Nilou Massachi is an associate in the Data Privacy & Cybersecurity Practice. She focuses her practice on data privacy and protection, technology transactions, advertising, sales and digital media practices, cybersecurity, and consumer protection law.
A certified information privacy professional (CIPP/US), Nilou works collaboratively with clients to develop and implement information governance and privacy compliance programs. Counseling multinational companies spanning a variety of industries, she regularly evaluates privacy impact assessments, drafts policies and procedures for providing consumer data privacy transparency and choice, advises clients on data inventory and mapping, and negotiates privacy and data security provisions for various types of multiparty commercial agreements, such as data protection agreements. In advising clients, she applies her in-depth understanding of state and federal privacy laws, including the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (CDPA), the California Shine the Light Act, the California Online Privacy Protection Act (CalOPPA), the Video Privacy Protection Act (VPPA) and the Children’s Online Privacy Protection Act (COPPA). In her role as privacy counsel, Nilou coordinates and leads the implementation of global privacy programs such as for international organizations subject to the CCPA and the EU General Data Protection Regulation (GDPR).
Nilou also advises clients on advertising, marketing, promotions and sales practices, as well as e-commerce platform compliance. Her experience encompasses counseling on licensing of user-generated content, the protections afforded by the Digital Millennium Copyright Act (DMCA) and the Communications Decency Act (CDA), clickwraps, customer testimonials, W3C disability accessibility standards and buy flow processes, as well as preparing terms of use, terms of sale and supply chain notices. In addition, she provides counseling on how to conduct compliant contests, sweepstakes and loyalty programs, as well as recurring membership subscriptions programs in accordance with ROSCA and state automatic renewal laws. She also has experience advising clients on how to conduct email and text marketing campaigns in compliance with consumer protection laws, such as the CAN-SPAM Act and the TCPA. In her role, Nilou counsels clients on digital advertising practices, including in relation to cookies and other types of tracking technologies, and the interpay of related consumer protection programs, such as enhanced notice requirements for cross-device interest-based advertising and the collection of precise location data.
Nilou’s experience also encompasses counseling clients on developing incident response plans and responding to security incidents, including addressing notification obligations and regulatory investigations.