Joseph J. Lazzarotti

Subscribe to Joseph J. Lazzarotti's Posts

Joseph J. Lazzarotti is a principal in the Tampa, Florida, office of Jackson Lewis P.C. He founded and currently co-leads the firm's Privacy, Data and Cybersecurity practice group, edits the firm’s Privacy Blog, and is a Certified Information Privacy Professional (CIPP) with the International Association of Privacy Professionals. Trained as an employee benefits lawyer, focused on compliance, Joe also is a member of the firm’s Employee Benefits practice group.

In short, his practice focuses on the matrix of laws governing the privacy, security, and management of data, as well as the impact and regulation of social media. He also counsels companies on compliance, fiduciary, taxation, and administrative matters with respect to employee benefit plans.

Contact:

Texas Amends the Effects of its Data Breach Law on Out-of-State Residents

By Joseph J. Lazzarotti on July 8, 2013

Posted in Data Security, Identity Theft, Information Management, Information Risk

Texas amends its data breach notification statute and the law’s effects on persons out of state.
Continue Reading Texas Amends the Effects of its Data Breach Law on Out-of-State Residents

California AG Report Announces Enforcement Priority for Breaches Involving Unencrypted Data

By Joseph J. Lazzarotti on July 3, 2013

Posted in Data Security

California Attorney General issues data breach report and announces enforcement priority to investigate breaches involving unencrypted personal information.
Continue Reading California AG Report Announces Enforcement Priority for Breaches Involving Unencrypted Data

Hospital Employee Terminated for HIPAA Data Breach, Discrimination Defense Rejected

By Joseph J. Lazzarotti on June 21, 2013

Posted in HIPAA, Information Risk, Workplace Investigations, Written Information Security Program

Hospital employee’s discrimination claims were unsuccessful where termination resulted from HIPAA breach…
Continue Reading Hospital Employee Terminated for HIPAA Data Breach, Discrimination Defense Rejected

One Hour Breach Notification Mandate Proposed Regarding Obamacare Health Exchanges

By Joseph J. Lazzarotti on June 20, 2013

Posted in Data Security, Health Information Technology, HIPAA, Identity Theft, Information Management, Information Risk, Written Information Security Program

Are you a “non-Exchange entity” with respect to the healthcare exchanges coming later this year? If so you may become subject to a one-hour breach notification mandate.
Continue Reading One Hour Breach Notification Mandate Proposed Regarding Obamacare Health Exchanges

FDA Provides Data Security Guidance for Medical Device Manufacturers

By Joseph J. Lazzarotti on June 15, 2013

Posted in Health Information Technology, HIPAA, Information Management, Information Risk

Big Data’s impact on medical devices pushes FDA to propose draft guidelines for cybersecurity.
Continue Reading FDA Provides Data Security Guidance for Medical Device Manufacturers

The Threat of Cyberattacks and Data Breaches from China Continues

By Joseph J. Lazzarotti on May 29, 2013

Posted in Data Security, Featured, Information Management, Information Risk, Written Information Security Program

The New York Times recently reported that hackers from China have resumed attacks on U.S. targets, despite efforts by the Obama Administration to curb these intrusions. According to the article and a report by a security company, Mandiant, hackers from China have been behind…

scores of thefts of intellectual property and government documents over the past five

…

Colorado Becomes Ninth State to Restrict Use Of Credit Information In Making Employment Decisions

By Joseph J. Lazzarotti on May 25, 2013

Posted in Background Checks, Identity Theft, Information Risk, Workplace Investigations, Workplace Privacy

Colorado joins eight other states in restricting employers’ use of credit information in making employment decisions…
Continue Reading Colorado Becomes Ninth State to Restrict Use Of Credit Information In Making Employment Decisions

Idaho State University Investigated by HHS Following Report of Data Breach

By Joseph J. Lazzarotti on May 24, 2013

Posted in Data Security, Health Information Technology, HIPAA, Information Management, Information Risk, Written Information Security Program

University’s $400,000 payment to HHS to settle HIPAA compliance allegations highlights critical role of risk assessments, and need for security policies and procedures.
Continue Reading Idaho State University Investigated by HHS Following Report of Data Breach

More States Limit Employer Access to Employee Social Media Accounts

By Joseph J. Lazzarotti on May 23, 2013

Posted in Featured, Information Risk, Social Networking, Workplace Investigations, Workplace Privacy

More states pass laws limiting access by employers to the social media accounts of applicants and employees…
Continue Reading More States Limit Employer Access to Employee Social Media Accounts

HIPAA Preempts Less Protective State Law Concerning Medical Records of Deceased Nursing Home Residents, Eleventh Circuit Rules

By Joseph J. Lazzarotti on April 16, 2013

Posted in HIPAA, Written Information Security Program

Federal Appeals Court address HIPAA preemption of state law.
Continue Reading HIPAA Preempts Less Protective State Law Concerning Medical Records of Deceased Nursing Home Residents, Eleventh Circuit Rules

Workplace Privacy, Data Management & Security Report