Cynthia is a highly regarded authority in the privacy and security field and a Certified Information Privacy Professional (CIPP). She handles the full range of data security issues for companies of all sizes, from start-ups to major corporations. Cynthia is masterful at conducting privacy audits; crafting procedures to protect data; advising clients on state, federal, and international laws and regulations on information use and data security; helping organizations respond to breaches; and planning data transfers associated with corporate transactions. She is an in-demand media commentator and speaker on privacy and cybersecurity issues.

Cynthia is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E).

She represents companies in information, communications, and technology, including e-commerce and other electronic transactions. She counsels clients through all stages of the “corporate lifecycle,” from start-ups through mid- and later-stage financings to IPO, and has broad experience in technology and business law, including online contracting issues, licensing, domain name issues, software development, and complex outsourcing transactions. She is also a key contributor to MintzEdge, an online resource for entrepreneurs that includes useful tools and information for starting and growing a company.

Cynthia has extensive experience in privacy, data security, and information management matters, including state, federal, and international laws and regulations on the use and transfer of information, behavioral advertising, data security breach compliance and incident response, data breach incident response planning, as well as data transfers in the context of mergers and acquisitions and technology transactions.

She conducts privacy audits and risk assessments to determine data and transaction flow and to assess privacy practices, and assists with drafting and implementation of privacy policies and information security policies and procedures and monitoring of privacy “best practices” across all levels of the enterprise.

She is a frequent speaker on privacy issues at conferences and media appearances and presents privacy awareness and compliance training seminars to client companies.

During law school, she was editor-in-chief of the Probate Law Journal.

The View from DC: Expansion of COPPA?

February 7, 2020 | Blog | By Christian Tamotsu Fjeld, Christopher Harvie, Cynthia Larose

Representative Kathy Castor (D-FL) has introduced the Protecting the Information of Our Vulnerable Children and Youth Act (PRIVCY ACT), which is a significant rewrite of the Children’s Online Privacy Protection Act (COPPA). In so doing, the bill expands the scope of COPPA’s protections and creates new enforcement mechanisms. The children advocacy groups, Common Sense Media and the Campaign for a Commercial-Free Childhood, have come out in public support of the bill, as has the privacy advocacy group, the Center for Digital Democracy.

February 4, 2020 | Blog | By Christopher Buontempo , Cynthia Larose

Aristotle first suggested that “nature abhors a vacuum,” meaning that where there is a void, the universe seeks to fill it. Although there has been some movement in Congress towards comprehensive federal privacy legislation states like California have taken up the gauntlet to fill the vacuum. We now have the California Consumer Privacy Act (CCPA) in force and expect to see other states take up similar laws this year.

January 31, 2020 | Blog | By Cynthia Larose

Now that the United Kingdom has officially withdrawn from the European Union as of January 31, you should look at your transfers of personal data in light of Brexit. Under the Withdrawal Agreement between the UK and the EU, EU law (including GDPR) will continue to apply to and in the UK during the transition period from January 31, 2020 to December 21, 2020.

January 29, 2020 | Blog | By Christian Tamotsu Fjeld, Christopher Harvie, Cynthia Larose

The House is taking a different approach to drafting a federal privacy bill. On December 18, Democratic and Republican staff for the House Energy & Commerce Committee released a bipartisan staff draft for circulation. The “staff” in “staff draft” is key – the document does not necessarily reflect the policy positions of Members, particularly committee Chairman Frank Pallone (D-NJ) and Ranking Member Greg Walden (R-OR).

January 28, 2020 | Blog | By Christian Tamotsu Fjeld, Christopher Harvie, Cynthia Larose

As 2020 gets underway, Congress will continue to deliberate on federal privacy legislation in the second session of the 116th Congress. The California Consumer Privacy Protection Act (CCPA) went into effect on January 1, and the state will begin enforcing the law on July 1. State Attorney General Xavier Becerra (D) is expected to release final regulations implementing CCPA within six months (although business certainly hopes sooner….).

January 10, 2020 | Blog | By Cynthia Larose

If you haven’t been paying attention to all the Microsoft warnings for the past year and your company is still running Windows 7, time’s up. After January 14, 2020, Microsoft will stop pushing out security updates to Windows 7 for free. You’ll still be able to run those Windows 7 systems, but they will be more susceptible to security problems and there will be no patches pushed out for these vulnerabilities.

December 23, 2019 | Blog | By Cynthia Larose

The short answer is “no”. The CCPA has a specific definition for “service provider” at Section 1798.140(v) – see our annotated version of the CCPA here – and it also requires a vendor to be bound by a written contract that prohibits it from retaining the personal information for “any purpose other than for the specific purpose of performing the services specified in the contract … or as otherwise permitted by this title” and more.

December 19, 2019 | Blog | By Cynthia Larose

Because the term “consumer” is so broad in the CCPA (remember: it’s any California resident), it would have applied to employee and job applicant data and all business contact information across the board. After much negotiation, the legislature enacted (and the Governor signed) two amendments dealing with this information. Until January 1, 2021, the CCPA will not apply to information collected about employees or job applicants, or in typical business-to-business (B2B) transactions by a business otherwise required to comply with CCPA.

December 18, 2019 | Blog | By Cynthia Larose

Unless you have been living off the grid for the past year, you likely know that we are now down to 13 days and counting to the effective date of the California Consumer Privacy Act (CCPA). We have received hundreds of questions and concerns from clients over the past few weeks in the preparations of compliance programs and thought we would share a question of the day (QOTD).

October 29, 2019 | Blog | By Cynthia Larose, Jennifer Rubin

The California Consumer Privacy Act becomes effective on January 1, 2020 with an amendment that impacts California employers. Covered businesses should, of course, already be in the process of preparing CCPA privacy notices and disclosures. And while the amendment carves out some of the direct CCPA provisions applicable to California employers, employee data – and how it is handled – should also be on every covered employers’ to do list.

Read less

The Best Lawyers in America 2025 Recognizes 184 Mintz Attorneys across 56 Practice Areas

August 15, 2024

187 Mintz attorneys have been recognized by Best Lawyers® in the 2025 edition of The Best Lawyers in America©. Notably, three Mintz attorneys received 2025 “Lawyer of the Year” awards, and 64 firm attorneys were included in the 2025 edition of Best Lawyers: Ones to Watch.

Mintz Privacy & Cybersecurity Chairs Named 2024 Go To Cybersecurity/Data Lawyers by Massachusetts Lawyers Weekly

June 24, 2024

One Hundred Twenty Mintz Attorneys Ranked as Leaders by Best Lawyers 2024

August 17, 2023

Mintz is pleased to announce that 120 firm attorneys have been recognized as leaders by Best Lawyers® in the 2024 edition of The Best Lawyers in America©.

What's Notable In Fla. Data Privacy Law Targeting Big Tech

June 23, 2023

Law360 published an article written by Privacy & Cybersecurity Chair Cynthia Larose, and Associates Michael Katz and Elana Lerner Brockman, which analyzes the Florida Digital Bill of Rights.

FTC And $391-Million State AG Case Put Location Data Enforcement On The Map

January 4, 2023

Massachusetts Lawyers Weekly Names Cynthia Larose a Go-To Lawyer for Cybersecurity/Data Privacy

October 31, 2022

Mintz is pleased to announce that Massachusetts Lawyers Weekly has recognized Cynthia Larose on its 2022 list of "Go To Cybersecurity/Data Privacy" lawyers.

First California Privacy Penalty Flags Consumer Data Sales Peril

August 26, 2022

One Hundred Eight Mintz Attorneys Ranked as Leaders by Best Lawyers 2023

August 18, 2022

Best Lawyers® recognized 108 firm attorneys in the 2023 edition of The Best Lawyers in America©. Notably, two Mintz attorneys – Poonam Patidar and Scott M. Stanton – received 2023 “Lawyer of the Year” awards, and 28 firm attorneys were included in the inaugural edition of Best Lawyers: Ones to Watch.

Five Mintz Attorneys Recognized as Client Service All-Stars by BTI

February 08, 2022

Québec’s Updated Privacy Law Complicates Cross-Border Data Flows

November 12, 2021

An article published by Bloomberg Law included commentary from Mintz Member and Chair of the firm's Privacy & Cybersecurity Practice Cynthia Larose on Québec’s updated privacy law, Bill 64, and its potential implications for U.S. businesses.

One Hundred Six Mintz Attorneys Ranked as Leaders by Best Lawyers 2022

August 19, 2021

Complying With NYC’s New Biometrics Law

August 17, 2021

In an article published by the Cybersecurity Law Report, Mintz Member and Chair of the firm’s Privacy & Cybersecurity Practice Cynthia Larose provided input on best practices for compliance with New York City’s new biometric data protection law, which affects commercial establishments – requiring signage and prohibiting the sale of biometric identifying information.

Mintz Advises Myriad Genetics in Sale of Pharmaceutical Research Services Business, Myriad RBM, to Q2 Solutions

May 25, 2021

Mintz Attorneys Recognized by JD Supra's 2021 Readers' Choice Awards

March 31, 2021

Small Companies Scramble on Microsoft Hack as Legal Threat Looms

March 12, 2021

Mintz Member and Chair of the firm’s Privacy & Cybersecurity Practice Cynthia Larose was quoted in an article published by Bloomberg Law on the legal implications of a hack of Microsoft’s Exchange email software for small and medium-sized organizations, which are unlikely to have the resources to handle the data breach quickly and effectively.

It’s Not Such a Breeze: Assessing Your Service Providers After SolarWinds

March 1, 2021

In light of the recent SolarWinds hack, Mintz Member Michael R. Graif and Member and Chair of the firm’s Privacy & Cybersecurity Practice Cynthia J. Larose co-authored an article published by the New York Law Journal examining diligence activities businesses can and should take when selecting third-party service providers, including ensuring compliance with the New York Stop Hacks and Improve Electronic Data Security (SHIELD) Act.

One Hundred Ten Mintz Attorneys Ranked as Leaders by Best Lawyers 2021

August 20, 2020

NY Cybersecurity Rules Pack Wallop In Enforcement Debut

August 19, 2020

An article published by Law360 included commentary from Mintz Member and Chair of the firm’s Privacy & Cybersecurity Practice Cynthia Larose on cybersecurity and compliance considerations for companies as the New York Department of Financial Services begins enforcement of the state’s novel cybersecurity rules.

Microsoft-TikTok Deal Would See Deadline Pressure, Privacy Risks

August 4, 2020

Mintz Member and Chair of the firm’s Privacy & Cybersecurity Practice Cynthia Larose was quoted in an article published by Bloomberg Law on regulatory concerns and privacy risks involved with Microsoft Corp.’s proposed acquisition of TikTok, as President Trump’s September 15 deadline for reaching an agreement approaches.

Consent is Key to Avoiding Child Privacy Class Actions

June 15, 2020

Mintz Member and Chair of the firm’s Privacy & Cybersecurity Practice Cynthia Larose and Associate Natalie Prescott co-authored a Bloomberg Law “Professional Perspective” column analyzing the latest litigation trends that are emerging from recent privacy class actions involving children.

California Privacy Enforcement Gives Companies Rules ‘Headache’

June 11, 2020

Mintz Member and Chair of the firm’s Privacy & Cybersecurity Practice Cynthia Larose was quoted in an article published by Bloomberg Law on how companies might revise policies to ensure compliance with the California Consumer Privacy Act (CCPA) in advance of its July 1 enforcement date.

Assessing Existing Privacy Policies and Practices

May 21, 2020

Mintz Member and Chair of the firm’s Privacy & Cybersecurity Practice Cynthia Larose and Associate Natalie Prescott co-authored a Wolters Kluwer “SmartTask” designed for practitioners responsible for assessing existing privacy policies of U.S.-based companies.

Zoom Security Issues Place Spotlight on Other Video Platforms' Privacy Troubles

May 14, 2020

In an article published by CIO Dive, Mintz Member and Chair of the Privacy & Cybersecurity Practice Cynthia Larose is quoted discussing cybersecurity concerns and compliance for communications platforms as working from home increases the use of these platforms due to the pandemic.

Mintz Attorneys Recognized by JD Supra's 2020 Readers’ Choice Awards

April 29, 2020

Protect Your Newly Remote Team From Cyberthreats

April 2, 2020

In an article published by Built In, Mintz Member and Chair of the firm’s Privacy & Cybersecurity Practice Cynthia Larose was quoted extensively on remote cybersecurity risks, tips to protect personal and professional information, and a recent spike in malicious emails and phishing exploits, among other topics.

Mintz Ranked Among the Top 16 “CyberSavvy” Law Firms by BTI Consulting

March 19, 2020

A New California Privacy Law Could Change Everything for Drone Operators in the U.S.

January 3, 2020

Mintz Member and Chair of the firm’s Privacy & Cybersecurity Practice Cynthia Larose, Of Counsel Laura Stefani, and Associates Jonathan Markman and Elana Safner co-authored this guest post published by Dronelife that addressed how the California Consumer Privacy Act might affect drone operators in the state. The article also provided action items for surveillance and drone companies as they prepare for CCPA implementation.

Mintz Attorneys Susan Cohen and Brian Lam Named 2019 National Law Review “Go-To Thought Leaders”

December 10, 2019

One Hundred Mintz Attorneys Ranked as Leaders by Best Lawyers 2020

August 15, 2019

Mintz Recognized by Chambers USA 2019

April 26, 2019

Cynthia Larose Named a National Law Review "Go-To Thought Leader"

December 27, 2018

Eighty-Nine Mintz Attorneys Included in the Best Lawyers in America, 2019 Edition

August 15, 2018

Sweeping Data Privacy Bill Approved In California

June 28, 2018

This story noted news that California’s Governor has signed in law the nation's most far-reaching data privacy bill which will provide the state’s consumers more control of their personal data. Cynthia Larose, Chair of the firm's Privacy & Security Practice and a Certified Information Privacy Professional (CIPP), provides commentary.

Chambers USA 2018 Ranks Mintz Attorneys & Practices

May 03, 2018

Mintz partner and Massachusetts lawyer Julie Korostoff is one of 49 attorneys recognized as “Leaders in Their Fields” by the 2018 Chambers USA: America's Leading Lawyers for Business guide. Chambers named Korostoff a “Recognized Practitioner” in Technology.

Mintz Honored by JD Supra's 2018 Reader's Choice Awards

March 19, 2018

Mintz is proud to be recognized by JD Supra in its 2018 Reader’s Choice awards. The annual program highlights the most widely read authors and articles throughout the past year. Five Mintz attorneys were named JD Supra Top Authors in four different industries.

Mintz’s Cynthia Larose Named “Top 50 Most Powerful Women in Technology” by National Diversity Council

October 16, 2017

The National Diversity Council has named Cynthia Larose, Chair of the Privacy & Security Practice of Mintz, one of the “Top 50 Most Powerful Women in Technology.” This marks the second consecutive year Ms. Larose has been selected for this honor.

New Yorkers Want to Know: What’s your cybersecurity plan?

August 29, 2017

Cynthia Larose is a Member of Mintz's Boston office and Chair of the firm’s Privacy & Security Practice. She was featured in a Marketplace article on cybersecurity regulations going into effect for financial institutions licensed by the state of New York.

Eighty-Five Mintz Attorneys Included in the Best Lawyers in America, 2018 Edition

August 15, 2017

Best Lawyers named 85 Mintz attorneys to its 2018 list of The Best Lawyers in America. In addition, Mintz attorneys Matthew J. Gardella and Samuel M. Tony Starr were named “Lawyer of the Year” in their respective practice areas.

Effective and Compliant Employee Monitoring (Part Two of Two)

April 19, 2017

Jennifer Rubin and Cynthia Larose are among those interviewed in the second part of this series discussing the legality of employers’ monitoring data systems and employee digital activity, making sure that they comply with consent and other requirements when setting up programs.

Effective and Compliant Employee Monitoring (Part One of Two)

April 5, 2017

Members Jennifer Rubin and Cynthia Larose are among those interviewed in this article discussing the legality of employers’ monitoring data systems and employee digital activity, making sure that they comply with consent and other requirements when setting up programs.

Want to improve risk management? Do the basics

March 9, 2017

This article focuses on the key takeaways from a cybersecurity panel of industry experts recently held at Boston College. Member Cynthia Larose and Chair of the firm's Privacy & Security Practice moderated the panel.

Mintz Attorneys to Speak at 2017 Boston Conference on Cyber Security

March 06, 2017

Mintz Members will be participating in multiple panel discussions at the 2017 Boston Conference on Cyber Security hosted by Boston College and the FBI. The event presents an opportunity for leading minds to come together and fashion a more secure cyberspace.

Lessons for Connected Devices From the FTC’s Warning Against Unexpected Data Collection

February 22, 2017

Cynthia Larose is included in this article discussing challenges and questions raised concerning privacy of data on connected devices. Cynthia, a Member in the firm, is Chair of Mintz’s Privacy and Security Practice.

The Most Significant Data Breaches Of 2016

December 22, 2016

Member Cynthia Larose and Chair of the firm’s Privacy & Security Practice is quoted in a Law360 article discussing the major data security breaches in 2016.

49 Mintz Attorneys Featured in Chambers USA 2016 Guide

May 31, 2016

Firm’s National Healthcare Practice, NY Corporate/M&A and Litigation: General Commercial Among Newest Rankings

Mintz Attorney Cynthia J. Larose Named to List of Top 50 Women in Technology by the National Diversity Council

May 17, 2016

Mintz Attorney Featured in 2016 National Diversity Council Awards

March 25, 2016

Seven Mintz Attorneys and Five Practice Areas Featured in JD Supra’s 2016 Reader’s Choice Awards

March 14, 2016

Getting Your Firm Beyond the Breach

March 1, 2016

Member Cynthia Larose authored this American Staffing Association Magazine column on how businesses will find themselves under scrutiny for data breaches.

Fifty-Two Mintz Attorneys Featured in Chambers USA 2015 Guide

May 19, 2015

The 2015 Chambers USA: America's Leading Lawyers for Business guide names 52 Mintz, Cohn, Ferris, Glovsky and Popeo, P.C. attorneys as “Leaders in Their Fields.”

Mintz Forms Dedicated Cybersecurity Risk Management Group; Unveils “Safety Suite” of Specialized Services

January 20, 2015

Cynthia J. Larose and Jonathan T. Cain to Speak on Data Privacy and Security Roundtable

September 29, 2014

Mintz Represents Time Inc. in Acquisition of Cozi Inc.

June 19, 2014

Fifty-One Mintz Attorneys Featured in Chambers USA 2014 Guide

May 23, 2014

Mintz Attorney Cynthia J. Larose to Speak on WBZ Radio Cyber Security Panel

May 19, 2014

Mintz Attorney Jonathan T. Cain Earns Prestigious U.S. Government Information Privacy Professional Certification

December 10, 2013

Mintz Attorney Jake Romero Receives Prestigious Information Privacy Professional Certification

December 04, 2013

Mintz’s Cynthia Larose to Speak on Data Breaches to Boston Chapter of Women Corporate Directors

September 17, 2013

Forty-Eight Mintz Attorneys Featured in Chambers USA 2013 Guide

May 24, 2013

Read less

Speaker

Mar

2022

Hot Topics in White Collar Crime and Government Investigations: Considerations for Corporate Counsel

Association of Corporate Counsel, San Diego and Mintz

Virtual Event

Speaker

Feb

2022

The Board's Role on Cybersecurity

Virtual Event

Moderator

Apr

2021

How Could Federal Privacy Legislation Evolve in the New Congress?

Mintz & ML Strategies

Webinar

Speaker

Mar

2021

The California Privacy Rights Act – What You Need to Know to Prepare

Webinar

Moderator

Feb

2021

Panelist

Oct

2019

Conversations in Cyber: Challenges & Solutions in Cybersecurity Leadership

Speaker

Oct

2019

California Consumer Privacy Act for Employers: What Now?

Speaker

Oct

2019

The Office of the General Treasurer and Rhode Island Health and Educational Building Corporation's Joint Municipal Training and Education Conference

Cybersecurity

Greenwich, RI

Panelist

ML Strategies, 701 Pennsylvania Ave, NW, Suite 900, Washington, DC 20004

Speaker

May

2019

Boston Bar Privacy & Cybersecurity Conference

Aloft Boston

Panelist

Concord, NH

Speaker

Oct

2017

Staffing World 2017

American Staffing Association

Chicago, IL

Speaker

Boston, MA

Speaker

NACD New England

Boston, MA

Speaker

May

2016

2016 NEDRIX Spring Conference

NorthEast Disaster Recovery Information X-Change

Boston, MA

Moderator

Apr

2016

Privacy Shield: The Real Deal or Back to the Drawing Board?

Webinar

Speaker

Jan

2016

Conducting Business in a Post Safe Harbor World

Boston, MA

Speaker

Dec

2015

Increased Scrutiny by Regulators of Cybersecurity

The New England Broker/Dealer and Investment Adviser Association

Boston, MA

Read less

BTI Consulting Group Client Service All-Star (2022)
Best Lawyers in America: Privacy and Data Security Law (2018 – 2025)
Massachusetts Lawyers Weekly: Go To Cybersecurity/Data Privacy Lawyer (2022, 2024)
Top Author for Cybersecurity, JD Supra’s Readers' Choice Awards (2018 - 2021)
Chambers USA: Noted Practitioner, Nationwide – Privacy & Data Security (2018 – 2019)
National Law Review: Go-To Thought Leadership Award, Cybersecurity (2018)
Chambers USA: Nationwide – Privacy & Data Security (2010 – 2016)
Chambers Global: Privacy & Data Security (2011 – 2012, 2016 – 2017)
National Diversity Council: Top 50 Most Powerful Women in Technology (2016)
Woman of Technology 2001 by Women in Technology, Inc.
Two Thousand Notable American Women (2001)
Women's Business Boston: Top 10 Women Lawyers in Boston (2005)
Women’s Business Boston: Top 10 Corporate Lawyers in Boston (2009 – 2010)
Named a "Rising Star" by Boston Magazine (2011)
Leila Josephine Robinson Award, Boston University Woman's Law Association (2010)
Boston Digital Industry News: Best General Lawyer for a High-Tech Firm
Massachusetts Super Lawyers: Rising Star – Information Technology/Outsourcing (2005)

Read less

Member, International Association of Privacy Professionals
Member, Computer Law Association
Member, Federal Communications Bar Association

Read less

June 3, 2024| Alert|

Cynthia J. Larose

Member / Co-Chair, Privacy & Cybersecurity Practice

Boston

viewpoints

February 7, 2020 | Blog | By Christian Tamotsu Fjeld, Christopher Harvie, Cynthia Larose

February 4, 2020 | Blog | By Christopher Buontempo , Cynthia Larose

January 31, 2020 | Blog | By Cynthia Larose

January 29, 2020 | Blog | By Christian Tamotsu Fjeld, Christopher Harvie, Cynthia Larose

January 28, 2020 | Blog | By Christian Tamotsu Fjeld, Christopher Harvie, Cynthia Larose

January 10, 2020 | Blog | By Cynthia Larose

December 23, 2019 | Blog | By Cynthia Larose

December 19, 2019 | Blog | By Cynthia Larose

December 18, 2019 | Blog | By Cynthia Larose

October 29, 2019 | Blog | By Cynthia Larose, Jennifer Rubin

News & Press

August 15, 2024

June 24, 2024

August 17, 2023

June 23, 2023

January 4, 2023

October 31, 2022

August 26, 2022

August 18, 2022

February 08, 2022

November 12, 2021

August 19, 2021

August 17, 2021

May 25, 2021

March 31, 2021

March 12, 2021

March 1, 2021

August 20, 2020

August 19, 2020

August 4, 2020

June 15, 2020

June 11, 2020

May 21, 2020

May 14, 2020

April 29, 2020

April 2, 2020

March 19, 2020

January 3, 2020

December 10, 2019

August 15, 2019

April 26, 2019

December 27, 2018

August 15, 2018

June 28, 2018

May 03, 2018

March 19, 2018

October 16, 2017

August 29, 2017

August 15, 2017

April 19, 2017

April 5, 2017

March 9, 2017

March 06, 2017

February 22, 2017

December 22, 2016

May 31, 2016

May 17, 2016

March 25, 2016

March 14, 2016

March 1, 2016

May 19, 2015

January 20, 2015

September 29, 2014

June 19, 2014

May 23, 2014

May 19, 2014

December 10, 2013

December 04, 2013

September 17, 2013

May 24, 2013

Events & Speaking

Association of Corporate Counsel, San Diego and Mintz

Virtual Event

Virtual Event