This is not a good practice because it prints the stack trace to the standard error, which is usually the console. This can lead to the leaking of sensitive information such as file paths, server IPs, and other system information.
It's also not flexible in terms of output format and destination. Instead, use a logger to log the exception. This way, the control of the level of logging and it's also more flexible in terms of output format and destination.
public static <T> T deserialize(@NotNull final byte[] data, final Class<T> clazz) {
try {
ByteArrayInputStream in = new ByteArrayInputStream(data);
ObjectInputStream is = new ObjectInputStream(in);
Object readObject = is.readObject();
return clazz.isInstance(readObject)
? (T) readObject : null;
} catch (IOException e) {
throw new UncheckedIOException(e);
} catch (ClassNotFoundException e) {
LOGGER.log(Level.SEVERE, "Deserialization failed", e);
}
return null;
}