Attorney Brian Cesaratto focuses his practice on cybersecurity and data privacy, computer and electronic data misappropriation, breach and forensics, technology agreements and software licensing, internal and law enforcement investigations, and litigation.
Brian is a Certified Information Systems Security Professional (CISSP). He was awarded this information technology security audit certification by the International Information Systems Security Certification Consortium. He is a Certified Ethical Hacker (CEH), a certification awarded by EC-Council, the world’s largest cyber security technical certification body.
Brian provides advice and training to develop and maintain effective information security and data privacy programs for financial services, logistics, consumer, legal, educational, health care, technology, software, and other companies/providers that comply with security and data privacy laws, regulations, and standards, including GDPR, HITECH, HIPAA, NIST, and various other federal and state requirements including the New York State Stop Hacks and Improve Electronic Data Security Act (SHIELD ACT) and Department of Financial Services cybersecurity regulations. Brian provides targeted practical legal advice grounded in his technical information security background and experience to improve clients’ cybersecurity and data privacy programs, policies, and procedures, and to improve their capabilities to respond to security incidents and data breaches.
In his practice, Brian has:
- Provided legal advice on preventing cybersecurity and data privacy issues
- Conducted cybersecurity and data privacy risk assessments
- Assisted clients with developing and implementing information security management programs, including insider threat programs and security incident response plans
- Investigated complex cybersecurity incidents and data breaches
- Assisted clients with the complexity of issues involving the handling of electronically stored information (ESI) on their networks and e-discovery obligations and litigated those issues
- Advised clients in the negotiation of software licensing, cybersecurity, and technology related agreements, including SaaS, Service Level Agreements (SLAs), and third-party vendor agreements
- Conducted internal investigations into misappropriation and breach of proprietary information and financial misconduct
- Provided legal advice to organizations concerning electronic data misappropriation and computer forensics, including use of forensic software in workplace and security incident investigations
- Represented targets of internal, regulatory, and criminal investigations and prosecutions
- Provided legal advice on a wide range of technology, commercial, compliance, unfair competition, and personnel issues
- Litigated all aspects of commercial and employment related lawsuits up to and through trial, including business disputes, employment litigation and whistleblowing, and theft of trade secrets/confidential information
Brian speaks and writes frequently on cybersecurity and data privacy topics. He is a contributor to Epstein Becker Green’s blogs, including the Commercial Litigation Update and Workforce Bulletin.
Brian draws on a diverse legal background that includes private practice with national law firms, lengthy solo practice, and serving as an Assistant District Attorney in Bronx County, New York, where he directed investigations into financial fraud, identity theft, theft of intellectual property, credit card fraud, and consumer fraud. In addition to his CISSP and CEH certifications, he has completed extensive training courses in computer forensics software, including recovery of deleted electronic documents and indicia of unauthorized data transfer.