Skip to main content

Cynthia J. Larose

Member / Chair, Privacy & Cybersecurity Practice

[email protected]

+1.617.348.1732

Follow:
Share:

Cynthia is a highly regarded authority in the privacy and security field and a Certified Information Privacy Professional (CIPP). She handles the full range of data security issues for companies of all sizes, from start-ups to major corporations. Cynthia is masterful at conducting privacy audits; crafting procedures to protect data; advising clients on state, federal, and international laws and regulations on information use and data security; helping organizations respond to breaches; and planning data transfers associated with corporate transactions. She is an in-demand media commentator and speaker on privacy and cybersecurity issues.

Cynthia is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E).

She represents companies in information, communications, and technology, including e-commerce and other electronic transactions. She counsels clients through all stages of the “corporate lifecycle,” from start-ups through mid- and later-stage financings to IPO, and has broad experience in technology and business law, including online contracting issues, licensing, domain name issues, software development, and complex outsourcing transactions. She is also a key contributor to MintzEdge, an online resource for entrepreneurs that includes useful tools and information for starting and growing a company.

Cynthia has extensive experience in privacy, data security, and information management matters, including state, federal, and international laws and regulations on the use and transfer of information, behavioral advertising, data security breach compliance and incident response, data breach incident response planning, as well as data transfers in the context of mergers and acquisitions and technology transactions.

She conducts privacy audits and risk assessments to determine data and transaction flow and to assess privacy practices, and assists with drafting and implementation of privacy policies and information security policies and procedures and monitoring of privacy “best practices” across all levels of the enterprise.

She is a frequent speaker on privacy issues at conferences and media appearances and presents privacy awareness and compliance training seminars to client companies.

During law school, she was editor-in-chief of the Probate Law Journal.

Education

  • Boston University School of Law (JD)
  • Boston University (MS)
  • University of Massachusetts (BA)

Recognition & Awards

  • National Law Review: Go-To Thought Leadership Award, Cybersecurity (2018)
  • Best Lawyers in America: Privacy and Data Security Law (2018 – 2020)
  • Chambers USA: Noted Practitioner, Nationwide – Privacy & Data Security (2018 – 2019)
  • Top Author for Cybersecurity and Data Collection & Use, JD Supra’s Readers' Choice Awards (2019)
  • Chambers USA: Nationwide – Privacy & Data Security (2010 – 2016)
  • Chambers Global: Privacy & Data Security (2011 – 2012, 2016 – 2017)
  • National Diversity Council: Top 50 Most Powerful Women in Technology (2016)
  • Woman of Technology 2001 by Women in Technology, Inc.
  • Two Thousand Notable American Women (2001)
  • Women's Business Boston: Top 10 Women Lawyers in Boston (2005)
  • Women’s Business Boston: Top 10 Corporate Lawyers in Boston (2009 – 2010)
  • Named a "Rising Star" by Boston Magazine (2011)
  • Leila Josephine Robinson Award, Boston University Woman's Law Association (2010)
  • Boston Digital Industry News: Best General Lawyer for a High-Tech Firm
  • Massachusetts Super Lawyers: Rising Star – Information Technology/Outsourcing (2005)

Involvement

  • Member, International Association of Privacy Professionals
  • Member, Computer Law Association
  • Member, Federal Communications Bar Association

Recent Insights

News & Press

Viewpoints

Privacy & Thumbnail Viewpoints Thumbnail
We previously provided insights into this important portion of the regulations here.  In this installment we address important revisions provided by the AG’s office to Article 3 of these regulations, several of which will have far reaching implications. 
Read more
Privacy & Thumbnail Viewpoints Thumbnail
Back in October, we provided a summary of Article 2 of the California Attorney General’s Initial Proposed CCPA draft regulations, which specify certain notices that must be given to consumers at the time of collection of their personal information, including consumers’ rights to opt-out of the sale of their personal information, and notices of financial incentives a business may offer in exchange for consumers’ personal information.
Read more
Privacy & Thumbnail Viewpoints Thumbnail

Updated Attorney General Regulations to the CCPA – A Series

February 12, 2020 | Blog | By Cynthia Larose

The revised draft regulations to the California Consumer Privacy Act were issued by the California Attorney General’s office on February 7, and then modified on February 10.   These amendments are open for public comment under Tuesday, February 25, 2020 at 5 pm PST. Starting tomorrow, we will update our October 2019 series of analyses of the various provisions of the draft regulations and operational impacts.
Read more
Privacy & Thumbnail Viewpoints Thumbnail

California AG Issues Revised Draft CCPA Regulations

February 10, 2020 | Blog | By Cynthia Larose

Late in the afternoon on Friday, the California Attorney General dropped the long-awaited revised draft regulations implementing the California Consumer Privacy Act of 2018 (CCPA).  The AG’s office provided a redline to the initial draft regulations, which we have previously discussed.
Read more
Privacy & Thumbnail Viewpoints Thumbnail

The View from DC: Expansion of COPPA?

February 7, 2020 | Blog | By Christian Tamotsu Fjeld, Christopher Harvie, Cynthia Larose

Representative Kathy Castor (D-FL) has introduced the Protecting the Information of Our Vulnerable Children and Youth Act (PRIVCY ACT), which is a significant rewrite of the Children’s Online Privacy Protection Act (COPPA). In so doing, the bill expands the scope of COPPA’s protections and creates new enforcement mechanisms. The children advocacy groups, Common Sense Media and the Campaign for a Commercial-Free Childhood, have come out in public support of the bill, as has the privacy advocacy group, the Center for Digital Democracy.
Read more
Privacy & Thumbnail Viewpoints Thumbnail

UPDATED: It’s Déjà vu All Over Again: Washington Privacy Act Fails to Pass

February 4, 2020 | Blog | By Christopher Buontempo, Cynthia Larose

Aristotle first suggested that “nature abhors a vacuum,” meaning that where there is a void, the universe seeks to fill it.  Although there has been some movement in Congress towards comprehensive federal privacy legislation states like California have taken up the gauntlet to fill the vacuum. We now have the California Consumer Privacy Act (CCPA) in force and expect to see other states take up similar laws this year. 
Read more
Privacy & Thumbnail Viewpoints Thumbnail

REMINDER: Brexit Effects on Privacy Shield

January 31, 2020 | Blog | By Cynthia Larose

Now that the United Kingdom has officially withdrawn from the European Union as of January 31, you should look at your transfers of personal data in light of Brexit.   Under the Withdrawal Agreement between the UK and the EU, EU law (including GDPR) will continue to apply to and in the UK during the transition period from January 31, 2020 to December 21, 2020.   
Read more
Privacy & Thumbnail Viewpoints Thumbnail

Congressional Privacy Action – Part 2: The House

January 29, 2020 | Blog | By Christian Tamotsu Fjeld, Christopher Harvie, Cynthia Larose

The House is taking a different approach to drafting a federal privacy bill.  On December 18, Democratic and Republican staff for the House Energy & Commerce Committee released a bipartisan staff draft for circulation.  The “staff” in “staff draft” is key – the document does not necessarily reflect the policy positions of Members, particularly committee Chairman Frank Pallone (D-NJ) and Ranking Member Greg Walden (R-OR).
Read more
Viewpoint Thumbnail

Congressional Privacy Action – Part 1: The Senate

January 28, 2020 | Blog | By Christian Tamotsu Fjeld, Christopher Harvie, Cynthia Larose

As 2020 gets underway, Congress will continue to deliberate on federal privacy legislation in the second session of the 116th Congress.  The California Consumer Privacy Protection Act (CCPA) went into effect on January 1, and the state will begin enforcing the law on July 1.  State Attorney General Xavier Becerra (D) is expected to release final regulations implementing CCPA within six months (although business certainly hopes sooner….). 
Read more
Viewpoint Thumbnail

Is Your Company Still Running Windows 7? READ THIS!

January 10, 2020 | Blog | By Cynthia Larose

If you haven’t been paying attention to all the Microsoft warnings for the past year and your company is still running Windows 7, time’s up.   After January 14, 2020, Microsoft will stop pushing out security updates to Windows 7 for free.  You’ll still be able to run those Windows 7 systems, but they will be more susceptible to security problems and there will be no patches pushed out for these vulnerabilities.  
Read more

News & Press

News Thumbnail
Mintz Member and Chair of the firm’s Privacy & Cybersecurity Practice Cynthia Larose, Of Counsel Laura Stefani, and Associates Jonathan Markman and Elana Safner co-authored this guest post published by Dronelife that addressed how the California Consumer Privacy Act might affect drone operators in the state. The article also provided action items for surveillance and drone companies as they prepare for CCPA implementation.

Sweeping Data Privacy Bill Approved In California

June 28, 2018 | Associated Press

This story noted news that California’s Governor has signed in law the nation's most far-reaching data privacy bill which will provide the state’s consumers more control of their personal data. Cynthia Larose, Chair of the firm's Privacy & Security Practice and a Certified Information Privacy Professional (CIPP), provides commentary.
Press Release Thumbnail
Mintz partner and Massachusetts lawyer Julie Korostoff is one of 49 attorneys recognized as “Leaders in Their Fields” by the 2018 Chambers USA: America's Leading Lawyers for Business guide. Chambers named Korostoff a “Recognized Practitioner” in Technology.
Mintz is proud to be recognized by JD Supra in its 2018 Reader’s Choice awards. The annual program highlights the most widely read authors and articles throughout the past year. Five Mintz attorneys were named JD Supra Top Authors in four different industries.
Press Release Thumbnail
The National Diversity Council has named Cynthia Larose, Chair of the Privacy & Security Practice of Mintz, one of the “Top 50 Most Powerful Women in Technology.” This marks the second consecutive year Ms. Larose has been selected for this honor.
Cynthia Larose is a Member of Mintz's Boston office and Chair of the firm’s Privacy & Security Practice. She was featured in a Marketplace article on cybersecurity regulations going into effect for financial institutions licensed by the state of New York.
Press Release Thumbnail
Best Lawyers named 85 Mintz attorneys to its 2018 list of The Best Lawyers in America. In addition, Mintz attorneys Matthew J. Gardella and Samuel M. Tony Starr were named “Lawyer of the Year” in their respective practice areas.
Jennifer Rubin and Cynthia Larose are among those interviewed in the second part of this series discussing the legality of employers’ monitoring data systems and employee digital activity, making sure that they comply with consent and other requirements when setting up programs.
Members Jennifer Rubin and Cynthia Larose are among those interviewed in this article discussing the legality of employers’ monitoring data systems and employee digital activity, making sure that they comply with consent and other requirements when setting up programs.
This article focuses on the key takeaways from a cybersecurity panel of industry experts recently held at Boston College. Member Cynthia Larose and Chair of the firm's Privacy & Security Practice moderated the panel.
Press Release Thumbnail
Mintz Members will be participating in multiple panel discussions at the 2017 Boston Conference on Cyber Security hosted by Boston College and the FBI. The event presents an opportunity for leading minds to come together and fashion a more secure cyberspace.
Cynthia Larose is included in this article discussing challenges and questions raised concerning privacy of data on connected devices. Cynthia, a Member in the firm, is Chair of Mintz’s Privacy and Security Practice.
Member Cynthia Larose and Chair of the firm’s Privacy & Security Practice is quoted in a Law360 article discussing the major data security breaches in 2016.
Firm’s National Healthcare Practice, NY Corporate/M&A and Litigation: General Commercial Among Newest Rankings

Getting Your Firm Beyond the Breach

March 1, 2016 | http://www.asa-digital.net/amstaffingassoc/january_february_2016?pg=19#pg19 American Staffing Association Magazine

Member Cynthia Larose authored this American Staffing Association Magazine column on how businesses will find themselves under scrutiny for data breaches.
The 2015 Chambers USA: America's Leading Lawyers for Business guide names 52 Mintz, Cohn, Ferris, Glovsky and Popeo, P.C.  attorneys as “Leaders in Their Fields.”

Events

Speaker
Apr
27
2020

Compliance Solutions Strategies Spring 2020 Conference

The Ritz-Carlton, Sarasota, Florida

Speaker
Mar
4
2020
Speaker
Dec
17
2019
Panelist
Sep
25
2019
Moderator
Jun
19
2019

Health Care & Cybersecurity: A Powerful Combination

ML Strategies, 701 Pennsylvania Ave, NW, Suite 900, Washington, DC 20004

Speaker
Panelist
Apr
29
2019

AHAM Annual Member Meeting 2019

Know the Score

The Ritz-Carlton Washington DC

Moderator
Mar
6
2019

The Third Annual Boston Conference on Cyber Security (BCCS 2019)

Boston College, Gasson Hall, Room 100, 140 Commonwealth Avenue Chestnut Hill, MA

Speaker
Feb
4
2019

Cybersecurity Best Practices for Legal Services Providers 2019

Practising Law Institute

PLI New York Center, 1177 Avenue of the Americas, (2nd floor), entrance on 45th Street, New York, New York

Speaker
Nov
13
2018

CTAM End of Year Meeting

HBO Theater, New York, NY

Oct
3
2018

Ascendant Compliance Conference

State of the Data Breach

San Diego, California

Speaker
May
7
2018

2018 Onsolve User Conference

Arizona Biltmore Hotel 2400 E Missouri Avenue Phoenix, AZ

Speaker
Apr
18
2018

Legal Issues in Museum Administration 2018

American Law Institute Continuing Legal Education (ALI CLE)

Revere Hotel Boston Common 200 Stuart Street Boston, MA

Speaker
Mar
19
2018

2018 Cyber Liability Conference

Mohegan Sun Resort & Convention Center 1 Mohegan Sun Blvd Uncasville, CT

Speaker
Mar
15
2018

Higher Education Legal Conference

Boston Bar Association

Sheraton Boston Hotel 39 Dalton Street Boston, MA

Moderator
Mar
7
2018

The Second Annual Boston Conference on Cyber Security (BCCS 2018)

Boston College

Gasson Hall, Room 100 140 Commonwealth Avenue Chestnut Hill, MA

Speaker
Jan
19
2018
Speaker
Jan
17
2018
Speaker
Nov
30
2017
Speaker
Nov
29
2017
Speaker
Nov
28
2017
Speaker
Speaker
Nov
2
2017

Cyber Security & Liability

New Hampshire Bar Association

Concord, NH

Speaker
Oct
25
2017

Staffing World 2017

American Staffing Association

Chicago, IL

Speaker
Oct
10
2017

Ascendant Compliance Conference

Ascendant Compliance Management

Napa, California

Panelist
May
24
2017

Privacy & Cybersecurity Conference

Boston Bar Association

Boston, MA

Speaker
May
11
2017

2017 ASA Staffing Law Conference

American Staffing Association

Washington, DC

Moderator
Mar
8
2017
Speaker
Jun
3
2016

Director Bootcamp

NACD New England

Boston, MA

Speaker
May
11
2016

2016 NEDRIX Spring Conference

NorthEast Disaster Recovery Information X-Change

Boston, MA

Speaker
Speaker
Dec
1
2015

Increased Scrutiny by Regulators of Cybersecurity

The New England Broker/Dealer and Investment Adviser Association

Boston, MA

Speaker
May
13
2015

Massachusetts Employment Law Summit

Mintz Levin

Boston, MA

Moderator
Mar
10
2015

Not If, But When: Cyber Security for Companies in an Age of Inevitable Hacks, Attacks & Breaches

National Association of Corporate Directors, New England Chapter

Newton Marriott Hotel, Newton, MA