Jason C. Gavejian

Photo of Jason C. Gavejian

Jason C. Gavejian is a Principal in the Morristown, New Jersey, office of Jackson Lewis P.C. and a Certified Information Privacy Professional (CIPP/US) with the International Association of Privacy Professionals.

As a Certified Information Privacy Professional (CIPP/US), Mr. Gavejian focuses on the matrix of laws governing privacy, security, and management of data. Mr. Gavejian is Co-Editor of, and a regular contributor to, the firm’s Workplace Privacy, Data Management & Security Report blog.

Mr. Gavejian's work in the area of privacy and data security includes counseling international, national, and regional companies on the vast array of privacy and security mandates, preventive measures, policies, procedures, and best practices. This includes, but is not limited to, the privacy and security requirements under state, federal, and international law (e.g., HIPAA/HITECH, GDPR, California Consumer Privacy Act (CCPA), FTC Act, ECPA, SCA, GLBA etc.). Mr. Gavejian helps companies in all industries to assess information risk and security as part of the development and implementation of comprehensive data security safeguards including written information security programs (WISP). Additionally, Mr. Gavejian assists companies in analyzing issues related to: electronic communications, social media, electronic signatures (ESIGN/UETA), monitoring and recording (GPS, video, audio, etc.), biometrics, and bring your own device (BYOD) and company owned personally enabled device (COPE) programs, including policies and procedures to address same. He regularly advises clients on compliance issues under the Telephone Consumer Protection Act (TCPA) and has represented clients in suits, including class actions, brought in various jurisdictions throughout the country under the TCPA.

Mr. Gavejian represents companies with respect to inquiries from the HHS/OCR, state attorneys general, and other agencies alleging wrongful disclosure of personal/protected information. Mr. Gavejian negotiates vendor agreements and other data privacy and security agreements, including business associate agreements. His work in the area of privacy and data security includes counseling and coaching clients through the process of investigating and responding to breaches of the personally identifiable information (PII) or protected health information (PHI) they maintain about consumers, customers, employees, patients, and others, while also assisting clients in implementing policies, practices, and procedures to prevent future data incidents.

Mr. Gavejian represents management exclusively in all aspects of employment litigation, including restrictive covenants, class-actions, harassment, retaliation, discrimination, and wage and hour claims in both federal and state courts. Mr. Gavejian regularly appears before administrative agencies, including the Equal Employment Opportunity Commission (EEOC), the Office for Civil Rights (OCR), the New Jersey Division of Civil Rights, and the New Jersey Department of Labor. Mr. Gavejian's practice also focuses on advising/counseling employers regarding daily workplace issues.

Mr. Gavejian’s litigation experience, coupled with his privacy practice, provides him with a unique view of many workplace issues and the impact privacy, data security, and social media may play in actual or threatened lawsuits.

Mr. Gavejian regularly provides training to both executives and employees and regularly speaks on current privacy, data security, monitoring, recording, BYOD/COPE, biometrics (BIPA), social media, TCPA, and information management issues. His views on these topics have been discussed in multiple publications, including the Washington Post, Chicago Tribune, San Francisco Chronicle (SFGATE), National Law Review, Bloomberg BNA, Inc.com, @Law Magazine, Risk and Insurance Magazine, LXBN TV, Business Insurance Magazine, and HR.BLR.com.

Mr. Gavejian is the Co-Chair of Jackson Lewis’ Hispanic Attorney Resource Group, a group committed to increasing the firm’s visibility among Hispanic-American and other minority attorneys, as well as mentoring the firm's attorneys to assist in their training and development. Mr. Gavejian also previously served on the National Leadership Committee of the Hispanic National Bar Association (HNBA) and regularly volunteers his time for pro bono matters.

Prior to joining Jackson Lewis, Mr. Gavejian served as a judicial law clerk for the Honorable Richard J. Donohue on the Superior Court of New Jersey, Bergen County.

Firm/Organization: Jackson Lewis P.C.
Blogs: Employment Class and Collective Action Update, Workplace Privacy, Data Management & Security Report

Latest Articles

Late last year, the U.S. Supreme Court granted certiorari in PDR Network, LLC v. Carlton & Harris Chiropractic (No. 17-1705), addressing the issue of whether the Hobbs Act requires the district court to accept the Federal Communication Commission’s (FCC’s) legal interpretation of the Telephone Consumer Protection Act (TCPA). In 1991, Congress passed the TCPA to restrict telephone solicitations and use of automated telephone equipment, charging the FCC with interpretation and rulemaking authority over the Act.…
Privacy and cybersecurity risks continue to emerge for organizations large and small. While by no means exhaustive, we briefly discuss some key issues that organizations may need to focus on in 2019 and beyond. Business Email Compromise (BEC)/Email Account Compromise (EAC) – BEC and EAC attacks are widespread and show no sign of slowing in the coming year. An FBI Report from July 2018 stated that BEC attacks have resulted in a 136% increase in identified…
October 2018 marks the 15th annual National Cyber Security Awareness Month. In honor of this occasion, the Office of the National Coordinator for Health Information Technology (ONC) and the HHS Office for Civil Rights (OCR) have jointly launched an updated HIPAA Security Risk Assessment (SRA) Tool to help covered entities and business associates comply with the HIPAA Security Rule. But remember, the HIPAA Security Rule does not require a “one-size-fits-all” approach to security.…
On September 23, 2018, Governor Jerry Brown signed into law SB-1121 amending certain provisions of the California Consumer Privacy Act of 2018 (CCPA) which was enacted in June of this year. As we reported previously, CCPA will apply to any entity that does business in the State of California and satisfies one or more of the following: (i) annual gross revenue in excess of $25 million, (ii) alone or in combination, annually buys, receives…
A key issue for any business facing class action litigation in response to a data breach is whether the plaintiffs, particularly consumers, will have standing to sue. Standing to sue in a data breach class action suit, largely turns on whether plaintiffs establish that they have suffered an “injury-in-fact” resulting from the data breach. Plaintiffs in data breach class actions are often not able to demonstrate that they have suffered financial or other actual damages…
A key issue for any business facing class action litigation in response to a data breach is whether the plaintiffs, particularly consumers, will have standing to sue. Standing to sue in a data breach class action suit, largely turns on whether plaintiffs establish that they have suffered an “injury-in-fact” resulting from the data breach. Plaintiffs in data breach class actions are often not able to demonstrate that they have suffered financial or other actual damages…
Cybersecurity incidents are on the rise, and so too is data breach litigation brought by plaintiffs who allege they were harmed by the unauthorized exposure of their personal information. Federal circuits across the United States are grappling with the issue of what satisfies the Article III standing requirement in data breach litigation, when often only a “risk of future harm” exists. The United States Court of Appeals for the Fourth Circuit (“the Fourth Circuit”) is…
As we reported earlier this week, California legislature Democrats reached a tentative agreement with a group of consumer privacy activists spearheading a ballot initiative for heightened consumer privacy protections, in which the activists would withdraw the existing ballot initiative in exchange for the California legislature passing, and Governor Jerry Brown signing into law, a similar piece of legislation, with some concessions, by June 28th, the final deadline to withdraw ballot initiatives. And as agreed upon, yesterday,…
For the second consecutive year Virginia has amended its data breach notification law. In March 2017, in light of a warning issued by the IRS to all employers regarding the resurgence of a W-2 based cyber scam, Virginia Governor Terry McAuliffe approved, a first of its kind, amendment to Virginia’s data breach notification statute. The amendment required employers and payroll service providers to notify the Virginia Office of the Attorney General of “unauthorized access and…
On June 21st, California legislature Democrats reached a tentative agreement with a group of consumer privacy activists spearheading a ballot initiative for heightened consumer privacy protections, in which the activists would withdraw the the existing ballot initiative in exchange for the California legislature passing, and Governor Jerry Brown signing into law, a similar piece of legislation, with some concessions, by June 28th, the final deadline to withdraw ballot initiatives.  If enacted, the Act would take…