Cynthia is Chair of the firm’s Privacy & Security Practice and a Certified Information Privacy Professional (CIPP).
She represents companies in information, communications, and technology, including e-commerce and other electronic transactions. She counsels clients through all stages of the “corporate lifecycle,” from start-ups through mid- and later-stage financings to IPO, and has broad experience in technology and business law, including online contracting issues, licensing, domain name issues, software development, and complex outsourcing transactions.
Cynthia has extensive experience in privacy, data security, and information management matters, including state, federal, and international laws and regulations on the use and transfer of information, behavioral advertising, data security breach compliance and incident response, data breach incident response planning, as well as data transfers in the context of mergers and acquisitions and technology transactions.
She conducts privacy audits and risk assessments to determine data and transaction flow and to assess privacy practices, and assists with drafting and implementation of privacy policies and information security policies and procedures and monitoring of privacy “best practices” across all levels of the enterprise.
She is a frequent speaker on privacy issues at conferences and media appearances and presents privacy awareness and compliance training seminars to client companies.
During law school, she was editor-in-chief of the Probate Law Journal.
Recognitions & Awards
- Chambers USA: Nationwide – Privacy & Data Security (2010 – 2013)
- Chambers Global: Privacy & Data Security (2011 – 2012)
- Woman of Technology 2001 by Women in Technology, Inc.
- Two Thousand Notable American Women (2001)
- Women's Business Boston: Top 10 Women Lawyers in Boston (2005)
- Women’s Business Boston: Top 10 Corporate Lawyers in Boston (2009 – 2010)
- Named a "Rising Star" by Boston Magazine (2011)
- Leila Josephine Robinson Award, Boston University Woman's Law Association (2010)
- Boston Digital Industry News: Best General Lawyer for a High-Tech Firm
- Massachusetts Super Lawyers: Rising Star – Information Technology/Outsourcing (2005)
Professional & Community Involvement
- Member, International Association of Privacy Professionals
- Member, Computer Law Association
- Member, Federal Communications Bar Association
Cynthia is Chair of the firm’s Privacy & Security Practice and a Certified Information Privacy Professional (CIPP).
She represents companies in information, communications, and technology, including e-commerce and other electronic transactions. She counsels clients through all stages of the “corporate lifecycle,” from start-ups through mid- and later-stage financings to IPO, and has broad experience in technology and business law, including online contracting issues, licensing, domain name issues, software development, and complex outsourcing transactions.
Cynthia has extensive experience in privacy, data security, and information management matters, including state, federal, and international laws and regulations on the use and transfer of information, behavioral advertising, data security breach compliance and incident response, data breach incident response planning, as well as data transfers in the context of mergers and acquisitions and technology transactions.
She conducts privacy audits and risk assessments to determine data and transaction flow and to assess privacy practices, and assists with drafting and implementation of privacy policies and information security policies and procedures and monitoring of privacy “best practices” across all levels of the enterprise.
She is a frequent speaker on privacy issues at conferences and media appearances and presents privacy awareness and compliance training seminars to client companies.
During law school, she was editor-in-chief of the Probate Law Journal.
Recognitions & Awards
- Chambers USA: Nationwide – Privacy & Data Security (2010 – 2013)
- Chambers Global: Privacy & Data Security (2011 – 2012)
- Woman of Technology 2001 by Women in Technology, Inc.
- Two Thousand Notable American Women (2001)
- Women's Business Boston: Top 10 Women Lawyers in Boston (2005)
- Women’s Business Boston: Top 10 Corporate Lawyers in Boston (2009 – 2010)
- Named a "Rising Star" by Boston Magazine (2011)
- Leila Josephine Robinson Award, Boston University Woman's Law Association (2010)
- Boston Digital Industry News: Best General Lawyer for a High-Tech Firm
- Massachusetts Super Lawyers: Rising Star – Information Technology/Outsourcing (2005)
Professional & Community Involvement
- Member, International Association of Privacy Professionals
- Member, Computer Law Association
- Member, Federal Communications Bar Association
Publications
-
Co-author,
SEC and CFTC Issue Final Joint Rules on “Red Flags” Compliance, Privacy & Security | Securities Alert ()
-
Author,
SJC to Retailers: Be Careful What You Ask For, Boston Business Journal ()
-
Co-author,
Massachusetts Supreme Judicial Court Rules That Retailers May Be Sued for Wrongful Use of Customer Zip Codes Recorded During Credit Card Sales, Privacy and Security ()
-
Co-author,
FTC Guidelines for Mobile Applications: New Standards for Transparency and Notification Dictate Responsibilities for All Parties Involved, Privacy Alert ()
-
Co-author,
The New HIPAA Omnibus Rule & Your Liability, Advisory ()
-
Editor,
Integrating Employees’ Smart Devices into the Workplace, New York Law Journal ()
-
Co-author,
Federal Trade Commission Brings Two Enforcement Actions Related to Peer-to-Peer Networks, Privacy & Security Alert ()
-
Co-author,
Keeping the FTC Out of Your Space: Lessons from Myspace, Law360 ()
-
Co-author,
The Facebook IPO and Disclosure of Cybersecurity and Privacy Risks: Tips and Lessons for Practitioners, Bloomberg Law Reports: Securities Law ()
-
Co-author,
Privacy-on-the-Go: California Attorney General and Major Mobile Application Platforms Agree to Privacy Principles for Mobile Applications, Emerging Companies & Privacy Alert ()
-
Co-author,
What the EU's Data Protection Proposal Means for Your Business, Privacy & Security Alert ()
-
Author,
New Year’s Resolutions — Privacy & Security, Privacy & Security Alert ()
-
Co-author,
California’s New Forced Labor Disclosure Law: Empowering Consumers while Burdening the Supply Chain, Corporate Compliance Alert ()
-
Co-author,
SEC Provides Disclosure Guidance on Cybersecurity, Securities Law/Privacy Alert ()
-
Once more into the Breach: Are We Learning Anything?, Westlaw Journal Automotive ()
-
Author,
New Form I-129 Requires Immediate Employer Attention to “Deemed Export” Issues, Immigration Alert ()
-
Co-author,
Don’t Shoot the Messenger: Another Court Cautions against Retaliating against Employees Who Report Data Security Concerns, Employment, Labor & Benefits Alert ()
-
Author,
FTC Closes Blogger Marketing Investigation, FTC Consumer Protection Alert ()
-
Author,
Popular Restaurant Chain Settles Federal Trade Commission Data Breach Charges, Privacy & Security Alert ()
-
Co-author,
Is Your Electronic Health Record Technology "Meaningful?", Health Care Reform Advisory ()
-
Author,
Tick-Tock: It’s February 1 - The Countdown to Compliance with the Massachusetts Data Security Regulations Has Begun!, Privacy & Security Alert ()
-
Third Circuit Rejects FCC Finding That AT&T Lacks "Personal Privacy" under Federal Freedom of Information Act Definition, Telecommunications | Privacy Alert ()
-
Author,
Smart Grid Privacy Issues To Be Examined by the Federal Communications Commission - Comment Period through October 2, 2009, Energy & Clean Technology Alert ()
-
Author,
The New Massachusetts Data Security Requirements: Additional Obligations or More of the Same?, Employee Benefit News ()
-
FTC Alleges Some “Green” Marketing Claims Are Dirty, Consumer Protection Advisory ()
-
Co-author,
Supreme Court Upholds Requirement that the Government Prove Knowledge of Identity Theft, Privacy & Security Alert ()
-
Author,
Stay of Execution of Red Flag Enforcement FTC Announces Three-Month Delay of Enforcement of “Red Flags Rule”, Privacy & Security Alert ()
-
Author,
Identity Theft Red Flag Program Compliance Deadline Rapidly Approaching, Health Law Alert ()
-
Co-author,
FTC Releases Staff Report Announcing Self-Regulatory Principles for Online Behavioral Advertising, Privacy & Security | Communications Alert ()
-
Co-author,
Massachusetts Extends Deadline for Compliance with Data Security Regulations to January 1, 2010, Privacy & Security Alert ()
-
Co-author,
Office of Consumer Affairs and Business Regulation Faces Growing Criticism Over Data Security Regulations’ Content and Implementation Date, Privacy & Security Alert ()
-
Co-author,
Massachusetts Data Security Standards, Intellectual Property Counselor ()
-
Co-author,
Privacy Compliance 101: Why Massachusetts Data Security Standards DO Affect You, CIO.com ()
-
Author,
Bureau of Industry and Security Announces Intra-Company Transfer License Exception, International Trade Alert ()
-
Massachusetts New Data Security Regulations Effective January 1, 2009, Privacy & Security Alert ()
-
Author,
The FTC Approves Long-Awaited CAN-SPAM Discretionary Rule, Privacy & Security Alert ()
-
Author,
Proposed Amendments May Expand Protection of Consumer Financial Information in the Securities Industry, Privacy & Security Advisory ()
-
Author,
The 40th State, Privacy Alert: Virginia ()
-
FTC Proposes "Self-Regulatory" Principles for Ehavioral Online Advertising, ()
Speaking Engagements
-
Speaker,
Raising Awareness of Cyber Risk to the Boardroom – and the Growing Risk to Directors,
Cybersecurity: It’s Not Just for IT Anymore,
Mintz Levin and Kroll Advisory Solutions, Boston, MA
-
Speaker,
After Patco: What is Legally Defensible Security in a Commercial Customer Relationship,
Northwest Summit for Financial Professionals,
Association for Financial Professionals, Seattle, WA
-
Panelist,
Cyber Security: Advising Corporate Leaders on Critical Risk Issues,
New England Legal Foundation, Boston, MA
-
Speaker,
Outsourcing Services to a Third Party - Privacy Impacts and Service Organization Control Reports,
Mayer Hoffman McCann P.C. and Mintz Levin, Webinar
-
Speaker,
Safe Social Media Policies for HR Managers Panel,
Ascentis, Webinar
-
Speaker,
The New HIPAA Omnibus Rule & Your Liability,
Mintz Levin, Webinar
-
Panelist,
Privacy,
Broadband and Cable Industry Law 2013,
PLI, Webinar
-
Panelist,
Legal & Compliance Issues in Information Security,
2012 Blackstone General Counsel Conference,
New York, NY
-
Speaker,
The Era of Big Data - Governance, Risk and Compliance Issues,
Association of Corporate Counsel, San Diego, CA
-
Speaker,
Learn About Network Security, Privacy Risk, and Ways to Help Protect Your Business,
Wells Fargo Insurance Services USA, Boston, MA
-
Panelist,
Real World Strategies for Managing Real Risks to Your Business,
"Security and IP Special Interest Groups of CommNexus, San Diego, CA
-
Speaker,
Hands-On Data Security Compliance Workshop,
WinMagic, Lenovo, and Mintz Levin, Irvine, CA & La Jolla, CA
-
Speaker,
IAPP Privacy Bootcamp,
International Association of Privacy Professionals, Waltham, MA
-
Speaker,
Privacy & Security Under HIPAA / HITECH in an Era of Heightened Enforcement,
Mintz Levin, Webinar
-
Speaker,
Data Privacy and Security Issues for the Not-for-Profit: 201 CMR 17.00, PCI, and Other Acronyms You Should Know,
Data Privacy and Security Issues for the Not-for-Profit: 201 CMR 17.00, PCI, and Other Acronyms You ,
Mintz Levin, Webinar
-
Panelist,
Privacy and Information Security Landscape in the Wake of WikiLeaks,
Association of Latino Professionals in Finance and Accounting, Boston, MA
-
Speaker,
Privacy Compliance and Data Security Protocols,
Mintz Levin, Boston, MA
-
Panelist,
MRIMS Educational Spring Conference,
Massachusetts Risk and Insurance Management Society, Waltham, MA
-
Speaker,
Privacy Compliance and Data Security Protocols,
Mintz Levin, New York, NY
-
Speaker,
Export Licenses: What You Need to Know for Compliance,
Mintz Levin, Webinar
-
Speaker,
You’re Being Followed – Online Privacy Today,
Digital Media SIG Event ,
MIT Enterprise Forum
-
Panelist,
Health Care and Massachusetts Data Protection Laws,
Mintz Levin, Boston, MA
-
Speaker,
Massachusetts Data Security Regulations: Demystifying the Details,
Northeast Human Resources Association, Webinar
-
Panelist,
Demystifying the Massachusetts Data Protection Law: A Hands-On Workshop,
MFA - Moody, Famiglietti & Andronico, LLP, Tewksbury, MA
-
Speaker,
Data Security Issues in Licensing Deals,
IP Licensing Subcommittee
-
Speaker,
Privacy Training and Awareness,
International Association of Privacy Professionals KnowledgeNet Series
-
Speaker,
Numbers You Should Know: 201 CMR 17.00 — Massachusetts Standards for the Protection of Personal Information of Residents of the Commonwealth,
Numbers You Should Know: 201 CMR 17.00 — Massachusetts Standards for the Protection of Personal Info,
New England Corporate Counsel Association, Boston, MA
-
Speaker,
Data Security "Hot Buttons" Roundtable,
Axis Technology
-
Panelist,
Massachusetts Privacy Law: And You Thought Your Network Was All Buttoned Down!?,
FEI Boston, Boston, MA
-
Panelist,
Data Security and Privacy — HIPAA to ARRA to Red Flags to 201 CMR 17.00,
Data Security and Privacy: HIPAA to ARRA to Red Flags to 201 CMR 17.00,
Massachusetts League of Community Health Centers Annual Meeting, Hyannis, MA
-
Speaker,
Identity Theft Red Flag Rules and Discrepancy Requirements for Healthcare Providers,
Securing Patient Information Wherever It Goes,
Massachusetts Health Data Consortium
-
Speaker,
It's Midnight, May 1, 2009. Do You Know Where Your Information Security Plan Is?,
Mintz Levin, Webinar
-
Speaker,
New Massachusetts Privacy and Security Regulations,
Chartered Property Casualty Underwriters Society Breakfast Meeting
-
Speaker,
Data Privacy,
West LegalWorks Information Security and Data Privacy Summit 2008
Newsroom
-
Quoted in
As Data Breaches Rise, AGs Emerge as Primary Enforcers, Law360 ()
-
Quoted in
Zip Codes are Private Info, Says Massachusetts Supreme Court, Lawyers.com ()
-
Quoted
ZIP Code Ruling Puts Retailers in Privacy Hot Seat, Law360 ()
-
Quoted in
Privacy Regulation and Legislation to Watch in 2013, Law360 ()
-
Quoted in
Data Thieves Target Checkouts, USA Today ()
-
Forty-One Mintz Levin Attorneys Featured in Chambers USA 2012 Guide, ()
-
Quoted in
Privacy Legislation and Regulation to Watch in 2012, Law360 ()
-
Mintz Levin Attorney Cynthia Larose to Moderate Panel at 2011 MIT Sloan CFO Summit, ()
-
Quoted in
Liability in Credit Card Breach Suits Tied to Strict Industry Standards, Massachusetts Lawyers Weekly ()
-
Thirty Four Mintz Levin Attorneys Featured in Chambers USA 2011 Guide, ()
-
Webinar: Export Licenses - What you need to know for compliance, ()
-
Mintz Levin Represents Alphatec Holdings, Inc. in $92 Million Public Offering, ()
-
Cynthia Larose to Receive Boston University Woman’s Law Association 2010 Leila Josephine Robinson Award, ()
-
Mintz Levin Adds Six Attorneys to Chambers USA 2010 Guide, ()
-
Three Mintz Levin Attorneys Named in the Top Ten Corporate Lawyers in Boston by Women's Business Boston, ()
-
Featured in
Top Ten Corporate Lawyers, Women's Business Boston ()
-
Cynthia Larose Recognized in the Top Ten Corporate Lawyers in Boston by Women's Business Boston, ()
-
Mintz Levin Represents Massachusetts Educational Financing Authority in $400 Million Bond Offering, ()