Cynthia J. Larose
Member / Co-Chair, Privacy & Cybersecurity Practice
+1.617.348.1732
Cynthia is a highly regarded authority in the privacy and security field and a Certified Information Privacy Professional (CIPP). She handles the full range of data security issues for companies of all sizes, from start-ups to major corporations. Cynthia is masterful at conducting privacy audits; crafting procedures to protect data; advising clients on state, federal, and international laws and regulations on information use and data security; helping organizations respond to breaches; and planning data transfers associated with corporate transactions. She is an in-demand media commentator and speaker on privacy and cybersecurity issues.
Cynthia is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E).
She represents companies in information, communications, and technology, including e-commerce and other electronic transactions. She counsels clients through all stages of the “corporate lifecycle,” from start-ups through mid- and later-stage financings to IPO, and has broad experience in technology and business law, including online contracting issues, licensing, domain name issues, software development, and complex outsourcing transactions. She is also a key contributor to MintzEdge, an online resource for entrepreneurs that includes useful tools and information for starting and growing a company.
Cynthia has extensive experience in privacy, data security, and information management matters, including state, federal, and international laws and regulations on the use and transfer of information, behavioral advertising, data security breach compliance and incident response, data breach incident response planning, as well as data transfers in the context of mergers and acquisitions and technology transactions.
She conducts privacy audits and risk assessments to determine data and transaction flow and to assess privacy practices, and assists with drafting and implementation of privacy policies and information security policies and procedures and monitoring of privacy “best practices” across all levels of the enterprise.
She is a frequent speaker on privacy issues at conferences and media appearances and presents privacy awareness and compliance training seminars to client companies.
During law school, she was editor-in-chief of the Probate Law Journal.
viewpoints
Mintz May Madness: Tennessee’s Information Protection Act Gets Us Thinking About NIST(y) Safe Harbors
May 12, 2023 | Blog | By Cynthia Larose, Michael Katz, Ilse P. Johnson
Tennessee is expected to become the eighth or ninth state to enact a comprehensive data privacy law. Tennessee Information Protection Act (“TIPA”) is a unique safe harbor compared to other recently enacted laws: it offers an affirmative defense to businesses who create, maintain and comply with a written privacy program that “reasonably conforms” to the National Institute of Standards and Technology (“NIST”) privacy framework or “other documented policies, standards, and procedures designed to safeguard consumer privacy.”
Mintz May Madness: Comprehensive Data Privacy Laws Sweeping the Nation
May 3, 2023 | Blog | By Michael Katz, Cynthia Larose, Ilse P. Johnson
Last month, three state legislatures passed comprehensive data privacy laws. This week, Indiana’s governor signed the Indiana Consumer Data Privacy Act (“ICDPA’) into law. Montana and Tennessee likely to follow right behind. These newcomers will join the six other states with data privacy statutes already enacted.
Just in time for Data Privacy Week: The new Mintz Matrix!
January 27, 2023 | Blog | By Cynthia Larose
Webinar Recording: Navigating Today's Privacy Compliance Landscape
December 14, 2022 | Webinar | By Cynthia Larose
The privacy compliance landscape has changed significantly in 2022. These acronyms have joined the CCPA, HIPAA, and GDPR in the privacy alphabet soup: CPRA, VCDPA, CDPA, CPA, and UCPA. Do you know what they all mean for your company and what they will require in order to be compliant?
JUST A REMINDER: Refresh Your Standard Contractual Clauses!!
November 29, 2022 | Blog | By Cynthia Larose
If you haven’t already got December 27th on your calendar, it’s the deadline for updating your documentation for transfers of personal data from the European Economic Area (EEA) to other countries – including the United States. Read our blog post regarding this issue and contact the Mintz Privacy Team if you need assistance.
“Ding Dong” -- FTC-Drizly Data Breach Settlement Will follow CEO Personally for a Decade
October 28, 2022 | Blog | By Christopher Buontempo , Cynthia Larose
California Privacy Rights Act: Key Compliance Tasks for Employers
October 17, 2022 | Alert | By Cynthia Larose
Read about how the California Privacy Rights Act (CPRA) will eliminate an exemption that allows employers to exclude some employee and applicant personal information from the reach of the California Consumer Privacy Act (CCPA) as of January 1, 2023.
The Sun is About to Set on Temporary CCPA/CPRA Exemptions: Employers Get Ready
September 14, 2022 | Blog | By Cynthia Larose
If you’ve relied on the temporary “exemption” for employee/applicant and business-to-business (B2B) personal information under the California Consumer Privacy Act (CCPA), those exemptions will expire on January 1, 2023. The California legislature adjourned on August 31 for the 2022 session without adopting legislation to extend those exemptions, and therefore, absent a special legislative session, they will sunset on December 31.
California Assembly Passes Sweeping Age-Appropriate Privacy Legislation
September 6, 2022 | Blog | By Kevin Hiraki, Cynthia Larose
California is leading the way on privacy regulation --- again. The California State Assembly has passed AB 2273, which, if approved by the California Governor, would require businesses that provide online services, products, or features likely to be accessed by children or teens under the age of 18 to increase their privacy and safety protections.
News & Press
The Best Lawyers in America 2025 Recognizes 184 Mintz Attorneys across 56 Practice Areas
August 15, 2024
187 Mintz attorneys have been recognized by Best Lawyers® in the 2025 edition of The Best Lawyers in America©. Notably, three Mintz attorneys received 2025 “Lawyer of the Year” awards, and 64 firm attorneys were included in the 2025 edition of Best Lawyers: Ones to Watch.
Mintz is pleased to announce that 120 firm attorneys have been recognized as leaders by Best Lawyers® in the 2024 edition of The Best Lawyers in America©.
Law360 published an article written by Privacy & Cybersecurity Chair Cynthia Larose, and Associates Michael Katz and Elana Lerner Brockman, which analyzes the Florida Digital Bill of Rights.
Massachusetts Lawyers Weekly Names Cynthia Larose a Go-To Lawyer for Cybersecurity/Data Privacy
October 31, 2022
Mintz is pleased to announce that Massachusetts Lawyers Weekly has recognized Cynthia Larose on its 2022 list of "Go To Cybersecurity/Data Privacy" lawyers.
First California Privacy Penalty Flags Consumer Data Sales Peril
August 26, 2022
Best Lawyers® recognized 108 firm attorneys in the 2023 edition of The Best Lawyers in America©. Notably, two Mintz attorneys – Poonam Patidar and Scott M. Stanton – received 2023 “Lawyer of the Year” awards, and 28 firm attorneys were included in the inaugural edition of Best Lawyers: Ones to Watch.
Five Mintz Attorneys Recognized as Client Service All-Stars by BTI
February 08, 2022
Québec’s Updated Privacy Law Complicates Cross-Border Data Flows
November 12, 2021
Complying With NYC’s New Biometrics Law
August 17, 2021
NY Cybersecurity Rules Pack Wallop In Enforcement Debut
August 19, 2020
Consent is Key to Avoiding Child Privacy Class Actions
June 15, 2020
Assessing Existing Privacy Policies and Practices
May 21, 2020
Protect Your Newly Remote Team From Cyberthreats
April 2, 2020
A New California Privacy Law Could Change Everything for Drone Operators in the U.S.
January 3, 2020
Mintz Recognized by Chambers USA 2019
April 26, 2019
Cynthia Larose Named a National Law Review "Go-To Thought Leader"
December 27, 2018
Sweeping Data Privacy Bill Approved In California
June 28, 2018
Chambers USA 2018 Ranks Mintz Attorneys & Practices
May 03, 2018
Mintz Honored by JD Supra's 2018 Reader's Choice Awards
March 19, 2018
Mintz’s Cynthia Larose Named “Top 50 Most Powerful Women in Technology” by National Diversity Council
October 16, 2017
New Yorkers Want to Know: What’s your cybersecurity plan?
August 29, 2017
Want to improve risk management? Do the basics
March 9, 2017
Lessons for Connected Devices From the FTC’s Warning Against Unexpected Data Collection
February 22, 2017
The Most Significant Data Breaches Of 2016
December 22, 2016
Getting Your Firm Beyond the Breach
March 1, 2016
Mintz Represents Time Inc. in Acquisition of Cozi Inc.
June 19, 2014
Events & Speaking
Hot Topics in White Collar Crime and Government Investigations: Considerations for Corporate Counsel
Association of Corporate Counsel, San Diego and Mintz
Virtual Event
Privacy Shield Shattered & the SCCs in Peril: Understanding the Schrems II Decision (and What to Do Next)
View the Webinar Recording
Compliance Solutions Strategies Spring 2020 Conference
The Ritz-Carlton, Sarasota, Florida
The Concept of “Reasonable Security” – What is it and how do you get there?
View the Webinar Recording
Coronavirus (COVID-19): Managing the Privacy & Cybersecurity Risks
View the Webinar Recording
The Office of the General Treasurer and Rhode Island Health and Educational Building Corporation's Joint Municipal Training and Education Conference
Cybersecurity
Greenwich, RI
Health Care & Cybersecurity: A Powerful Combination
ML Strategies, 701 Pennsylvania Ave, NW, Suite 900, Washington, DC 20004
The Third Annual Boston Conference on Cyber Security (BCCS 2019)
Boston College, Gasson Hall, Room 100, 140 Commonwealth Avenue Chestnut Hill, MA
Cybersecurity Best Practices for Legal Services Providers 2019
Practising Law Institute
PLI New York Center, 1177 Avenue of the Americas, (2nd floor), entrance on 45th Street, New York, New York
Legal Issues in Museum Administration 2018
American Law Institute Continuing Legal Education (ALI CLE)
Revere Hotel Boston Common 200 Stuart Street Boston, MA
2018 Cyber Liability Conference
Mohegan Sun Resort & Convention Center 1 Mohegan Sun Blvd Uncasville, CT
Higher Education Legal Conference
Boston Bar Association
Sheraton Boston Hotel 39 Dalton Street Boston, MA
The Second Annual Boston Conference on Cyber Security (BCCS 2018)
Boston College
Gasson Hall, Room 100 140 Commonwealth Avenue Chestnut Hill, MA
Increased Scrutiny by Regulators of Cybersecurity
The New England Broker/Dealer and Investment Adviser Association
Boston, MA
Hot Topics in Global Healthcare Information Privacy, Data Protection and Security
IAPP KnowledgeNet
Boston, MA
Not If, But When: Cyber Security for Companies in an Age of Inevitable Hacks, Attacks & Breaches
National Association of Corporate Directors, New England Chapter
Newton Marriott Hotel, Newton, MA
Cynthia is a highly regarded authority in the privacy and security field and a Certified Information Privacy Professional (CIPP). She handles the full range of data security issues for companies of all sizes, from start-ups to major corporations. Cynthia is masterful at conducting privacy audits; crafting procedures to protect data; advising clients on state, federal, and international laws and regulations on information use and data security; helping organizations respond to breaches; and planning data transfers associated with corporate transactions. She is an in-demand media commentator and speaker on privacy and cybersecurity issues.
Recognition & Awards
BTI Consulting Group Client Service All-Star (2022)
Best Lawyers in America: Privacy and Data Security Law (2018 – 2025)
Massachusetts Lawyers Weekly: Go To Cybersecurity/Data Privacy Lawyer (2022, 2024)
Top Author for Cybersecurity, JD Supra’s Readers' Choice Awards (2018 - 2021)
Chambers USA: Noted Practitioner, Nationwide – Privacy & Data Security (2018 – 2019)
National Law Review: Go-To Thought Leadership Award, Cybersecurity (2018)
Chambers USA: Nationwide – Privacy & Data Security (2010 – 2016)
Chambers Global: Privacy & Data Security (2011 – 2012, 2016 – 2017)
National Diversity Council: Top 50 Most Powerful Women in Technology (2016)
Woman of Technology 2001 by Women in Technology, Inc.
Two Thousand Notable American Women (2001)
Women's Business Boston: Top 10 Women Lawyers in Boston (2005)
Women’s Business Boston: Top 10 Corporate Lawyers in Boston (2009 – 2010)
Named a "Rising Star" by Boston Magazine (2011)
Leila Josephine Robinson Award, Boston University Woman's Law Association (2010)
Boston Digital Industry News: Best General Lawyer for a High-Tech Firm
Massachusetts Super Lawyers: Rising Star – Information Technology/Outsourcing (2005)
Cynthia is a highly regarded authority in the privacy and security field and a Certified Information Privacy Professional (CIPP). She handles the full range of data security issues for companies of all sizes, from start-ups to major corporations. Cynthia is masterful at conducting privacy audits; crafting procedures to protect data; advising clients on state, federal, and international laws and regulations on information use and data security; helping organizations respond to breaches; and planning data transfers associated with corporate transactions. She is an in-demand media commentator and speaker on privacy and cybersecurity issues.
Involvement
- Member, International Association of Privacy Professionals
- Member, Computer Law Association
- Member, Federal Communications Bar Association
Recent Insights
Just Around the Corner, Iowa’s Consumer Privacy Law Taking Effect
November 19, 2024| Blog|
Consumer Privacy Laws are Taking Effect Across the Nation – Are You Ready?
October 30, 2024| Blog|
187 Mintz attorneys have been recognized by Best Lawyers® in the 2025 edition of The Best Lawyers in America©. Notably, three Mintz attorneys received 2025 “Lawyer of the Year” awards, and 64 firm attorneys were included in the 2025 edition of Best Lawyers: Ones to Watch.
