Photo of Jason C. Gavejian

Jason C. Gavejian

Subscribe to Jason C. Gavejian's Posts

Jason C. Gavejian is the office managing principal of the Berkeley Heights, New Jersey, office of Jackson Lewis P.C. and a member of the firm’s Board of Directors. He is also a Certified Information Privacy Professional (CIPP/US) with the International Association of Privacy Professionals.

As a Certified Information Privacy Professional (CIPP/US), Jason focuses on the matrix of laws governing privacy, security, and management of data. Jason is co-editor of, and a regular contributor to, the firm’s Privacy blog.

Jason's work in the area of privacy and data security includes counseling international, national, and regional companies on the vast array of privacy and security mandates, preventive measures, policies, procedures, and best practices. This includes, but is not limited to, the privacy and security requirements under state, federal, and international law (e.g., HIPAA/HITECH, GDPR, California Consumer Privacy Act (CCPA), FTC Act, ECPA, SCA, GLBA etc.). Jason helps companies in all industries to assess information risk and security as part of the development and implementation of comprehensive data security safeguards including written information security programs (WISP). Additionally, Jason assists companies in analyzing issues related to: electronic communications, social media, electronic signatures (ESIGN/UETA), monitoring and recording (GPS, video, audio, etc.), biometrics, and bring your own device (BYOD) and company owned personally enabled device (COPE) programs, including policies and procedures to address same. He regularly advises clients on compliance issues under the Telephone Consumer Protection Act (TCPA) and has represented clients in suits, including class actions, brought in various jurisdictions throughout the country under the TCPA.

Contact:Read more about Jason C. Gavejian

Earlier today the European Union and U.S. officials announced the final approval of the EU-U.S. Privacy Shield data transfer agreement (“the Privacy Shield”).  Beginning August 1, 2016, organizations based in the U.S. will be able to self-certify their compliance with the Privacy Shield.

The Privacy Shield is meant to replace the EU-U.S. Safe Harbour agreement

While data breach incidents affecting the entertainment, retail, healthcare, and financial industries have garnered more attention in past years, the data breach spotlight recently shifted to law firms.

This shift was triggered by media coverage of the breach and leak of the Panama Papers, and by reports that, in 2015, hackers breached the networks

Earlier today, the European Parliament passed a non-legislative resolution saying the EU Commission should go back to negotiating with the United States to remedy “deficiencies” in the proposed EU-U.S. Privacy Shield for EU citizens’ data which is transferred to the US for commercial purposes.

The resolution, which passed by a vote of 501-119, with 31

On March 24, 2016, Tennessee’s breach notification statute was amended when Governor Bill Haslam signed into law S.B. 2005.

Under the amendment, notification of a data breach must now be provided to any affected Tennessee resident within 45-days after discovery of the breach (absent a delay request from law enforcement).  Previously, and like the

Recognizing the growing number of connected and interconnected devices, a bipartisan group of Senators recently introduced a bill which would convene a working group of Federal stakeholders to provide recommendations to Congress on how to appropriately plan for and encourage the proliferation of the Internet of Things (IoT).
The Developing Innovation and Growing the

Earlier today, the European Commission (the Commission) issued a draft “adequacy decision” as well as the texts that will constitute the EU-U.S. Privacy Shield (the Privacy Shield). This includes the Privacy Shield Principles companies have to abide by, as well as written commitments by the U.S. Government on the enforcement of the arrangement,

The U.S. District Court for the Southern District of California recently granted Wilshire Consumer Capital’s (WCC) motion to deny class certification in a putative class action filed under the Telephone Consumer Protection Act (TCPA).
The named plaintiff, Alu Banarji, filed suit after receiving numerous telephone calls on her cell phone.  According to the Court,