computer Wore Tennis Shoes-Issues in Cybersecurity and Artificial Intelligence," 2018 ASPPA Annual Conference (National Harbor, MD, October 2018)
  • "Cyber and Data Security Considerations for the Business Owners and Manager," 2018 ASPPA Annual Conference (National Harbor, MD, October 2018)
  • "Cybersecurity and Benefit Plans: An Update on Risks and Challenges for Benefit Providers," ASPPA webinar (October 2018)
  • "People Problems With Cybersecurity," NetDiligence Cyber Risk Summit panelist (Santa Monica, CA, October 2018)
  • "Privacy and Data Security session - Whistleblowing, Retaliation & CEPA in the Digital Age: Update 2018," NJ Institute for Continuing Legal Education (New Brunswick, NJ, June 2018)
  • "Monitoring Employee Conduct: Balancing Employee Privacy and Sound Company Management," PLI’s Nineteenth Annual Institute on Privacy and Data Security Law (Chicago, IL, June 2018)
  • "Cybersecurity Overview Session," at NAPEO’S 2018 PEO Capitol Summit (Arlington, VA, May 2018)
  • "Pillars of Cybersecurity," NAPEO webinar (May 2018)
  • "Cybersecurity Requirements for Government Contractors Continue to Tighten," Jackson Lewis P.C. Government Contractor Symposium – Washington, DC (May 2018)
  • "How to Comply with GDPR Requirements: What Every U.S. Company Needs to Know,” EVERFI Webinar (May 2018)
  • "An Interactive Simulation for the HR Professional," Employment Law Seminar - Salt Lake SHRM (Salt Lake City, UT, April 2018)          
  • "Cybersecurity Risks, Obligations and Opportunities," Retirement Industry Trust Association (Washington, DC, March 2018)                      
  • "Data Breach Simulation," Jackson Lewis 2018 Corporate Counsel Conference (Miami, FL, March 2018)
  • "2018 Employment and Americans with Disabilities Act Update Seminar," Sullivan Benefits Seminar (Tampa, FL, February 2018)
  • "Atlanta Annual Surveying the Workplace Law Landscape," Jackson Lewis P.C. (Atlanta, GA, December 2017)
  • "Cybersecurity for In-House Counsel," Association of Corporate Counsel (Philadelphia, PA, December 2017)
  • "Cyber Security Event," American Society of Pension Professionals & Actuaries (Cleveland, OH, November 2017)
  • "2017 Affordable Care Act and Americans with Disabilities Act Update Seminar," Sullivan Benefits Seminar (Orlando, FL, October 2017)
  • "Cybersecurity: An Introduction," Pace University Law School (White Plains, NY, October 2017)
  • "Cybersecurity and Benefit Plans: What Service Providers and Employers Need to Know," American Society of Pension Professionals & Actuaries (Webinar, September 2017)
  • "Affordable Care Act and Americans with Disabilities Act Update Seminar," Sullivan Benefits Seminar (Tampa, FL, February 2018)
  • "Are You Prepared: Data Breach Readiness," Merchants Information Solutions (Webinar, September 2017)
  • "Cybersecurity Readiness – Data Breach Simulation," NAPEO's 2017 Annual Conference & Marketplace (Orlando, FL, September 2017)
  • "Cybersecurity Overview Session at NAPEO CFO/COO Conference," NAPEO Conference (Minneapolis, MN, July 2017)
  • "Affordable Care Act and Americans with Disabilities Act Update," Sullivan Benefits Seminar (Miami, FL, June 2017)
  • "Balancing Employee Privacy and Sound Company Management," PLI’s Eighteenth Annual Institute on Privacy and Data Security Law (Chicago, IL, June 2017)
  • "NetDiligence Cyber Risk & Privacy Forum East Coast 2017," HB Litigation Conferences LLC (Philadelphia, PA, June 2017)
  • "HIPAA Basics," American Association of Women Dentists 57th Street Study Club (New York, NY, May 2017)
  • "The Virtual Workplace," PLI’s TechLaw Institute 2017 (New York, NY, March 2017)
  • "The Virtual Workplace," Third Annual Employment Law Institute CLE Program (New York, NY, March 2017)
  • "Cyber Security & Your PEO in 2017," NAPEO Conference (Tampa, FL, February 2017)
  • "Cybersecurity: What ERISA Service Providers & Plan Sponsors Need to Know," American Society of Pension Professionals & Actuaries (Portland, OR, February 2017)
  • "Cybersecurity: What ERISA Service Providers & Plan Sponsors Need to Know," American Society of Pension Professionals & Actuaries (Seattle, WA, February 2017)
  • "Break the Silos: How Employment Law, Privacy, and the ACA Impact Immigration Decision-making," American Immigration Lawyers Association, Midwinter CLE Conference (St. Maarten, January 2017)

Events

Credentials

Education
University of Missouri School of Law
J.D.
with Distinction
Pace University
B.B.A.

cum laude

Admitted to Practice
Florida
New Jersey
New York
Kansas (inactive)
Missouri (inactive)
Professional Associations and Activities
American Bar Association
International Association of Privacy Professionals (IAPP)
National Association of Professional Employer Associations (NAPEO)

University of Missouri School of Law
J.D.
with Distinction
Pace University
B.B.A.

cum laude

Florida
New Jersey
New York
Kansas (inactive)
Missouri (inactive)

American Bar Association
International Association of Privacy Professionals (IAPP)
National Association of Professional Employer Associations (NAPEO)

No aspect of this or any advertisement has been approved by the Supreme Court of New Jersey. For all award methodology, see Awards and Honors Methodology.