Photo of Joseph J. Lazzarotti

Joseph J. Lazzarotti is a principal in the Tampa, Florida, office of Jackson Lewis P.C. He founded and currently co-leads the firm's Privacy, Data and Cybersecurity practice group, edits the firm’s Privacy Blog, and is a Certified Information Privacy Professional (CIPP) with the International Association of Privacy Professionals. Trained as an employee benefits lawyer, focused on compliance, Joe also is a member of the firm’s Employee Benefits practice group.

In short, his practice focuses on the matrix of laws governing the privacy, security, and management of data, as well as the impact and regulation of social media. He also counsels companies on compliance, fiduciary, taxation, and administrative matters with respect to employee benefit plans.

A little more than three years ago, the U.S. Department of Labor (DOL) posted cybersecurity guidance on its website for ERISA plan fiduciaries. That guidance extended only to ERISA-covered retirement plans, despite health and welfare plans facing similar risks to participant data.

Last Friday, the DOL’s Employee Benefits Security Administration (EBSA) issued Compliance Assistance Release

In 2021, the Department of Labor (DOL) issued cybersecurity guidance for ERISA-covered retirement plans. The guidance expands the duties retirement plan fiduciaries have when selecting service providers. Specifically, the DOL makes clear that when selecting retirement plan service providers, plan fiduciaries must prudently assess the cybersecurity of those providers.  

On May 15, 2024, the

On April 22, 2024, the federal Department of Health and Human Services’ Office for Civil Rights (OCR) announced a final rule enhancing privacy protections relating to reproductive health care. Specifically, the final rule amends the Privacy Rule under the Health Insurance Portability and Accountability Act (HIPAA) to, among other things, establish new limits on the

It started sometime last year and, in hindsight, was inevitable.  Clients with 401(k) plans and a crypto-savvy employee population began asking whether they could offer cryptocurrency as a plan investment option.  In the 401(k) world, where even a self-directed brokerage window with built-in investment limitations can be too risky, the answer seemed obvious – watch

As employers consider implementing a vaccine mandate to encourage employees to get vaccinated against COVID-19, we have recently discussed the merits of imposing a “vaccine surcharge” on monthly health insurance premiums for those employees who remain unvaccinated.  There were unanswered questions about specific legal issues, but now the Department of Labor (DOL), Health and Human

Testing for COVID-19 certainly has evolved over the past 18 months or so. As supply and allocation continue to face challenges, guidance on serological/antibody versus viral testing, testing in the workplace, informed consent, among other things have emerged to help guide coronavirus testing in the workplace. President Biden’s Path out of the

According to Forbes.com, more employers are considering imposing a premium surcharge on employees participating in the company’s health plan who are not vaccinated for COVID-19. Whether positioned as rewards or penalties, wellness program incentives have become vehicles of choice for encouraging behaviors believed to be healthy and reducing health plan costs. For years, tobacco

In April, we posted about the U.S. Department of Labor’s (DOL) Employee Benefits Security Administration (EBSA) issuing cybersecurity guidance for employee retirement plans. That is, April 14, 2021. Shortly thereafter, the DOL updated its audit inquiries to include probing questions for plan fiduciaries about their compliance with “hot off the press” agency guidelines.

So, what