Brian G. Cesaratto

Firm/Organization: Epstein Becker & Green, P.C.

Blogs: Financial Services Employment Law, Health Law Advisor, Technology Employment Law, Trade Secrets & Employee Mobility

Latest Articles

Technology Employment Law

The New York State “Stop Hacks and Improve Electronic Data Security Act” (SHIELD Act) Becomes Effective March 21, 2020: Is Your Organization Ready to Achieve Compliance?

By Brian G. Cesaratto

February 6, 2020

Time is running out. The effective date of New York’s cybersecurity law mandating that organizations implement an information security program to protect “private information” of New York State residents, including employee and consumer data, is now only 45 days away. New York’s law requires the implementation of a cybersecurity program, including reasonable protective measures such as risk assessments, workforce training and incident response planning and testing. Businesses should immediately take steps to comply with the…

Technology Employment Law

New York Joins the Wave of States Requiring Businesses to Adopt Reasonable Cybersecurity Safeguards to Protect Private Information

By Brian G. Cesaratto

August 5, 2019

new_york_city_cyber_security_cybersecurity_data_cyber_attack_cyberattack_data_privact_NYC_shutterstock_581476519_1280x720

New York is the latest state to adopt a law that requires businesses that collect private information on its residents to implement reasonable cybersecurity safeguards to protect that information. New York now joins California, Massachusetts and Colorado in setting these standards. New York’s law mandates the implementation of a data security program, including measures such as risk assessments, workforce training and incident response planning and testing. Businesses should immediately begin the process to comply with…

Technology Employment Law

Proposed Amendment to California Consumer Privacy Act (CCPA) Reaffirms Employer Notice Requirement and Employee Private Right of Action for Failure to Implement Cybersecurity Safeguards to Take Effect January 1, 2020

By Brian G. Cesaratto, Patricia Wagner, Deanna Ballesteros & Matthew Savage Aibel

July 23, 2019

California_CA_Keyboard_shutterstock_246540733_1280x720

The recently proposed amendment to the California Consumer Privacy Act (CCPA) should be a wake up call to those employers who are not already actively planning for the January 1, 2020 compliance deadline. The amendment reaffirms that employers must (i) provide employees with notice of the categories of personal information collected and the purposes for which the information shall be used at or before collection; and (ii) implement reasonable cybersecurity safeguards to protect certain employee…

Technology Employment Law

Recent Indictment of Anthem Hackers Serves as a Reminder of the Importance of Rigorous Workforce Cybersecurity Training, Incident Response Plans and Formalized Security Programs

By Brian G. Cesaratto

June 3, 2019

cyber_security_lock_key_hole_keyhole_shutterstock_313643477_1280x720

On May 9, 2019, the United States Department of Justice announced the indictment of two Chinese Nationals as members of a sophisticated hacking group responsible for the hack of Anthem, Inc. and other unnamed U.S. based large technology, communications and basic materials companies. The hack resulted in the breach of personally identifiable information of over 78 million individuals held by Anthem and the theft of confidential business information from the victimized organizations. The indictment provides…

Health Law Advisor

Harden Your Organization’s Domain Name System (DNS) Security to Protect Against Damaging Data Loss and Insider Threat

By Brian G. Cesaratto

April 3, 2019

domain_secuity_network_data_shutterstock_334604324_1280x720

The importance of the Domain Name System (DNS) to your organization’s cybersecurity cannot be understated. Communications between computers on the Internet depend on DNS to get to their intended destination. Network communications begin with a query to DNS to resolve the human readable domain name to a numeric Internet Protocol (IP) address required by computers to route the transmission. A malicious party who is able to exploit a weakness in DNS can re-route sensitive traffic,…

Technology Employment Law

Washington State Considers Comprehensive Data Privacy Act to Protect Personal Information

By Brian G. Cesaratto

February 14, 2019

Washington State is considering sweeping legislation (SB 5376) to govern the security and privacy of personal data similar to the requirements of the European Union’s General Data Protection Regulation (“GDPR”). Under the proposed legislation, Washington residents will gain comprehensive rights in their personal data. Residents will have the right, subject to certain exceptions, to request that data errors be corrected, to withdraw consent to continued processing and to deletion of their data. Residents…

Trade Secrets & Employee Mobility

Formal Insider Threat Risk Assessment Program Best Addresses Employee Threats to Critical Technologies

By Brian G. Cesaratto & Robert J. Hudock

July 18, 2018

We published an article with NYSBA Labor and Employment Law Journal, titled “Employee Threats to Critical Technologies Are Best Addressed Through a Formalized Insider Threat Risk Assessment Process and Program.” With the New York State Bar Association’s permission, we have linked it here.…

Technology Employment Law

Formal Insider Threat Risk Assessment Program Best Addresses Employee Threats to Critical Technologies

By Brian G. Cesaratto & Robert J. Hudock

July 18, 2018

Technology Employment Law

Model Cyber Security Law Pending Final Action by National Association of Insurance Commissioners

By Brian G. Cesaratto

October 19, 2017

It is highly likely that the National Association of Insurance Commissioners (“NAIC”) will adopt a model data cyber security law premised largely on the New York State Department of Financial Services (“NYSDFS”) cyber security regulations. Recently, we discussed the NYSDFS’ proposed extension of its cyber security regulations to credit reporting agencies in the wake of the Equifax breach. New York Governor Andrew Cuomo has announced, “The Equifax breach was a wakeup call and with this…

Trade Secrets & Employee Mobility

Model Cyber Security Law Pending Final Action By National Association of Insurance Commissioners

By Brian G. Cesaratto

October 19, 2017

Brian G. Cesaratto

The New York State “Stop Hacks and Improve Electronic Data Security Act” (SHIELD Act) Becomes Effective March 21, 2020: Is Your Organization Ready to Achieve Compliance?

New York Joins the Wave of States Requiring Businesses to Adopt Reasonable Cybersecurity Safeguards to Protect Private Information

Proposed Amendment to California Consumer Privacy Act (CCPA) Reaffirms Employer Notice Requirement and Employee Private Right of Action for Failure to Implement Cybersecurity Safeguards to Take Effect January 1, 2020

Recent Indictment of Anthem Hackers Serves as a Reminder of the Importance of Rigorous Workforce Cybersecurity Training, Incident Response Plans and Formalized Security Programs

Harden Your Organization’s Domain Name System (DNS) Security to Protect Against Damaging Data Loss and Insider Threat

Washington State Considers Comprehensive Data Privacy Act to Protect Personal Information

Formal Insider Threat Risk Assessment Program Best Addresses Employee Threats to Critical Technologies

Formal Insider Threat Risk Assessment Program Best Addresses Employee Threats to Critical Technologies

Model Cyber Security Law Pending Final Action by National Association of Insurance Commissioners

Model Cyber Security Law Pending Final Action By National Association of Insurance Commissioners

Stay Connected

Company

Support

New to the Network