Photo of Joseph J. Lazzarotti

Joseph J. Lazzarotti

Subscribe to Joseph J. Lazzarotti's Posts

Joseph J. Lazzarotti is a principal in the Tampa, Florida, office of Jackson Lewis P.C. He founded and currently co-leads the firm's Privacy, Data and Cybersecurity practice group, edits the firm’s Privacy Blog, and is a Certified Information Privacy Professional (CIPP) with the International Association of Privacy Professionals. Trained as an employee benefits lawyer, focused on compliance, Joe also is a member of the firm’s Employee Benefits practice group.

In short, his practice focuses on the matrix of laws governing the privacy, security, and management of data, as well as the impact and regulation of social media. He also counsels companies on compliance, fiduciary, taxation, and administrative matters with respect to employee benefit plans.

Contact:Read more about Joseph J. Lazzarotti

It is increasingly evident that artificial intelligence (AI) is reshaping all facets of business, and its impact on employee benefit plans is no exception. From automating plan administration to personalizing participant communications, AI introduces both new opportunities and new responsibilities for those overseeing Employee Retirement Income Security Act of 1974 (ERISA)-covered retirement and health plans

A Texas federal court just shook the foundation of HIPAA’s reproductive health privacy protections — but the Supreme Court may have the final word. In a sweeping decision, Judge Matthew Kacsmaryk vacated key provisions of the 2024 Reproductive Health Rule, stripping away national safeguards on disclosing reproductive health information. Yet, a recent SCOTUS ruling in 

On June 2, 2025, the U.S. Department of Labor (DOL) announced a significant expansion of its compliance assistance tools by launching an Opinion Letter Program across five key enforcement agencies, including the Employee Benefits Security Administration (EBSA). This initiative aims to provide employers, plan sponsors, and other stakeholders with clear, tailored guidance on complex issues

A little more than three years ago, the U.S. Department of Labor (DOL) posted cybersecurity guidance on its website for ERISA plan fiduciaries. That guidance extended only to ERISA-covered retirement plans, despite health and welfare plans facing similar risks to participant data.

Last Friday, the DOL’s Employee Benefits Security Administration (EBSA) issued Compliance Assistance Release

In 2021, the Department of Labor (DOL) issued cybersecurity guidance for ERISA-covered retirement plans. The guidance expands the duties retirement plan fiduciaries have when selecting service providers. Specifically, the DOL makes clear that when selecting retirement plan service providers, plan fiduciaries must prudently assess the cybersecurity of those providers.  

On May 15, 2024, the

On April 22, 2024, the federal Department of Health and Human Services’ Office for Civil Rights (OCR) announced a final rule enhancing privacy protections relating to reproductive health care. Specifically, the final rule amends the Privacy Rule under the Health Insurance Portability and Accountability Act (HIPAA) to, among other things, establish new limits on the

Cryptocurrency

It started sometime last year and, in hindsight, was inevitable.  Clients with 401(k) plans and a crypto-savvy employee population began asking whether they could offer cryptocurrency as a plan investment option.  In the 401(k) world, where even a self-directed brokerage window with built-in investment limitations can be too risky, the answer seemed obvious – watch

As employers consider implementing a vaccine mandate to encourage employees to get vaccinated against COVID-19, we have recently discussed the merits of imposing a “vaccine surcharge” on monthly health insurance premiums for those employees who remain unvaccinated.  There were unanswered questions about specific legal issues, but now the Department of Labor (DOL), Health and Human