Skip to main content

Cynthia J. Larose

Member / Co-Chair, Privacy & Cybersecurity Practice

[email protected]

+1.617.348.1732

Follow:
Share:

Cynthia is a highly regarded authority in the privacy and security field and a Certified Information Privacy Professional (CIPP). She handles the full range of data security issues for companies of all sizes, from start-ups to major corporations. Cynthia is masterful at conducting privacy audits; crafting procedures to protect data; advising clients on state, federal, and international laws and regulations on information use and data security; helping organizations respond to breaches; and planning data transfers associated with corporate transactions. She is an in-demand media commentator and speaker on privacy and cybersecurity issues.

Cynthia is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E).

She represents companies in information, communications, and technology, including e-commerce and other electronic transactions. She counsels clients through all stages of the “corporate lifecycle,” from start-ups through mid- and later-stage financings to IPO, and has broad experience in technology and business law, including online contracting issues, licensing, domain name issues, software development, and complex outsourcing transactions. She is also a key contributor to MintzEdge, an online resource for entrepreneurs that includes useful tools and information for starting and growing a company.

Cynthia has extensive experience in privacy, data security, and information management matters, including state, federal, and international laws and regulations on the use and transfer of information, behavioral advertising, data security breach compliance and incident response, data breach incident response planning, as well as data transfers in the context of mergers and acquisitions and technology transactions.

She conducts privacy audits and risk assessments to determine data and transaction flow and to assess privacy practices, and assists with drafting and implementation of privacy policies and information security policies and procedures and monitoring of privacy “best practices” across all levels of the enterprise.

She is a frequent speaker on privacy issues at conferences and media appearances and presents privacy awareness and compliance training seminars to client companies.

During law school, she was editor-in-chief of the Probate Law Journal.

viewpoints

California Attorney General Rob Bonta has announced a major settlement under the California Consumer Privacy Act (CCPA), and it will cost Sephora, Inc. a whopping $1.2 million in penalties. Pay attention to your email boxes:  in addition to announcing the Sephora settlement, AG Bonta also said that his office today sent notices to “a number of businesses alleging non-compliance relating to their failure to process consumer opt-out requests made via user-enabled global privacy controls, like the GPC.” 

Read more

The central tradeoff between a service’s affordability and the user’s right to privacy has been debated for the better part of two decades. The quickest jolt to the regulatory landscape may come via Federal Trade Commission (“FTC” or the “Commission”) enforcement. On August 11, the FTC issued an Advanced Notice of Proposed Rulemaking (“ANPR” or the “Notice”), asking the public to weigh in on whether new regulation is required to protect consumers and crackdown on “commercial surveillance.”

Read more

The new California privacy regulatory body, the California Privacy Protection Agency (CPPA), has loudly voiced its opposition to the proposed federal American Data Privacy and Protection Act (ADPPA).   The bottom line for the unanimous opposition:  the ADPPA would preempt California’s privacy laws – both the California Consumer Privacy Act and the California Privacy Rights Act effective as of 1/1/23 – and establishes a ceiling on privacy regulation by states. 

Read more

In this post, the Mintz team breaks down the elements within the “American Data Privacy and Protection Act” (ADPPA) bill draft. Released to the public on Friday, June 3, this comprehensive bill touches on all facets of the privacy debate that has been ongoing in Congress for well over 20 years. 

Read more

It does not look as though Massachusetts will be state number 6 to enact a comprehensive data privacy law – or at least not the one that people have been talking about.  The Massachusetts Joint Committee on Health Care Financing has voted to send House Bill 4514, An Act Establishing the Massachusetts Information Security and Privacy Act to “study.”  This action by the influential legislative committee signals that this particular bill is not likely to advance during the current legislative session which concludes at the end of the calendar year.

Read more

Privacy law 101 includes a simple but important basic concept that organizations may only use personal information they collect for what they say they will, and how they say they will.  According to the Federal Trade Commission ("FTC") and the Department of Justice ("DOJ"), Twitter got this wrong - and it is going to cost Twitter $150M as a result. On May 25, 2022, Twitter reached a proposed settlement with the DOJ and the FTC to resolve allegations that Twitter violated the FTC Act and an Order issued by the FTC in 2011 by misrepresenting how it would make use of users’ personal information, including users’ nonpublic contact information. 

Read more

FBI Director Christopher Wray said that agents this summer thwarted a planned attack on Boston Children’s Hospital.  Wray said that the FBI learned of the plan from “an intelligence partner,” and “quick actions by everyone involved, especially at the hospital, protected both the network and the sick kids who depended on it.” 

Read more

Connecticut Governor Ned Lamont has signed the country’s fifth comprehensive consumer privacy act. Our breakdown below outlines key concepts on how the Connecticut Data Privacy Act (CDPA) will impact businesses, and several notes about how its provisions compare to other US state privacy laws.

Read more
Read less

News & Press

Press Release Thumbnail Mintz

187 Mintz attorneys have been recognized by Best Lawyers® in the 2025 edition of The Best Lawyers in America©. Notably, three Mintz attorneys received 2025 “Lawyer of the Year” awards, and 64 firm attorneys were included in the 2025 edition of Best Lawyers: Ones to Watch.

Press Release Thumbnail Mintz

Mintz is pleased to announce that 120 firm attorneys have been recognized as leaders by Best Lawyers® in the 2024 edition of The Best Lawyers in America©.

News Thumbnail Mintz

Law360 published an article written by Privacy & Cybersecurity Chair Cynthia Larose, and Associates Michael Katz and Elana Lerner Brockman, which analyzes the Florida Digital Bill of Rights.

Press Release Thumbnail Mintz

Mintz is pleased to announce that Massachusetts Lawyers Weekly has recognized Cynthia Larose on its 2022 list of "Go To Cybersecurity/Data Privacy" lawyers.

Press Release Thumbnail Mintz

Best Lawyers® recognized 108 firm attorneys in the 2023 edition of The Best Lawyers in America©. Notably, two Mintz attorneys – Poonam Patidar and Scott M. Stanton – received 2023 “Lawyer of the Year” awards, and 28 firm attorneys were included in the inaugural edition of Best Lawyers: Ones to Watch.

News Thumbnail Mintz
An article published by Bloomberg Law included commentary from Mintz Member and Chair of the firm's Privacy & Cybersecurity Practice Cynthia Larose on Québec’s updated privacy law, Bill 64, and its potential implications for U.S. businesses.
News Thumbnail Mintz
In an article published by the Cybersecurity Law Report, Mintz Member and Chair of the firm’s Privacy & Cybersecurity Practice Cynthia Larose provided input on best practices for compliance with New York City’s new biometric data protection law, which affects commercial establishments – requiring signage and prohibiting the sale of biometric identifying information.
News Thumbnail Mintz
Mintz Member and Chair of the firm’s Privacy & Cybersecurity Practice Cynthia Larose was quoted in an article published by Bloomberg Law on the legal implications of a hack of Microsoft’s Exchange email software for small and medium-sized organizations, which are unlikely to have the resources to handle the data breach quickly and effectively.
News Thumbnail Mintz
In light of the recent SolarWinds hack, Mintz Member Michael R. Graif and Member and Chair of the firm’s Privacy & Cybersecurity Practice Cynthia J. Larose co-authored an article published by the New York Law Journal examining diligence activities businesses can and should take when selecting third-party service providers, including ensuring compliance with the New York Stop Hacks and Improve Electronic Data Security (SHIELD) Act.
News Thumbnail Mintz
An article published by Law360 included commentary from Mintz Member and Chair of the firm’s Privacy & Cybersecurity Practice Cynthia Larose on cybersecurity and compliance considerations for companies as the New York Department of Financial Services begins enforcement of the state’s novel cybersecurity rules.
News & Press Thumbnail
Mintz Member and Chair of the firm’s Privacy & Cybersecurity Practice Cynthia Larose was quoted in an article published by Bloomberg Law on regulatory concerns and privacy risks involved with Microsoft Corp.’s proposed acquisition of TikTok, as President Trump’s September 15 deadline for reaching an agreement approaches.
News Thumbnail Mintz
Mintz Member and Chair of the firm’s Privacy & Cybersecurity Practice Cynthia Larose and Associate Natalie Prescott co-authored a Bloomberg Law “Professional Perspective” column analyzing the latest litigation trends that are emerging from recent privacy class actions involving children.
News Thumbnail Mintz
Mintz Member and Chair of the firm’s Privacy & Cybersecurity Practice Cynthia Larose was quoted in an article published by Bloomberg Law on how companies might revise policies to ensure compliance with the California Consumer Privacy Act (CCPA) in advance of its July 1 enforcement date.
News Thumbnail Mintz
Mintz Member and Chair of the firm’s Privacy & Cybersecurity Practice Cynthia Larose and Associate Natalie Prescott co-authored a Wolters Kluwer “SmartTask” designed for practitioners responsible for assessing existing privacy policies of U.S.-based companies.
News Thumbnail Mintz
In an article published by CIO Dive, Mintz Member and Chair of the Privacy & Cybersecurity Practice Cynthia Larose is quoted discussing cybersecurity concerns and compliance for communications platforms as working from home increases the use of these platforms due to the pandemic.
News Thumbnail Mintz
In an article published by Built In, Mintz Member and Chair of the firm’s Privacy & Cybersecurity Practice Cynthia Larose was quoted extensively on remote cybersecurity risks, tips to protect personal and professional information, and a recent spike in malicious emails and phishing exploits, among other topics.
News Thumbnail Mintz
Mintz Member and Chair of the firm’s Privacy & Cybersecurity Practice Cynthia Larose, Of Counsel Laura Stefani, and Associates Jonathan Markman and Elana Safner co-authored this guest post published by Dronelife that addressed how the California Consumer Privacy Act might affect drone operators in the state. The article also provided action items for surveillance and drone companies as they prepare for CCPA implementation.
This story noted news that California’s Governor has signed in law the nation's most far-reaching data privacy bill which will provide the state’s consumers more control of their personal data. Cynthia Larose, Chair of the firm's Privacy & Security Practice and a Certified Information Privacy Professional (CIPP), provides commentary.
Press Release Thumbnail Mintz
Mintz partner and Massachusetts lawyer Julie Korostoff is one of 49 attorneys recognized as “Leaders in Their Fields” by the 2018 Chambers USA: America's Leading Lawyers for Business guide. Chambers named Korostoff a “Recognized Practitioner” in Technology.
Mintz is proud to be recognized by JD Supra in its 2018 Reader’s Choice awards. The annual program highlights the most widely read authors and articles throughout the past year. Five Mintz attorneys were named JD Supra Top Authors in four different industries.
Press Release Thumbnail Mintz
The National Diversity Council has named Cynthia Larose, Chair of the Privacy & Security Practice of Mintz, one of the “Top 50 Most Powerful Women in Technology.” This marks the second consecutive year Ms. Larose has been selected for this honor.
Cynthia Larose is a Member of Mintz's Boston office and Chair of the firm’s Privacy & Security Practice. She was featured in a Marketplace article on cybersecurity regulations going into effect for financial institutions licensed by the state of New York.
Press Release Thumbnail Mintz
Best Lawyers named 85 Mintz attorneys to its 2018 list of The Best Lawyers in America. In addition, Mintz attorneys Matthew J. Gardella and Samuel M. Tony Starr were named “Lawyer of the Year” in their respective practice areas.
Jennifer Rubin and Cynthia Larose are among those interviewed in the second part of this series discussing the legality of employers’ monitoring data systems and employee digital activity, making sure that they comply with consent and other requirements when setting up programs.
Members Jennifer Rubin and Cynthia Larose are among those interviewed in this article discussing the legality of employers’ monitoring data systems and employee digital activity, making sure that they comply with consent and other requirements when setting up programs.
This article focuses on the key takeaways from a cybersecurity panel of industry experts recently held at Boston College. Member Cynthia Larose and Chair of the firm's Privacy & Security Practice moderated the panel.
Press Release Thumbnail Mintz
Mintz Members will be participating in multiple panel discussions at the 2017 Boston Conference on Cyber Security hosted by Boston College and the FBI. The event presents an opportunity for leading minds to come together and fashion a more secure cyberspace.
Cynthia Larose is included in this article discussing challenges and questions raised concerning privacy of data on connected devices. Cynthia, a Member in the firm, is Chair of Mintz’s Privacy and Security Practice.
Member Cynthia Larose and Chair of the firm’s Privacy & Security Practice is quoted in a Law360 article discussing the major data security breaches in 2016.
Firm’s National Healthcare Practice, NY Corporate/M&A and Litigation: General Commercial Among Newest Rankings
Member Cynthia Larose authored this American Staffing Association Magazine column on how businesses will find themselves under scrutiny for data breaches.
The 2015 Chambers USA: America's Leading Lawyers for Business guide names 52 Mintz, Cohn, Ferris, Glovsky and Popeo, P.C.  attorneys as “Leaders in Their Fields.”
Read less

Events & Speaking

Speaker
Mar
16
2022

Hot Topics in White Collar Crime and Government Investigations: Considerations for Corporate Counsel

Association of Corporate Counsel, San Diego and Mintz

Virtual Event

Webinar Reference Image
Speaker
Feb
9
2022
Seminar Reference Image
Moderator
Speaker
Apr
27
2020
Speaker
Apr
15
2020
Webinar Reference Image
Speaker
Speaker
Mar
4
2020
Speaker
Panelist
Sep
25
2019
Moderator
Jun
19
2019

Health Care & Cybersecurity: A Powerful Combination

ML Strategies, 701 Pennsylvania Ave, NW, Suite 900, Washington, DC 20004

Speaker
Panelist
Apr
29
2019

AHAM Annual Member Meeting 2019

Know the Score

The Ritz-Carlton Washington DC

Moderator
Mar
6
2019

The Third Annual Boston Conference on Cyber Security (BCCS 2019)

Boston College, Gasson Hall, Room 100, 140 Commonwealth Avenue Chestnut Hill, MA

Speaker
Feb
4
2019

Cybersecurity Best Practices for Legal Services Providers 2019

Practising Law Institute

PLI New York Center, 1177 Avenue of the Americas, (2nd floor), entrance on 45th Street, New York, New York

Speaker
Nov
13
2018

CTAM End of Year Meeting

HBO Theater, New York, NY

Oct
3
2018

Ascendant Compliance Conference

State of the Data Breach

San Diego, California

Speaker
May
7
2018

2018 Onsolve User Conference

Arizona Biltmore Hotel 2400 E Missouri Avenue Phoenix, AZ

Speaker
Apr
18
2018

Legal Issues in Museum Administration 2018

American Law Institute Continuing Legal Education (ALI CLE)

Revere Hotel Boston Common 200 Stuart Street Boston, MA

Speaker
Mar
19
2018

2018 Cyber Liability Conference

Mohegan Sun Resort & Convention Center 1 Mohegan Sun Blvd Uncasville, CT

Speaker
Mar
15
2018

Higher Education Legal Conference

Boston Bar Association

Sheraton Boston Hotel 39 Dalton Street Boston, MA

Moderator
Mar
7
2018

The Second Annual Boston Conference on Cyber Security (BCCS 2018)

Boston College

Gasson Hall, Room 100 140 Commonwealth Avenue Chestnut Hill, MA

Speaker
Jan
19
2018
Speaker
Jan
17
2018
Speaker
Nov
30
2017
Speaker
Nov
29
2017
Speaker
Nov
28
2017
Speaker
Speaker
Nov
2
2017

Cyber Security & Liability

New Hampshire Bar Association

Concord, NH

Speaker
Oct
25
2017

Staffing World 2017

American Staffing Association

Chicago, IL

Speaker
Oct
10
2017

Ascendant Compliance Conference

Ascendant Compliance Management

Napa, California

Panelist
May
24
2017

Privacy & Cybersecurity Conference

Boston Bar Association

Boston, MA

Speaker
May
11
2017

2017 ASA Staffing Law Conference

American Staffing Association

Washington, DC

Moderator
Mar
8
2017
Speaker
Jun
3
2016

Director Bootcamp

NACD New England

Boston, MA

Speaker
May
11
2016

2016 NEDRIX Spring Conference

NorthEast Disaster Recovery Information X-Change

Boston, MA

Speaker
Dec
1
2015

Increased Scrutiny by Regulators of Cybersecurity

The New England Broker/Dealer and Investment Adviser Association

Boston, MA

Speaker
May
13
2015
Moderator
Mar
10
2015

Not If, But When: Cyber Security for Companies in an Age of Inevitable Hacks, Attacks & Breaches

National Association of Corporate Directors, New England Chapter

Newton Marriott Hotel, Newton, MA

Read less

Cynthia is a highly regarded authority in the privacy and security field and a Certified Information Privacy Professional (CIPP). She handles the full range of data security issues for companies of all sizes, from start-ups to major corporations. Cynthia is masterful at conducting privacy audits; crafting procedures to protect data; advising clients on state, federal, and international laws and regulations on information use and data security; helping organizations respond to breaches; and planning data transfers associated with corporate transactions. She is an in-demand media commentator and speaker on privacy and cybersecurity issues.

Recognition & Awards

  • BTI Consulting Group Client Service All-Star (2022)

  • Best Lawyers in America: Privacy and Data Security Law (2018 – 2025)

  • Massachusetts Lawyers Weekly: Go To Cybersecurity/Data Privacy Lawyer (2022, 2024)

  • Top Author for Cybersecurity, JD Supra’s Readers' Choice Awards (2018 - 2021)

  • Chambers USA: Noted Practitioner, Nationwide – Privacy & Data Security (2018 – 2019)

  • National Law Review: Go-To Thought Leadership Award, Cybersecurity (2018)

  • Chambers USA: Nationwide – Privacy & Data Security (2010 – 2016)

  • Chambers Global: Privacy & Data Security (2011 – 2012, 2016 – 2017)

  • National Diversity Council: Top 50 Most Powerful Women in Technology (2016)

  • Woman of Technology 2001 by Women in Technology, Inc.

  • Two Thousand Notable American Women (2001)

  • Women's Business Boston: Top 10 Women Lawyers in Boston (2005)

  • Women’s Business Boston: Top 10 Corporate Lawyers in Boston (2009 – 2010)

  • Named a "Rising Star" by Boston Magazine (2011)

  • Leila Josephine Robinson Award, Boston University Woman's Law Association (2010)

  • Boston Digital Industry News: Best General Lawyer for a High-Tech Firm

  • Massachusetts Super Lawyers: Rising Star – Information Technology/Outsourcing (2005)

Read less

Cynthia is a highly regarded authority in the privacy and security field and a Certified Information Privacy Professional (CIPP). She handles the full range of data security issues for companies of all sizes, from start-ups to major corporations. Cynthia is masterful at conducting privacy audits; crafting procedures to protect data; advising clients on state, federal, and international laws and regulations on information use and data security; helping organizations respond to breaches; and planning data transfers associated with corporate transactions. She is an in-demand media commentator and speaker on privacy and cybersecurity issues.

Involvement

  • Member, International Association of Privacy Professionals
  • Member, Computer Law Association
  • Member, Federal Communications Bar Association
Read less

Cynthia J. Larose

Member / Co-Chair, Privacy & Cybersecurity Practice

Boston