Photo of Jason C. Gavejian

Jason C. Gavejian is a principal in the Berkeley Heights, New Jersey, office of Jackson Lewis P.C. and co-leader of the firm’s Privacy, Data and Cybersecurity practice group. Jason is also a Certified Information Privacy Professional (CIPP/US) with the International Association of Privacy Professionals.

As a Certified Information Privacy Professional (CIPP/US), Jason focuses on the matrix of laws governing privacy, security, and management of data. Jason is co-editor of, and a regular contributor to, the firm’s Workplace Privacy, Data Management & Security Report blog.

Jason's work in the area of privacy and data security includes counseling international, national, and regional companies on the vast array of privacy and security mandates, preventive measures, policies, procedures, and best practices. This includes, but is not limited to, the privacy and security requirements under state, federal, and international law (e.g., HIPAA/HITECH, GDPR, California Consumer Privacy Act (CCPA), FTC Act, ECPA, SCA, GLBA etc.). Jason helps companies in all industries to assess information risk and security as part of the development and implementation of comprehensive data security safeguards including written information security programs (WISP). Additionally, Jason assists companies in analyzing issues related to: electronic communications, social media, electronic signatures (ESIGN/UETA), monitoring and recording (GPS, video, audio, etc.), biometrics, and bring your own device (BYOD) and company owned personally enabled device (COPE) programs, including policies and procedures to address same. He regularly advises clients on compliance issues under the Telephone Consumer Protection Act (TCPA) and has represented clients in suits, including class actions, brought in various jurisdictions throughout the country under the TCPA.

Jason represents companies with respect to inquiries from the HHS/OCR, state attorneys general, and other agencies alleging wrongful disclosure of personal/protected information. He negotiates vendor agreements and other data privacy and security agreements, including business associate agreements. His work in the area of privacy and data security includes counseling and coaching clients through the process of investigating and responding to breaches of the personally identifiable information (PII) or protected health information (PHI) they maintain about consumers, customers, employees, patients, and others, while also assisting clients in implementing policies, practices, and procedures to prevent future data incidents.

Jason represents management exclusively in all aspects of employment litigation, including restrictive covenants, class-actions, harassment, retaliation, discrimination, and wage and hour claims in both federal and state courts. He regularly appears before administrative agencies, including the Equal Employment Opportunity Commission (EEOC), the Office for Civil Rights (OCR), the New Jersey Division of Civil Rights, and the New Jersey Department of Labor. Jason's practice also focuses on advising/counseling employers regarding daily workplace issues.

Jason’s litigation experience, coupled with his privacy practice, provides him with a unique view of many workplace issues and the impact privacy, data security, and social media may play in actual or threatened lawsuits.

Jason regularly provides training to both executives and employees and regularly speaks on current privacy, data security, monitoring, recording, BYOD/COPE, biometrics (BIPA), social media, TCPA, and information management issues. His views on these topics have been discussed in multiple publications, including the Washington Post, Chicago Tribune, San Francisco Chronicle (SFGATE), National Law Review, Bloomberg BNA, Inc.com, @Law Magazine, Risk and Insurance Magazine, LXBN TV, Business Insurance Magazine, and HR.BLR.com.

Jason is the co-leader of Jackson Lewis’ Hispanic Attorney resource group, a group committed to increasing the firm’s visibility among Hispanic-American and other minority attorneys, as well as mentoring the firm's attorneys to assist in their training and development. He also previously served on the National Leadership Committee of the Hispanic National Bar Association (HNBA) and regularly volunteers his time for pro bono matters.

Prior to joining Jackson Lewis, Jason served as a judicial law clerk for the Honorable Richard J. Donohue on the Superior Court of New Jersey, Bergen County.

The California Consumer Privacy Act (CCPA), considered one of the most expansive U.S. privacy laws to date, went into effect on January 1, 2020. The CCPA placed significant limitations on the collection and sale of a consumer’s personal information and provides consumers new and expansive rights with respect to their personal information.

Less than one

The use of smart dashcams and vehicle cameras, including those leveraging AI technology, may trigger the next wave of BIPA litigation, according to two cases filed in Illinois this week.

Enacted in 2008, the Illinois Biometric Information Privacy Act, 740 ILCS 14 et seq. (the “BIPA”), went largely unnoticed until a few years ago

In a groundbreaking move, likely to have significant impact on employee hiring and HR tech, the New York City Council has passed a measure (“the NYC measure”) that bans the use of automated decision-making tools to (1) screen job candidates for employment, or (2) evaluate current employees for promotion, unless the tool has been subject

The leaders of our Wage & Hour Practice, Justin Barnes Jeffrey Brecher and Eric Magnus collaborated with us on this article.

According to reports, Kronos, the cloud-based, HR management service provider, suffered a data incident involving ransomware affecting its information systems. Kronos communicated that it discovered the incident late on Saturday, December 11, 2021,

Earlier this month, New York Governor Kathy Hochul signed into a law a bill that will require New York private sector employers to provide written notice to employees before engaging in electronic monitoring of their activities in the workplace.  Civil Rights (CVR) Chapter 6, Article 5, Section 52-C*2 will take effect six months after enactment,

Last week, the Department of Justice (“DOJ”) announced the launch of its Civil Cyber-Fraud Initiative (“the Initiative”) aimed at combating “new and emerging cyber threats to the security of sensitive information and critical systems” specifically targeting accountability of cybersecurity obligations for federal contractors and federal grant recipients, by way of the False Claims Act.  The

With health-related data and how to protect it at the forefront of discussion since the start of the COVID-19 pandemic, this week California Governor Gavin Newsom signed into law two bills related to genetic data.  First, AB 825, will expand the definition of personal information to include genetic data, for data breach notification requirements

The Federal Trade Commission (“FTC”) recently issued an important policy statement to health apps and other connected devices that collect or use consumers’ health information.  The FTC’s policy statement effectively clarified the position that health apps and related connected devices are subject to the Health Breach Notification Rule (“the Rule”), which requires vendors of personal

On September 17, 2021, a three-judge panel of the Illinois Appellate Court for the First Judicial District issued a long-awaited decision regarding the statute of limitations for claims under the state’s Biometric Information Privacy Act (“BIPA”) in Tims v. Black Horse Carriers, Inc. The Tims decision marks the first appellate guidance regarding this issue.  Although

Yesterday, Baltimore’s local ordinance prohibiting persons from “obtaining, retaining, accessing, or using certain face surveillance technology or any information obtained from certain face surveillance technology,” became effective.  The new ordinance prohibits the use of facial recognition technology by city residents, businesses, and most of the city government (excluding the city police department) until December 2022.