Attorney Brian Cesaratto focuses his practice on cybersecurity and data privacy, electronic data misappropriation, breach and forensics, technology and software licensing agreements, artificial intelligence, internal and law enforcement investigations, and litigation.

Brian has a deep understanding of computer processes and systems, enabling him to provide clients with understandable and practical legal guidance as they navigate a rapidly evolving and complex data-driven world. He is a Certified Information Systems Security Professional (CISSP), an information technology security audit certification awarded by the International Information Systems Security Certification Consortium. He is also a Certified Ethical Hacker (CEH), a certification awarded by EC-Council, the world's largest cybersecurity technical certification body.

Brian provides advice and training to develop and maintain effective information security and data privacy programs for financial services, logistics, consumer, legal, educational, health care, life sciences, technology, software, and other companies/providers that comply with security and data privacy laws, regulations, and standards, including GDPR, HITECH, HIPAA, NIST, and various other federal and state requirements including the New York State Stop Hacks and Improve Electronic Data Security Act (SHIELD ACT) and Department of Financial Services cybersecurity regulations. Brian provides targeted legal advice grounded in his technical information security background and experience to improve clients’ cybersecurity and data privacy programs, policies, and procedures and to improve their capabilities to respond to security incidents and data breaches.

Read more

In his practice, Brian has:

  • Provided legal advice on preventing cybersecurity and data privacy issues
  • Conducted cybersecurity and data privacy risk assessments
  • Assisted clients with developing and implementing information security and data privacy management programs, including insider threat programs and security incident response plans
  • Investigated complex cybersecurity incidents and data breaches
  • Defended clients in regulatory investigations and litigation involving large data breaches
  • Provided cybersecurity workforce training in light of emerging cyber threats
  • Assisted clients with the complexity of issues involving the handling of electronically stored information (ESI) on their networks and e-discovery obligations and litigated those issues
  • Advised clients in the negotiation of software licensing, cybersecurity, technology, and artificial intelligence-related agreements, including SaaS, Service Level Agreements (SLAs), and third-party vendor agreements
  • Advised clients on data protection agreements and addendums
  • Conducted internal investigations into misappropriation and breach of proprietary information and financial misconduct
  • Provided legal advice to organizations concerning electronic data misappropriation and computer forensics, including the use of forensic software in workplace and security incident investigations
  • Represented targets of internal, regulatory, and criminal investigations and prosecutions
  • Conducted cybersecurity, data privacy, and data rights due diligences in major corporate transactions
  • Advised health, financial services, and ecommerce clients on website tracking technologies, including use of cookies and pixels, and defended clients against wiretapping and invasion of privacy claims related to their use
  • Provided legal advice on a wide range of technology, commercial, compliance, unfair competition, and personnel issues
  • Litigated all aspects of commercial and employment-related lawsuits up to and through trial, including business disputes, employment litigation and whistleblowing, and theft of trade secrets/confidential information

Brian speaks and writes frequently on cybersecurity and data privacy topics. He is a regular contributor to Epstein Becker Green’s blogs, including the Commercial Litigation Update, Health Law Advisor, and Workforce Bulletin.

Brian draws on a diverse legal background that includes private practice with national law firms, lengthy solo practice, and serving as an Assistant District Attorney in Bronx County, New York, where he directed investigations into financial fraud, identity theft, theft of intellectual property, credit card fraud, and consumer fraud. In addition to his CISSP and CEH certifications, he has completed extensive training courses in computer forensics software, including recovery of deleted electronic documents and indicia of unauthorized data transfer.

Read less

Focus Areas



  • BTI Client Service All-Star (2022)



  • Columbia University School of Law (J.D.)
    • Harlan Fiske Stone Scholar (2 years)
  • St. Lawrence University (B.A., cum laude)
    • Phi Beta Kappa

Bar Admissions

Court Admissions

Information Security

  • Certified Information Systems Security Professional (CISSP) (ISC2)
  • Certified Ethical Hacker (CEH) (EC-Council)





Jump to Page

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.