Jason C. Gavejian

Jason C. Gavejian is the office managing principal of the Berkeley Heights, New Jersey, office of Jackson Lewis P.C. and a member of the firm’s Board of Directors. He is also a Certified Information Privacy Professional (CIPP/US) with the International Association of Privacy Professionals.

As a Certified Information Privacy Professional (CIPP/US), Jason focuses on the matrix of laws governing privacy, security, and management of data. Jason is co-editor of, and a regular contributor to, the firm’s Privacy blog.

Jason's work in the area of privacy and data security includes counseling international, national, and regional companies on the vast array of privacy and security mandates, preventive measures, policies, procedures, and best practices. This includes, but is not limited to, the privacy and security requirements under state, federal, and international law (e.g., HIPAA/HITECH, GDPR, California Consumer Privacy Act (CCPA), FTC Act, ECPA, SCA, GLBA etc.). Jason helps companies in all industries to assess information risk and security as part of the development and implementation of comprehensive data security safeguards including written information security programs (WISP). Additionally, Jason assists companies in analyzing issues related to: electronic communications, social media, electronic signatures (ESIGN/UETA), monitoring and recording (GPS, video, audio, etc.), biometrics, and bring your own device (BYOD) and company owned personally enabled device (COPE) programs, including policies and procedures to address same. He regularly advises clients on compliance issues under the Telephone Consumer Protection Act (TCPA) and has represented clients in suits, including class actions, brought in various jurisdictions throughout the country under the TCPA.

Contact:

VOTE 2017 – We’re back thanks to you!

By Jason C. Gavejian & Joseph J. Lazzarotti on October 18, 2017

Posted in ADA, Artificial Intelligence, Background Checks, Big Data, BYOD, Consumer Privacy, COPPA, Data Analytics, Data Security, e-Communication, e-Discovery, Featured, GINA, Health Information Technology, HIPAA, Identity Theft, Information Management, Information Risk, International, Monitoring, Online Privacy, Photos, Videos and Surveillance, Practice Group News, Social Networking, Telephone Consumer Protection Act, Third Party Service Providers, Trade Secrets, Uncategorized, Workplace Investigations, Workplace Privacy, Written Information Security Program

We are proud to once again announce that the Workplace Privacy Report has been nominated for The Expert Institute’s Best Legal Blog Competition.

From a field of thousands of nominees, the Workplace Privacy Report has received enough nominations to join one of the largest competitions for legal blog writing online today. If you enjoy the…

Delaware: The Latest State to Amend its Data Breach Notification Law

By Jason C. Gavejian on August 23, 2017

Posted in Data Security, Identity Theft, Information Risk

Delaware joins the growing number of states that recently amended their data breach notification law. On August 17^th, Delaware amended its data breach notification law with House Bill 180, the first significant change since 2005, effective 240 days after enactment (on or about April 14, 2018).

Delaware maintains the state law trend…

2-Year Statute of Limitations Applies to HIV Patient’s Privacy Suit

By Jason C. Gavejian on August 22, 2017

Posted in Information Risk

A New Jersey appeals court recently ruled that a two-year statute of limitations applies to a claim by an HIV-positive patient asserting one of his doctors improperly disclosed his medical status to a third party without consent. The three-judge Appellate Division panel rejected arguments by the doctor that the suit should be dismissed as time-barred…

New Mexico Enacts Data Breach Notification Act

By Jason C. Gavejian on April 18, 2017

Posted in Data Security, Identity Theft, Information Risk

On April 6, 2017, New Mexico Governor Susana Martinez signed HB 15, making New Mexico the 48th state to enact a data breach notification law. The law has an effective date of June 16, 2017 and follows the same general structure of many of the breach notification laws in other states.

Importantly, the definition of…

Virginia Responds to W-2 Phishing Scams with First of Its Kind Notification Requirement

By Jason C. Gavejian on April 4, 2017

Posted in Data Security, Identity Theft

As previously highlighted, in early February, the IRS issued a warning to all employers regarding the resurgence of a W-2 based cyber scam. Since the IRS warning, this type of scam has taken numerous victims. On February 15, 2017, Virginia Wesleyan College released a notice stating that the 2016 W-2 tax form information of…

Top 10 for 2017 – Happy Data Privacy Day

By Joseph J. Lazzarotti & Jason C. Gavejian on January 27, 2017

Posted in ADA, Artificial Intelligence, Background Checks, Big Data, BYOD, Consumer Privacy, COPPA, Data Analytics, Data Security, e-Communication, e-Discovery, Featured, GINA, Health Information Technology, HIPAA, Identity Theft, Information Management, Information Risk, International, Monitoring, Online Privacy, Photos, Videos and Surveillance, Social Networking, Telephone Consumer Protection Act, Third Party Service Providers, Trade Secrets, Uncategorized, Workplace Investigations, Workplace Privacy, Written Information Security Program

In honor of Data Privacy Day, we provide the following “Top 10 for 2017.” While the list is by no means exhaustive, it does provide some hot topics for organizations to consider in 2017.

1. Phishing Attacks and Ransomware – Phishing, as the name implies, is the attempt, usually via email, to obtain sensitive or…

DoD Updates Cyber Incident Reporting Rule

By Jason C. Gavejian on October 12, 2016

Posted in Data Security, Information Risk

On October 4, 2016, a final rule was published in the Federal Register which implements statutory requirements for Department of Defense (DoD) contractors and subcontractors to report cyber incidents that result in an actual or potentially adverse effect on a covered contractor information system or covered defense information residing therein, or on a contractor’s ability

…

VOTE 2016 – The Only Easy Choice

By Jason C. Gavejian & Joseph J. Lazzarotti on October 5, 2016

Posted in Uncategorized

In an election year that has divided much of the country, we are providing you with a clear and simple choice this voting cycle. To this end, we are proud to announce that the Workplace Privacy Report Has Been Nominated for The Expert Institute’s Best Legal Blog Competition.

From a field of hundreds of potential…

No Harm, No Foul (And No Class Action Lawsuit): TCPA Class Action Dismissed For Failure to Allege Harm

By Jason C. Gavejian on August 24, 2016

Posted in Telephone Consumer Protection Act

Earlier this month, United States District Court Judge Peter Sheridan dismissed a class action brought against Work Out World (“WOW”) under the Telephone Consumer Protection Act (TCPA). In doing so, Judge Sheridan relied on the recent decision by the United States Supreme Court in Spokeo, Inc. v. Robins.

The named plaintiff, Norreen Susinno,…

EU-U.S. Privacy Shield Q&A

By Jason C. Gavejian, Joseph J. Lazzarotti & Damon W. Silver on August 17, 2016

Posted in International

Last month, the European Union and U.S. officials announced final approval of the EU-U.S. Privacy Shield (Privacy Shield), replacing the Safe Harbor which was invalidated by the Court of Justice of the European Union in October 2015. Like it predecessor, the Privacy Shield will allow organizations based in the United States to self-certify compliance with…

Workplace Privacy, Data Management & Security Report