Overview
Attorney Brian Cesaratto focuses his practice on cybersecurity and data privacy, electronic data misappropriation, breach and forensics, technology and software licensing agreements, artificial intelligence, internal and law enforcement investigations, and litigation.
Brian has a deep understanding of computer processes and systems, enabling him to provide clients with understandable and practical legal guidance as they navigate a rapidly evolving and complex data-driven world. He is a Certified Information Systems Security Professional (CISSP), an information technology security audit certification awarded by the International Information Systems Security Certification Consortium. He is also a Certified Ethical Hacker (CEH), a certification awarded by EC-Council, the world's largest cybersecurity technical certification body.
Brian provides advice and training to develop and maintain effective information security and data privacy programs for financial services, logistics, consumer, legal, educational, health care, life sciences, technology, software, and other companies/providers that comply with security and data privacy laws, regulations, and standards, including GDPR, HITECH, HIPAA, NIST, and various other federal and state requirements including the New York State Stop Hacks and Improve Electronic Data Security Act (SHIELD ACT) and Department of Financial Services cybersecurity regulations. Brian provides targeted legal advice grounded in his technical information security background and experience to improve clients’ cybersecurity and data privacy programs, policies, and procedures and to improve their capabilities to respond to security incidents and data breaches.
In his practice, Brian has:
- Provided legal advice on preventing cybersecurity and data privacy issues
- Conducted cybersecurity and data privacy risk assessments
- Assisted clients with developing and implementing information security and data privacy management programs, including insider threat programs and security incident response plans
- Investigated complex cybersecurity incidents and data breaches
- Defended clients in regulatory investigations and litigation involving large data breaches
- Provided cybersecurity workforce training in light of emerging cyber threats
- Assisted clients with the complexity of issues involving the handling of electronically stored information (ESI) on their networks and e-discovery obligations and litigated those issues
- Advised clients in the negotiation of software licensing, cybersecurity, technology, and artificial intelligence-related agreements, including SaaS, Service Level Agreements (SLAs), and third-party vendor agreements
- Advised clients on data protection agreements and addendums
- Conducted internal investigations into misappropriation and breach of proprietary information and financial misconduct
- Provided legal advice to organizations concerning electronic data misappropriation and computer forensics, including the use of forensic software in workplace and security incident investigations
- Represented targets of internal, regulatory, and criminal investigations and prosecutions
- Conducted cybersecurity, data privacy, and data rights due diligences in major corporate transactions
- Advised health, financial services, and ecommerce clients on website tracking technologies, including use of cookies and pixels, and defended clients against wiretapping and invasion of privacy claims related to their use
- Provided legal advice on a wide range of technology, commercial, compliance, unfair competition, and personnel issues
- Litigated all aspects of commercial and employment-related lawsuits up to and through trial, including business disputes, employment litigation and whistleblowing, and theft of trade secrets/confidential information
Brian speaks and writes frequently on cybersecurity and data privacy topics. He is a regular contributor to Epstein Becker Green’s blogs, including the Commercial Litigation Update, Health Law Advisor, and Workforce Bulletin.
Brian draws on a diverse legal background that includes private practice with national law firms, lengthy solo practice, and serving as an Assistant District Attorney in Bronx County, New York, where he directed investigations into financial fraud, identity theft, theft of intellectual property, credit card fraud, and consumer fraud. In addition to his CISSP and CEH certifications, he has completed extensive training courses in computer forensics software, including recovery of deleted electronic documents and indicia of unauthorized data transfer.
Read less
Focus Areas
Services
- Artificial Intelligence
- Commercial and Contract Litigation
- Cross-Border Data Transfers
- Cybersecurity Risk Assessment
- Data Asset Management
- Data Breach and Incident Response
- Data Breach/Cybersecurity Investigations & Litigation
- Data Protection
- Employment Litigation
- Employment, Labor & Workforce Management
- Insider Threats
- Internet of Things (IoT)
- Privacy Compliance Strategies
- Privacy, Cybersecurity & Data Asset Management
- Ransomware
- State Privacy Law Compliance
- Trade Secrets & Employee Mobility
- White Collar Defense and Internal Investigations
- Workplace Investigations
Experience
Recognition
- BTI Client Service All-Star (2022)
Credentials
Education
- Columbia University School of Law (J.D.)
- Harlan Fiske Stone Scholar (2 years)
- St. Lawrence University (B.A., cum laude)
- Phi Beta Kappa
Bar Admissions
- New Jersey
- New York
Court Admissions
- Supreme Court of the United States
- U.S. Court of Appeals for the Third Circuit
- U.S. District Court, District of New Jersey
- U.S. District Court, Eastern District of New York
- U.S. District Court, Southern District of New York
Information Security
- Certified Information Systems Security Professional (CISSP) (ISC2)
- Certified Ethical Hacker (CEH) (EC-Council)
Events
Past Events
- June 17 and 21, 2024
Media
Insights
Insights
- BlogsRecent Developments in Health Care Cybersecurity and Oversight: 2024 Wrap Up and 2025 Outlook6 minute read
- BlogsOCR Withdraws Appeal of District Court Order Declaring Unlawful and Vacating the “Proscribed Combination” Portion of ...4 minute read
- BlogsDeepfakes: Why Executive Teams Should Prepare for the Cybersecurity and Fraud Risks6 minute read
- BlogsPreparing for the Cybersecurity and Fraud Risks of Deepfakes: What Executive Teams Need to Know6 minute read
- BlogsWhy Executive Teams Should Prepare for the Cybersecurity and Fraud Risks of Deepfakes6 minute read
- Media CoverageBrian Cesaratto Quoted in “New Jersey Legislation to Watch: A Midyear Report”3 minute read
- BlogsRevised OCR Guidance Provides New Examples, but Raises More Questions, Regarding Use of Online Tracking Technologies by ...8 minute read
- BlogsNew Jersey Passes Comprehensive Consumer Privacy Law10 minute read
- BlogsNew Jersey Becomes Most Recent State to Sign a Comprehensive Consumer Privacy Law10 minute read
- BlogsCalifornia Privacy Protection Agency Grapples with Cybersecurity Audit, Risk Assessment, Automated Decisionmaking ...7 minute read
- PublicationsUSA: Future of Cybersecurity Law and Regulation2 minute read
- BlogsNew York Aims to Bolster Hospital Cybersecurity with Imminent Release of Proposed Regulations3 minute read
- Media CoverageBrian Cesaratto Quoted in “Best Practices for Detecting and Managing Fraud”3 minute read
- BlogsSEC Adopts Final Cybersecurity Reporting Rule7 minute read
- BlogsSEC Finalizes Cybersecurity Rule: What It Means7 minute read
- BlogsThe California Attorney General and the California Privacy Protection Agency Are Accelerating Enforcement on CCPA/CPRA ...6 minute read
- BlogsWhite House Releases National Cybersecurity Strategy Implementation Plan7 minute read
- BlogsWhite House Releases National Cybersecurity Strategy Implementation Plan7 minute read
- BlogsFTC Brings Enforcement Action Under FTC Act and Health Breach Notification Rule Based on GoodRx’s Use of Advertising ...5 minute read
- BlogsCalifornia Privacy Protection Agency Board Adopts and Approves CCPA Regulations and Discusses Preliminary Rulemaking for ...3 minute read
- BlogsFTC Brings Enforcement Action Under FTC Act and Health Breach Notification Rule Based on GoodRx’s Use of Advertising ...5 minute read
- BlogsCalifornia Privacy Protection Agency Board Adopts and Approves CCPA Regulations and Discusses Preliminary Rulemaking for ...3 minute read
- BlogsHHS Warns HIPAA Covered Entities and Business Associates That Use of Website Cookies, Pixels, and Other Tracking Technology ...6 minute read
- PublicationsTwitter Whistleblower Claim Is Cautionary Tale for Employers2 minute read
- BlogsNo More Exceptions: What to Do When the California Privacy Exemptions for Employee, Applicant and B2B Data Expire on January ...7 minute read
- BlogsNo More Exceptions: What to Do When the California Privacy Exemptions for Employee, Applicant and B2B Data Expire ...7 minute read
- PublicationsUSA: Employee Monitoring and Regulatory Frameworks for Keylogging Technology2 minute read
- BlogsA Recently-Released “Discussion Draft” of the “American Data Privacy and Protection Act” Provides Insight into ...6 minute read
- BlogsTime’s Up: Electronic Monitoring Notice Requirements for New York Employers Take Effect This Week1 minute read
- BlogsPresident Biden Signs into Law the Cyber Incident Reporting Act, Imposing Reporting Requirements for Cyber Incidents and ...7 minute read
- BlogsPresident Biden Signs into Law Federal Reporting Requirements for Cyber Incidents and Ransomware Payments7 minute read
- BlogsPresident Biden Signs into Law the Cyber Incident and Reporting Act, Mandating Reporting of Cyber Incidents and Ransomware ...7 minute read
- BlogsCISA Encourages “Shields Up” to Protect Operations and Workers as Cyber War Ramps Up7 minute read
- BlogsCookies Resulting in Cross Border Transfers of Personal Data to the United States Draw Scrutiny from European Data Privacy ...7 minute read
- BlogsCISA Encourages “Shields Up” to Protect Organizations as Cyber War Ramps Up in Ukraine7 minute read
- BlogsCookies Resulting in Cross Border Data Transfers to the United States Draw Scrutiny from European Data Privacy Regulators ...7 minute read
- BlogsCISA Encourages “Shields Up” to Protect Operations and Workers as Cyber War Ramps Up7 minute read
- Firm Announcements
Epstein Becker Green’s Brian Cesaratto and Francesco DeLuca Named 2022 BTI Client Service All-Stars
3 minute read - PublicationsNew York Will Require Employers to Provide Notice of Email and Other Electronic Employee Monitoring2 minute read
- PublicationsMonitoring Employee Email or Other Electronic Usage: New York Will Require Employers to Provide Notice8 minute read
- BlogsFTC Warns That Health Apps May Be Subject to the Health Breach Notification Rule6 minute read
- PublicationsUpdates on Biometrics in the Workplace: Scanning the Legal Landscape in New York and Beyond20 minute read
- BlogsIn the Wake of Solar Winds Compromise, CISA and NIST Issue Guidance for Preventing, Defending, and Mitigating Software ...6 minute read
- Blogs“NAME:WRECK” Cybersecurity Vulnerability Highlights Importance of Newly Issued IoT Act8 minute read
- BlogsNew Internet of Things (IoT) Cybersecurity Law’s Far Reaching Impacts9 minute read
- PublicationsUnemployment Insurance Fraud: What to Do When It Strikes Your Business and Workers11 minute read
- BlogsBusinesses Should Begin Assessing Their Data Practices in Order to Meet the California Privacy Rights Act Requirements ...13 minute read
- PublicationsComplying with Enhanced Cybersecurity Safeguards in California2 minute read
- BlogsOrganizations Should Plan in 2021 to Comply with the California Privacy Rights Act’s Enhanced Cybersecurity Safeguards ...12 minute read
- BlogsHITECH Act Amendment Incentivizes Adoption of NIST and Other Recognized Cybersecurity Safeguards as a Defense or ...4 minute read