Posts tagged Brian G. Cesaratto.
Blogs
Clock less than a minute

As featured in #WorkforceWednesdayThis week, we’re breaking down the California Privacy Protection Agency (CPPA) Board’s new regulations impacting employers:

Last month, the CPPA Board met to discuss several new regulations that could impact employers in California and beyond. Among them were draft regulations for automated decision-making technology, an initiative that’s part of a larger trend across the country to regulate the use of technology in the workplace. Additionally, new cybersecurity audit regulations were discussed. Epstein Becker Green attorneys Nathaniel Glasser and Brian G. Cesaratto explain these new draft regulations and the potential impacts on employers.

Blogs
Clock 6 minute read

On July 13, 2023, the White House issued the first iteration of its National Cybersecurity Strategy Implementation Plan (the “Implementation Plan”), which will be updated annually. The two overarching goals of the Implementation Plan are to address the need for more capable actors in cyberspace to bear more of the responsibility for cybersecurity and to increase incentives to make investments in long-term resilience. The Implementation Plan is structured around the five pillars laid out in the White House’s National Cybersecurity Strategy earlier this year, namely: (1) defend critical infrastructure; (2) disrupt and dismantle threat actors; (3) shape market forces to drive security and resilience; (4) invest in a resilient future; and (5) forge international partnerships to pursue shared goals. The Implementation Plan identifies strategic objectives and high-impact cybersecurity initiatives under each pillar and designates the federal agency responsible for leading the initiative to meet each objective. The following summarizes some of the key initiatives included in the Implementation Plan that will directly impact critical infrastructure organizations, including healthcare, energy, manufacturing, information technology and financial services.

Blogs
Clock 2 minute read

As featured in #WorkforceWednesday This week, we’re taking a closer look at ChatGPT, exploring the opportunities and risks associated with this artificial intelligence (AI) technology, and providing valuable insights for employers who are looking to stay ahead of the curve:

ChatGPT is set to become the next big thing for employers and beyond. What potential issues should employers be aware of? Epstein Becker Green attorney Brian G. Cesaratto explains how critical it is for employers to think through the workplace-related risks.

Blogs
Clock 7 minute read

A recently discovered security vulnerability potentially affecting at least 100 million Internet of Things (“IoT”) devices[1] highlights the importance of the newly enacted IoT Cybersecurity Improvement Act of 2020 (the “IoT Act”). Researchers at the security firms Forescout Research Labs and JSOF Research Labs have jointly published a report detailing a security vulnerability known as “NAME:WRECK.” This is exactly the type of issue that the new IoT Act was and is designed to address at the governmental level, because the vulnerability can detrimentally affect ...

Blogs
Clock 8 minute read

Enacted on December 4, 2020, the Internet of Things Cybersecurity Improvement Act of 2020 (the “IoT Act”) is expected to dramatically improve the cybersecurity of the ubiquitous IoT devices.[1] With IoT devices on track to exceed 21.5 billion by 2025, the IoT Act mandates cybersecurity standards and guidelines for the acquisition and use by the federal government of IoT devices capable of connecting to the Internet. The IoT Act, and the accompanying standards and guidance being developed by the National Institute of Standards and Technology (NIST) will directly affect ...

Blogs
Clock less than a minute

As featured in #WorkforceWednesday: As the uncertainty with the COVID-19 pandemic continues, many employers are considering extended or permanent work-from-home (WFH) models. Attorneys Brian G. Cesaratto and Shawndra G. Jones share some tips for employers on cybersecurity and other issues to consider when implementing extended WFH models.

Video: YouTubeVimeoMP4Instagram.

Blogs
Clock 9 minute read

Many more millions of employees have been working remotely as a result of the devastating COVID-19 virus than ever before.  There is likely no going back.  Employers have been relying on a remote workforce by necessity in the short term and are realizing that in the long term they can operate efficiently and productively with their staff largely out of the office.  The public health risks will, for the foreseeable future, be the driver both on employers’ need for a remote workforce to achieve continuity of operations and employees’ demand for a safer work location.  The increased ...

Blogs
Clock 2 minute read

On March 10, 2020, the New York Department of Financial Services (“DFS”), which regulates a wide variety of financial institutions, including banks, insurance companies, and investment advisors doing business in New York, issued a series of letters regarding the response to the Novel Coronavirus (“COVID-19”).   In addition to providing guidance, DFS has asked all regulated financial institutions to provide “assurance” that they have plans to address the operational and financial risks associated with COVID-19.  A copy of the letter to regulated financial ...

Blogs
Clock 3 minute read

Time is running out. The effective date of New York’s cybersecurity law mandating that organizations implement an information security program to protect “private information” of New York State residents, including employee and consumer data, is now only 45 days away. New York’s law requires the implementation of a cybersecurity program, including reasonable protective measures such as risk assessments, workforce training and incident response planning and testing. Businesses should immediately take steps to comply with the Act’s requirements effective March ...

Blogs
Clock 4 minute read

New York is the latest state to adopt a law that requires businesses that collect private information on its residents to implement reasonable cybersecurity safeguards to protect that information. New York now joins California, Massachusetts and Colorado in setting these standards. New York’s law mandates the implementation of a data security program, including measures such as risk assessments, workforce training and incident response planning and testing. Businesses should immediately begin the process to comply with the Act’s requirements effective March 21, 2020 ...

Blogs
Clock 3 minute read

The recently proposed amendment to the California Consumer Privacy Act (CCPA) should be a wake up call to those employers who are not already actively planning for the January 1, 2020 compliance deadline.

The amendment reaffirms that employers must (i) provide employees with notice of the categories of personal information collected and the purposes for which the information shall be used at or before collection; and (ii) implement reasonable cybersecurity safeguards to protect certain employee personal information or risk employee lawsuits, including class actions seeking ...

Blogs
Clock 5 minute read

On May 9, 2019, the United States Department of Justice announced the indictment of two Chinese Nationals as members of a sophisticated hacking group responsible for the hack of Anthem, Inc. and other unnamed U.S. based large technology, communications and basic materials companies. The hack resulted in the breach of personally identifiable information of over 78 million individuals held by Anthem and the theft of confidential business information from the victimized organizations. The indictment provides a roadmap to advanced hacking attacks regularly faced by technology ...

Blogs
Clock 9 minute read

Technology, media, and telecommunications organizations are at the forefront of tackling new challenges in handling employee information and managing employee populations. As legislatures (from the federal level down to states and cities) address how technology impacts today’s new workforce, employers must grapple with changes in managing data—from privacy concerns to the use of artificial intelligence in employment matters—and keeping workers happy, including dealing with wage increases, the rise in union activity, and contingent workers in the #MeToo era. A changing workplace landscape requires creative thinking and outside-the-box solutions.

Blogs
Clock 2 minute read

Washington State is considering sweeping legislation (SB 5376) to govern the security and privacy of personal data similar to the requirements of the European Union’s General Data Protection Regulation (“GDPR”). Under the proposed legislation, Washington residents will gain comprehensive rights in their personal data. Residents will have the right, subject to certain exceptions, to request that data errors be corrected, to withdraw consent to continued processing and to deletion of their data. Residents may require an organization to confirm whether it is processing ...

Blogs
Clock 8 minute read

There is a visceral and palpable dynamic emerging in global workplaces: tension.

Tension between what is potentially knowable—and what is actually known.   Tension between the present and the future state of work.  Tension between what was, is, and what might become (and when).  Tension between the nature, function, and limits of data and technology.

The present-future of work is being shaped daily, dynamically, and profoundly by a host of factors—led by the exponential proliferation of data, new technologies, and artificial intelligence (“AI”)—whose impact cannot be understated.  Modern employers have access to an unprecedented amount of data impacting their workforce, from data concerning the trends and patterns in employee behaviors and data concerning the people analytics used in hiring, compensation, and employee benefits, to data that analyzes the composition of the employee workforce itself.  To be sure, AI will continue to disrupt how virtually every employer views its human capital model on an enterprise basis. On a micro level, employers are already analyzing which functions or groups of roles might be automated, augmented, or better aligned to meet their future business models.

And, yet, there is an equal, counterbalancing force at play—the increased demand for accountability, transparency, civility, and equity.  We have already seen this force playing out in real time, most notably in the #MeToo, pay equity, and data privacy and security movements.  We expect that these movements and trends will continue to gain traction and momentum in litigation, regulation, and international conversation into 2019 and beyond.

We have invited Epstein Becker Green attorneys from our Technology, Media & Telecommunications (“TMT”) service team to reflect and opine on the most significant developments of the year.  In each, we endeavor to provide practical insights to enable employers to think strategically through these emergent tensions and business realities—to continue to deliver value to their organizations and safeguard their goodwill and reputation.

Blogs
Clock less than a minute

Join Epstein Becker Green attorneys, Brian G. Cesaratto and Brian E. Spang, for a discussion of how employers can best protect their critical technologies and trade secrets from employee and other insider threats. Topics to be discussed include:

  • Determining your biggest threat by using available data
  • What keeps you up at night?
  • Foreseeing the escalation in risk, from insider and cyber threats to critical technologies
  • New protections and remedies under the Trade Secret Protection Act of 2014
  • Where are your trade secrets located, and what existing protections are in place?
  • What ...
Blogs
Clock less than a minute

We published an article with NYSBA Labor and Employment Law Journal, titled “Employee Threats to Critical Technologies Are Best Addressed Through a Formalized Insider Threat Risk Assessment Process and Program.” With the New York State Bar Association's permission, we have linked it here.

Blogs
Clock 3 minute read

It is highly likely that the National Association of Insurance Commissioners (“NAIC”) will adopt a model data cyber security law premised largely on the New York State Department of Financial Services (“NYSDFS”) cyber security regulations.  Recently, we discussed the NYSDFS’ proposed extension of its cyber security regulations to credit reporting agencies in the wake of the Equifax breach.  New York Governor Andrew Cuomo has announced, “The Equifax breach was a wakeup call and with this action New York is raising the bar for consumer protections that we hope will be ...

Blogs
Clock 2 minute read

New York State has issued proposed regulations extending existing regulations requiring banks and other financial institutions to have in place a comprehensive cybersecurity program to credit reporting agencies.  Governor Mario Cuomo announced that “The Equifax breach was a wakeup call and with this action New York is raising the bar for consumer protections that we hope will be replicated across the nation.”

Under the proposed regulations, every consumer reporting agency that assembles, evaluates or maintains a consumer credit report on NYS consumers must register with ...

Blogs
Clock less than a minute

Employers across all industries are deep in the midst of exciting but unchartered and fluid times. Rapid and unforeseen technological advancements are largely responsible for this dynamic. And while there is a natural tendency to embrace their novelty and potential, the reality is that these advancements are often outpacing our regulatory environment, our bedrock legal constructs, and, in some cases, challenging the traditional notions of work itself.

For employers, this presents numerous challenges and opportunities—from the proper design of the portfolio of the modern ...

Blogs
Clock 2 minute read

Human Resources and Payroll should advise employees in their departments to be on the lookout for the latest tax season phishing scam designed to steal employees’ tax related information and social security numbers. Given the regular frequency of these types of attacks, employers should be taking appropriate steps to safeguard employee Personally Identifiable Information (“PII”).  At a minimum, Human Resources should have in place written policies regarding the handling of employee PII and provide training designed to protect employee PII against a data breach.  Because ...

Search This Blog

Blog Editors

Recent Updates

Related Services

Topics

Archives

Jump to Page

Subscribe

Sign up to receive an email notification when new Workforce Bulletin posts are published:

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.