Scott Lashway

Mintz

Partner, Co-Chair, Privacy and Cybersecurity Practice

Scott is a globally recognized privacy and cybersecurity disputes attorney who focuses his practice on the intersections of law, corporate data, and technology. A go-to advisor for significant disputes, corporate crises, and investigations, he also serves as Co-chair of Mintz’s Privacy & Cybersecurity Practice. Along with guiding clients through high-stakes incident response and breach investigations, complex and bet-the-company litigation, government investigations, and enforcement actions, he frequently provides strategic counsel on data management and technology development and use, including development and use of artificial intelligence. Scott represents clients in a range of industries, with a particular emphasis on health care, financial services, technology, artificial intelligence, and the media and adtech sectors.



Leveraging more than 20 years of experience with cybersecurity, privacy, and other technology matters, Scott partners with clients operating at the vanguard of technology implementation and development as well as new data uses. Along with advising on the rapid evolution of data governance, collection, and technology innovation, he helps navigate complex and novel data and privacy issues in Al and related technology development. His role often entails skillfully guiding clients through cybersecurity incident response and breach investigations as well as complex business and class action litigation. His extensive cybersecurity and privacy experience encompasses matters involving data and intellectual property (IP) theft and misappropriation, unauthorized access and acquisition, misuse, hacking, ransomware, cyberextortion, and technology disruptions. Scott’s greatest accomplishments for his clients are those that avoid headlines and are rarely — if ever — heard of.



Scott is recognized for his depth of knowledge and client service by various publications. He is ranked in Chambers Global, is identified as a leading cybersecurity incident response attorney globally by the Incident Response Forum, is recognized as a Client Service All-Star by BTI Consulting, and is identified as one of the 500 “Leading Litigators in America” by Lawdragon.



“Scott Lashway is a standout in many ways. His client service skills are the best in the business. He’s always responsive and meets our timelines, even when we have last-minute requests and escalated deadlines. He is incredibly knowledgeable and is able to see the big-picture legal risks that might otherwise require multiple attorneys in a variety of disciplines.”

— Client, Legal 500 Cyber Law (including Data Privacy and Data Protection).



In litigation involving privacy, cybersecurity, and a range of other complex issues, Scott has represented clients in state and federal courts nationwide and in various arbitration settings. He regularly serves as first-chair in trials and has significant experience defending and prosecuting bet-the-company and impactful litigation on behalf of companies and their officers and directors. In collaboration with white collar defense colleagues, he also oversees civil and criminal investigations. He regularly represents clients before various state and federal regulators, including the Securities and Exchange Commission (SEC), the Department of Justice (DOJ), the Financial Industry Regulatory Authority (FINRA), state attorneys general, the New York Department of Financial Services (NYDFS), and the Federal Trade Commission (FTC). 



Scott has advised clients on hundreds of proactive and reactive matters involving US and international privacy and security laws and obligations, both civil and criminal, since drafting his first privacy policy in 2001 and handling his first data-focused investigation in 2002. Through this work, he has gained a deep understanding of the intricacies of the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), state privacy laws, HIPAA and state law equivalents; the Biometric Information Privacy Act (BIPA), the New York State Department of Financial Services (NYDFS) cybersecurity regulations, the Shield Act, the Computer Fraud and Abuse Act, the Stored Communications Act, and state law equivalents (including wiretap statutes). His regulatory knowledge also extends to the Securities and Exchange Commission and Financial Industry Regulatory Authority (FINRA) security and privacy laws, guidance, and obligations, as well as the Gramm-Leach-Bliley Act and the Federal Risk and Authorization Management Program. Additionally, he regularly handles matters involving state consumer protection statutes, including Massachusetts' Chapter 93A and compliance with the National Institute of Standards and Technology, SOC 2, ISO, HITRUST, and other security frameworks.



A sought-after thought leader in his field, Scott regularly writes and speaks on data privacy and cyber security issues, and counsels industry groups and stakeholders on data privacy and security trends. He also regularly receives recognition and accolades for his extensive knowledge and outstanding client service. 



Prior to joining Mintz, Scott founded and opened the Boston office of a national firm. In addition to serving as the firm's Office Managing Partner, he co-led the firm’s global privacy and cybersecurity practice. Earlier, while practicing at a multinational law firm, he co-chaired the data privacy and cybersecurity team. Scott also previously worked as senior in-house counsel and head of investigations for a Fortune 100 global financial services company, where he oversaw investigations, implementation of anti-fraud controls, and related training.

 

Contributions by Scott Lashway

  • Always On: Building Privacy Programs for a World of Constant Risk
    Speaker at IAPP Privacy. Security. Risk. 2025
  • Online Advertising and Privacy: Prospects & Pitfalls
    Forum Speaker at IAPP Global Privacy Summit 2024
  • Marketing 101 for Privacy Officers: How to Collaborate with Your Marketing Team
    Speaker at IAPP Global Privacy Summit 2022