
Cynthia J. Larose
Member / Chair, Privacy & Cybersecurity Practice
+1.617.348.1732
Cynthia is a highly regarded authority in the privacy and security field and a Certified Information Privacy Professional (CIPP). She handles the full range of data security issues for companies of all sizes, from start-ups to major corporations. Cynthia is masterful at conducting privacy audits; crafting procedures to protect data; advising clients on state, federal, and international laws and regulations on information use and data security; helping organizations respond to breaches; and planning data transfers associated with corporate transactions. She is an in-demand media commentator and speaker on privacy and cybersecurity issues.
Cynthia is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E).
She represents companies in information, communications, and technology, including e-commerce and other electronic transactions. She counsels clients through all stages of the “corporate lifecycle,” from start-ups through mid- and later-stage financings to IPO, and has broad experience in technology and business law, including online contracting issues, licensing, domain name issues, software development, and complex outsourcing transactions. She is also a key contributor to MintzEdge, an online resource for entrepreneurs that includes useful tools and information for starting and growing a company.
Cynthia has extensive experience in privacy, data security, and information management matters, including state, federal, and international laws and regulations on the use and transfer of information, behavioral advertising, data security breach compliance and incident response, data breach incident response planning, as well as data transfers in the context of mergers and acquisitions and technology transactions.
She conducts privacy audits and risk assessments to determine data and transaction flow and to assess privacy practices, and assists with drafting and implementation of privacy policies and information security policies and procedures and monitoring of privacy “best practices” across all levels of the enterprise.
She is a frequent speaker on privacy issues at conferences and media appearances and presents privacy awareness and compliance training seminars to client companies.
During law school, she was editor-in-chief of the Probate Law Journal.
Education
- Boston University School of Law (JD)
- Boston University (MS)
- University of Massachusetts (BA)
Recognition & Awards
- BTI Consulting Group Client Service All-Star (2022)
- Best Lawyers in America: Privacy and Data Security Law (2018 – 2022)
- Top Author for Cybersecurity, JD Supra’s Readers' Choice Awards (2018 - 2021)
- Chambers USA: Noted Practitioner, Nationwide – Privacy & Data Security (2018 – 2019)
- National Law Review: Go-To Thought Leadership Award, Cybersecurity (2018)
- Chambers USA: Nationwide – Privacy & Data Security (2010 – 2016)
- Chambers Global: Privacy & Data Security (2011 – 2012, 2016 – 2017)
- National Diversity Council: Top 50 Most Powerful Women in Technology (2016)
- Woman of Technology 2001 by Women in Technology, Inc.
- Two Thousand Notable American Women (2001)
- Women's Business Boston: Top 10 Women Lawyers in Boston (2005)
- Women’s Business Boston: Top 10 Corporate Lawyers in Boston (2009 – 2010)
- Named a "Rising Star" by Boston Magazine (2011)
- Leila Josephine Robinson Award, Boston University Woman's Law Association (2010)
- Boston Digital Industry News: Best General Lawyer for a High-Tech Firm
- Massachusetts Super Lawyers: Rising Star – Information Technology/Outsourcing (2005)
Involvement
- Member, International Association of Privacy Professionals
- Member, Computer Law Association
- Member, Federal Communications Bar Association
Viewpoints
Understanding the American Data Privacy and Protection Act
June 8, 2022 | Blog | By Christian Tamotsu Fjeld, Cynthia Larose
Massachusetts Information Security and Privacy Act Sent to “Study”
June 2, 2022 | Blog | By Cynthia Larose, Daniel Connelly
FBI Director Wray Says FBI Blocked Planned Cyberattack on Boston Children’s Hospital
June 1, 2022 | Blog | By Cynthia Larose
FTC to Twitter: Do What You Say (Or Pay $150M If You Don’t)
June 1, 2022 | Blog | By Christopher Buontempo, Cynthia Larose
Connecticut is on the Privacy Move
May 4, 2022 | Blog | By Christopher Buontempo, Cynthia Larose
Health Care Organizations Warned of Aggressive Ransomware Threat
April 28, 2022 | Blog | By Cynthia Larose
SEC Proposes New Cybersecurity Rules for Public Companies
March 21, 2022 | Advisory | By Roman M. Gorokhov, Cynthia Larose, Megan Gates, John Condon
President Says Russia “Exploring” Cyberattacks Against U.S.
March 21, 2022 | Blog | By Cynthia Larose
Utah Consumer Privacy Act – Mintz’s Hot Take
March 17, 2022 | Blog | By Cynthia Larose, Christopher Buontempo
Facebook to Pay $90 Million to Settle Data Privacy Lawsuit
February 18, 2022 | Blog | By Cynthia Larose
News & Press
Five Mintz Attorneys Recognized as Client Service All-Stars by BTI
February 08, 2022
Québec’s Updated Privacy Law Complicates Cross-Border Data Flows
November 12, 2021
Complying With NYC’s New Biometrics Law
August 17, 2021
NY Cybersecurity Rules Pack Wallop In Enforcement Debut
August 19, 2020
Consent is Key to Avoiding Child Privacy Class Actions
June 15, 2020
Assessing Existing Privacy Policies and Practices
May 21, 2020
Protect Your Newly Remote Team From Cyberthreats
April 2, 2020
A New California Privacy Law Could Change Everything for Drone Operators in the U.S.
January 3, 2020
Mintz Recognized by Chambers USA 2019
April 26, 2019
Cynthia Larose Named a National Law Review "Go-To Thought Leader"
December 27, 2018
Sweeping Data Privacy Bill Approved In California
June 28, 2018
Chambers USA 2018 Ranks Mintz Attorneys & Practices
May 03, 2018
Mintz Honored by JD Supra's 2018 Reader's Choice Awards
March 19, 2018
Mintz’s Cynthia Larose Named “Top 50 Most Powerful Women in Technology” by National Diversity Council
October 16, 2017
New Yorkers Want to Know: What’s your cybersecurity plan?
August 29, 2017
Want to improve risk management? Do the basics
March 9, 2017
Lessons for Connected Devices From the FTC’s Warning Against Unexpected Data Collection
February 22, 2017
The Most Significant Data Breaches Of 2016
December 22, 2016
Getting Your Firm Beyond the Breach
March 1, 2016
Mintz Represents Time Inc. in Acquisition of Cozi Inc.
June 19, 2014
Events
Hot Topics in White Collar Crime and Government Investigations: Considerations for Corporate Counsel
Association of Corporate Counsel, San Diego and Mintz
Virtual Event


Privacy Shield Shattered & the SCCs in Peril: Understanding the Schrems II Decision (and What to Do Next)
View the Webinar Recording

Compliance Solutions Strategies Spring 2020 Conference
The Ritz-Carlton, Sarasota, Florida
The Concept of “Reasonable Security” – What is it and how do you get there?
View the Webinar Recording

Coronavirus (COVID-19): Managing the Privacy & Cybersecurity Risks
View the Webinar Recording
