Cynthia J. Larose
Member / Chair, Privacy & Cybersecurity Practice
+1.617.348.1732
Cynthia is a highly regarded authority in the privacy and security field and a Certified Information Privacy Professional (CIPP). She handles the full range of data security issues for companies of all sizes, from start-ups to major corporations. Cynthia is masterful at conducting privacy audits; crafting procedures to protect data; advising clients on state, federal, and international laws and regulations on information use and data security; helping organizations respond to breaches; and planning data transfers associated with corporate transactions. She is an in-demand media commentator and speaker on privacy and cybersecurity issues.
Cynthia is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E).
She represents companies in information, communications, and technology, including e-commerce and other electronic transactions. She counsels clients through all stages of the “corporate lifecycle,” from start-ups through mid- and later-stage financings to IPO, and has broad experience in technology and business law, including online contracting issues, licensing, domain name issues, software development, and complex outsourcing transactions. She is also a key contributor to MintzEdge, an online resource for entrepreneurs that includes useful tools and information for starting and growing a company.
Cynthia has extensive experience in privacy, data security, and information management matters, including state, federal, and international laws and regulations on the use and transfer of information, behavioral advertising, data security breach compliance and incident response, data breach incident response planning, as well as data transfers in the context of mergers and acquisitions and technology transactions.
She conducts privacy audits and risk assessments to determine data and transaction flow and to assess privacy practices, and assists with drafting and implementation of privacy policies and information security policies and procedures and monitoring of privacy “best practices” across all levels of the enterprise.
She is a frequent speaker on privacy issues at conferences and media appearances and presents privacy awareness and compliance training seminars to client companies.
During law school, she was editor-in-chief of the Probate Law Journal.
viewpoints
Release of new Mintz Matrix! States keep tinkering
September 7, 2023 | Article | By Cynthia Larose, Michael Katz
Draft Cybersecurity Audit and Risk Assessment Regulations Issued by CPPA
August 29, 2023 | Blog | By Cynthia Larose
SEC Adopts Final Cybersecurity Rules for Public Companies
August 1, 2023 | Blog | By Cynthia Larose, John Condon, Michael Katz, Stefan Jović
The SEC adopted its final rules and amendments concerning cybersecurity risk management, strategy, governance, and incident disclosure (the “Final Rule”) on July 26, 2023. In this article we highlight some of the principal changes to the cybersecurity rules first proposed by the SEC more than 16 months prior.
Read more
SEC Adopts Final Cybersecurity Rules for Public Companies
August 1, 2023 | Blog | By Cynthia Larose, John Condon, Michael Katz, Stefan Jović
The SEC adopted its final rules and amendments concerning cybersecurity risk management, strategy, governance, and incident disclosure (the “Final Rule”) on July 26, 2023. In this article we highlight some of the principal changes to the cybersecurity rules first proposed by the SEC more than 16 months prior.
Read more
The FTC Sets Its Sights on Biometric Information
July 6, 2023 | Blog | By Christopher Buontempo , Cynthia Larose
Mintz May Madness: Montana’s New Consumer Data Privacy Law Follows the Leaders ... and we’re not talking about California!
May 31, 2023 | Blog | By Michael Katz, Cynthia Larose, Angie Isaza-Loaiza
In Montana, Governor Greg Gianforte signed the Montana’s Consumer Data Privacy Act (S.B. 384) (“MCDPA”) on May 19, 2023 – one of the strongest privacy bills signed in a red state. Montana now becomes the ninth state to enact a comprehensive consumer data privacy law.
Read more
Mintz May Madness: Tennessee’s Information Protection Act Gets Us Thinking About NIST(y) Safe Harbors
May 12, 2023 | Blog | By Cynthia Larose, Michael Katz, Ilse P. Johnson
Tennessee is expected to become the eighth or ninth state to enact a comprehensive data privacy law. Tennessee Information Protection Act (“TIPA”) is a unique safe harbor compared to other recently enacted laws: it offers an affirmative defense to businesses who create, maintain and comply with a written privacy program that “reasonably conforms” to the National Institute of Standards and Technology (“NIST”) privacy framework or “other documented policies, standards, and procedures designed to safeguard consumer privacy.”
Read more
Mintz May Madness: Comprehensive Data Privacy Laws Sweeping the Nation
May 3, 2023 | Blog | By Michael Katz, Cynthia Larose, Ilse P. Johnson
Last month, three state legislatures passed comprehensive data privacy laws. This week, Indiana’s governor signed the Indiana Consumer Data Privacy Act (“ICDPA’) into law. Montana and Tennessee likely to follow right behind. These newcomers will join the six other states with data privacy statutes already enacted.
Read more
News & Press
Mintz is pleased to announce that 120 firm attorneys have been recognized as leaders by Best Lawyers® in the 2024 edition of The Best Lawyers in America©.
Law360 published an article written by Privacy & Cybersecurity Chair Cynthia Larose, and Associates Michael Katz and Elana Lerner Brockman, which analyzes the Florida Digital Bill of Rights.
Massachusetts Lawyers Weekly Names Cynthia Larose a Go-To Lawyer for Cybersecurity/Data Privacy
October 31, 2022
Mintz is pleased to announce that Massachusetts Lawyers Weekly has recognized Cynthia Larose on its 2022 list of "Go To Cybersecurity/Data Privacy" lawyers.
First California Privacy Penalty Flags Consumer Data Sales Peril
August 26, 2022
Five Mintz Attorneys Recognized as Client Service All-Stars by BTI
February 08, 2022
Québec’s Updated Privacy Law Complicates Cross-Border Data Flows
November 12, 2021
An article published by Bloomberg Law included commentary from Mintz Member and Chair of the firm's Privacy & Cybersecurity Practice Cynthia Larose on Québec’s updated privacy law, Bill 64, and its potential implications for U.S. businesses.
Complying With NYC’s New Biometrics Law
August 17, 2021
In an article published by the Cybersecurity Law Report, Mintz Member and Chair of the firm’s Privacy & Cybersecurity Practice Cynthia Larose provided input on best practices for compliance with New York City’s new biometric data protection law, which affects commercial establishments – requiring signage and prohibiting the sale of biometric identifying information.
Mintz Member and Chair of the firm’s Privacy & Cybersecurity Practice Cynthia Larose was quoted in an article published by Bloomberg Law on the legal implications of a hack of Microsoft’s Exchange email software for small and medium-sized organizations, which are unlikely to have the resources to handle the data breach quickly and effectively.
In light of the recent SolarWinds hack, Mintz Member Michael R. Graif and Member and Chair of the firm’s Privacy & Cybersecurity Practice Cynthia J. Larose co-authored an article published by the New York Law Journal examining diligence activities businesses can and should take when selecting third-party service providers, including ensuring compliance with the New York Stop Hacks and Improve Electronic Data Security (SHIELD) Act.
NY Cybersecurity Rules Pack Wallop In Enforcement Debut
August 19, 2020
An article published by Law360 included commentary from Mintz Member and Chair of the firm’s Privacy & Cybersecurity Practice Cynthia Larose on cybersecurity and compliance considerations for companies as the New York Department of Financial Services begins enforcement of the state’s novel cybersecurity rules.
Mintz Member and Chair of the firm’s Privacy & Cybersecurity Practice Cynthia Larose was quoted in an article published by Bloomberg Law on regulatory concerns and privacy risks involved with Microsoft Corp.’s proposed acquisition of TikTok, as President Trump’s September 15 deadline for reaching an agreement approaches.
Consent is Key to Avoiding Child Privacy Class Actions
June 15, 2020
Mintz Member and Chair of the firm’s Privacy & Cybersecurity Practice Cynthia Larose and Associate Natalie Prescott co-authored a Bloomberg Law “Professional Perspective” column analyzing the latest litigation trends that are emerging from recent privacy class actions involving children.
Mintz Member and Chair of the firm’s Privacy & Cybersecurity Practice Cynthia Larose was quoted in an article published by Bloomberg Law on how companies might revise policies to ensure compliance with the California Consumer Privacy Act (CCPA) in advance of its July 1 enforcement date.
Assessing Existing Privacy Policies and Practices
May 21, 2020
Mintz Member and Chair of the firm’s Privacy & Cybersecurity Practice Cynthia Larose and Associate Natalie Prescott co-authored a Wolters Kluwer “SmartTask” designed for practitioners responsible for assessing existing privacy policies of U.S.-based companies.
In an article published by CIO Dive, Mintz Member and Chair of the Privacy & Cybersecurity Practice Cynthia Larose is quoted discussing cybersecurity concerns and compliance for communications platforms as working from home increases the use of these platforms due to the pandemic.
Protect Your Newly Remote Team From Cyberthreats
April 2, 2020
In an article published by Built In, Mintz Member and Chair of the firm’s Privacy & Cybersecurity Practice Cynthia Larose was quoted extensively on remote cybersecurity risks, tips to protect personal and professional information, and a recent spike in malicious emails and phishing exploits, among other topics.
A New California Privacy Law Could Change Everything for Drone Operators in the U.S.
January 3, 2020
Mintz Member and Chair of the firm’s Privacy & Cybersecurity Practice Cynthia Larose, Of Counsel Laura Stefani, and Associates Jonathan Markman and Elana Safner co-authored this guest post published by Dronelife that addressed how the California Consumer Privacy Act might affect drone operators in the state. The article also provided action items for surveillance and drone companies as they prepare for CCPA implementation.
Mintz Recognized by Chambers USA 2019
April 26, 2019
Cynthia Larose Named a National Law Review "Go-To Thought Leader"
December 27, 2018
Sweeping Data Privacy Bill Approved In California
June 28, 2018
This story noted news that California’s Governor has signed in law the nation's most far-reaching data privacy bill which will provide the state’s consumers more control of their personal data. Cynthia Larose, Chair of the firm's Privacy & Security Practice and a Certified Information Privacy Professional (CIPP), provides commentary.
Chambers USA 2018 Ranks Mintz Attorneys & Practices
May 03, 2018
Mintz partner and Massachusetts lawyer Julie Korostoff is one of 49 attorneys recognized as “Leaders in Their Fields” by the 2018 Chambers USA: America's Leading Lawyers for Business guide. Chambers named Korostoff a “Recognized Practitioner” in Technology.
Mintz Honored by JD Supra's 2018 Reader's Choice Awards
March 19, 2018
Mintz is proud to be recognized by JD Supra in its 2018 Reader’s Choice awards. The annual program highlights the most widely read authors and articles throughout the past year. Five Mintz attorneys were named JD Supra Top Authors in four different industries.
Mintz’s Cynthia Larose Named “Top 50 Most Powerful Women in Technology” by National Diversity Council
October 16, 2017
The National Diversity Council has named Cynthia Larose, Chair of the Privacy & Security Practice of Mintz, one of the “Top 50 Most Powerful Women in Technology.” This marks the second consecutive year Ms. Larose has been selected for this honor.
New Yorkers Want to Know: What’s your cybersecurity plan?
August 29, 2017
Cynthia Larose is a Member of Mintz's Boston office and Chair of the firm’s Privacy & Security Practice. She was featured in a Marketplace article on cybersecurity regulations going into effect for financial institutions licensed by the state of New York.
Best Lawyers named 85 Mintz attorneys to its 2018 list of The Best Lawyers in America. In addition, Mintz attorneys Matthew J. Gardella and Samuel M. Tony Starr were named “Lawyer of the Year” in their respective practice areas.
Jennifer Rubin and Cynthia Larose are among those interviewed in the second part of this series discussing the legality of employers’ monitoring data systems and employee digital activity, making sure that they comply with consent and other requirements when setting up programs.
Members Jennifer Rubin and Cynthia Larose are among those interviewed in this article discussing the legality of employers’ monitoring data systems and employee digital activity, making sure that they comply with consent and other requirements when setting up programs.
Want to improve risk management? Do the basics
March 9, 2017
This article focuses on the key takeaways from a cybersecurity panel of industry experts recently held at Boston College. Member Cynthia Larose and Chair of the firm's Privacy & Security Practice moderated the panel.
Mintz Members will be participating in multiple panel discussions at the 2017 Boston Conference on Cyber Security hosted by Boston College and the FBI. The event presents an opportunity for leading minds to come together and fashion a more secure cyberspace.
Lessons for Connected Devices From the FTC’s Warning Against Unexpected Data Collection
February 22, 2017
Cynthia Larose is included in this article discussing challenges and questions raised concerning privacy of data on connected devices. Cynthia, a Member in the firm, is Chair of Mintz’s Privacy and Security Practice.
The Most Significant Data Breaches Of 2016
December 22, 2016
Member Cynthia Larose and Chair of the firm’s Privacy & Security Practice is quoted in a Law360 article discussing the major data security breaches in 2016.
Firm’s National Healthcare Practice, NY Corporate/M&A and Litigation: General Commercial Among Newest Rankings
Getting Your Firm Beyond the Breach
March 1, 2016
Member Cynthia Larose authored this American Staffing Association Magazine column on how businesses will find themselves under scrutiny for data breaches.
The 2015 Chambers USA: America's Leading Lawyers for Business guide names 52 Mintz, Cohn, Ferris, Glovsky and Popeo, P.C. attorneys as “Leaders in Their Fields.”
Mintz Represents Time Inc. in Acquisition of Cozi Inc.
June 19, 2014
Events & Speaking
Speaker
Mar
16
2022
Hot Topics in White Collar Crime and Government Investigations: Considerations for Corporate Counsel
Association of Corporate Counsel, San Diego and Mintz
Virtual Event
Speaker
Moderator
Apr
6
2021
Speaker
Moderator
Moderator
Jul
20
2020
Privacy Shield Shattered & the SCCs in Peril: Understanding the Schrems II Decision (and What to Do Next)
View the Webinar Recording
Speaker
Apr
27
2020
Compliance Solutions Strategies Spring 2020 Conference
The Ritz-Carlton, Sarasota, Florida
Speaker
Apr
22
2020
The Concept of “Reasonable Security” – What is it and how do you get there?
View the Webinar Recording
Speaker
Speaker
Speaker
Mar
30
2020
Coronavirus (COVID-19): Managing the Privacy & Cybersecurity Risks
View the Webinar Recording
Speaker
Speaker
Panelist
Speaker
Speaker
Oct
21
2019
The Office of the General Treasurer and Rhode Island Health and Educational Building Corporation's Joint Municipal Training and Education Conference
Cybersecurity
Greenwich, RI
Panelist
Speaker
Moderator
Jun
19
2019
Health Care & Cybersecurity: A Powerful Combination
ML Strategies, 701 Pennsylvania Ave, NW, Suite 900, Washington, DC 20004
Speaker
Panelist
Speaker
Speaker
Moderator
Mar
6
2019
The Third Annual Boston Conference on Cyber Security (BCCS 2019)
Boston College, Gasson Hall, Room 100, 140 Commonwealth Avenue Chestnut Hill, MA
Panelist
Speaker
Feb
4
2019
Cybersecurity Best Practices for Legal Services Providers 2019
Practising Law Institute
PLI New York Center, 1177 Avenue of the Americas, (2nd floor), entrance on 45th Street, New York, New York
Speaker
Speaker
Speaker
Apr
18
2018
Legal Issues in Museum Administration 2018
American Law Institute Continuing Legal Education (ALI CLE)
Revere Hotel Boston Common 200 Stuart Street Boston, MA
Speaker
Mar
19
2018
2018 Cyber Liability Conference
Mohegan Sun Resort & Convention Center 1 Mohegan Sun Blvd Uncasville, CT
Speaker
Mar
15
2018
Higher Education Legal Conference
Boston Bar Association
Sheraton Boston Hotel 39 Dalton Street Boston, MA
Moderator
Mar
7
2018
The Second Annual Boston Conference on Cyber Security (BCCS 2018)
Boston College
Gasson Hall, Room 100 140 Commonwealth Avenue Chestnut Hill, MA
Speaker
Speaker
Speaker
Speaker
Speaker
Speaker
Speaker
Speaker
Speaker
Speaker
Panelist
Speaker
Moderator
Mar
23
2017
Moderator
Panelist
Speaker
Speaker
Speaker
May
11
2016
Moderator
Speaker
Speaker
Dec
1
2015
Increased Scrutiny by Regulators of Cybersecurity
The New England Broker/Dealer and Investment Adviser Association
Boston, MA
Moderator
Speaker
Speaker
Moderator
Panelist
May
14
2015
Hot Topics in Global Healthcare Information Privacy, Data Protection and Security
IAPP KnowledgeNet
Boston, MA
Speaker
Moderator
Mar
10
2015
Not If, But When: Cyber Security for Companies in an Age of Inevitable Hacks, Attacks & Breaches
National Association of Corporate Directors, New England Chapter
Newton Marriott Hotel, Newton, MA
Speaker
Read less
Cynthia is a highly regarded authority in the privacy and security field and a Certified Information Privacy Professional (CIPP). She handles the full range of data security issues for companies of all sizes, from start-ups to major corporations. Cynthia is masterful at conducting privacy audits; crafting procedures to protect data; advising clients on state, federal, and international laws and regulations on information use and data security; helping organizations respond to breaches; and planning data transfers associated with corporate transactions. She is an in-demand media commentator and speaker on privacy and cybersecurity issues.
Recognition & Awards
- BTI Consulting Group Client Service All-Star (2022)
- Best Lawyers in America: Privacy and Data Security Law (2018 – 2024)
- Massachusetts Lawyers Weekly: Go To Cybersecurity/Data Privacy Lawyer (2022)
- Top Author for Cybersecurity, JD Supra’s Readers' Choice Awards (2018 - 2021)
- Chambers USA: Noted Practitioner, Nationwide – Privacy & Data Security (2018 – 2019)
- National Law Review: Go-To Thought Leadership Award, Cybersecurity (2018)
- Chambers USA: Nationwide – Privacy & Data Security (2010 – 2016)
- Chambers Global: Privacy & Data Security (2011 – 2012, 2016 – 2017)
- National Diversity Council: Top 50 Most Powerful Women in Technology (2016)
- Woman of Technology 2001 by Women in Technology, Inc.
- Two Thousand Notable American Women (2001)
- Women's Business Boston: Top 10 Women Lawyers in Boston (2005)
- Women’s Business Boston: Top 10 Corporate Lawyers in Boston (2009 – 2010)
- Named a "Rising Star" by Boston Magazine (2011)
- Leila Josephine Robinson Award, Boston University Woman's Law Association (2010)
- Boston Digital Industry News: Best General Lawyer for a High-Tech Firm
- Massachusetts Super Lawyers: Rising Star – Information Technology/Outsourcing (2005)
Cynthia is a highly regarded authority in the privacy and security field and a Certified Information Privacy Professional (CIPP). She handles the full range of data security issues for companies of all sizes, from start-ups to major corporations. Cynthia is masterful at conducting privacy audits; crafting procedures to protect data; advising clients on state, federal, and international laws and regulations on information use and data security; helping organizations respond to breaches; and planning data transfers associated with corporate transactions. She is an in-demand media commentator and speaker on privacy and cybersecurity issues.
Involvement
- Member, International Association of Privacy Professionals
- Member, Computer Law Association
- Member, Federal Communications Bar Association
Recent Insights
Release of new Mintz Matrix! States keep tinkering
September 7, 2023 |Article
Draft Cybersecurity Audit and Risk Assessment Regulations Issued by CPPA
August 29, 2023 |Blog
Mintz is pleased to announce that 120 firm attorneys have been recognized as leaders by Best Lawyers® in the 2024 edition of The Best Lawyers in America©.
