Nilou Massachi is an associate in the Data Privacy & Cybersecurity Practice. She focuses her practice on data privacy and protection, technology transactions, advertising, sales and digital media practices, cybersecurity, and consumer protection law.
A certified information privacy professional (CIPP/US), Nilou works collaboratively with clients to develop and implement information governance and privacy compliance programs. Counseling multinational companies spanning a variety of industries, she regularly evaluates privacy impact assessments, drafts policies and procedures for providing consumer data privacy transparency and choice, advises clients on data inventory and mapping, and negotiates privacy and data security provisions for various types of multiparty commercial agreements, such as data protection agreements. In advising clients, she applies her in-depth understanding of state and federal privacy laws, including the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (CDPA), the California Shine the Light Act, the California Online Privacy Protection Act (CalOPPA), the Video Privacy Protection Act (VPPA) and the Children’s Online Privacy Protection Act (COPPA). In her role as privacy counsel, Nilou coordinates and leads the implementation of global privacy programs such as for international organizations subject to the CCPA and the EU General Data Protection Regulation (GDPR).
Nilou also advises clients on advertising, marketing, promotions and sales practices, as well as e-commerce platform compliance. Her experience encompasses counseling on licensing of user-generated content, the protections afforded by the Digital Millennium Copyright Act (DMCA) and the Communications Decency Act (CDA), clickwraps, customer testimonials, W3C disability accessibility standards and buy flow processes, as well as preparing terms of use, terms of sale and supply chain notices. In addition, she provides counseling on how to conduct compliant contests, sweepstakes and loyalty programs, as well as recurring membership subscriptions programs in accordance with ROSCA and state automatic renewal laws. She also has experience advising clients on how to conduct email and text marketing campaigns in compliance with consumer protection laws, such as the CAN-SPAM Act and the TCPA. In her role, Nilou counsels clients on digital advertising practices, including in relation to cookies and other types of tracking technologies, and the interpay of related consumer protection programs, such as enhanced notice requirements for cross-device interest-based advertising and the collection of precise location data.
Nilou’s experience also encompasses counseling clients on developing incident response plans and responding to security incidents, including addressing notification obligations and regulatory investigations.
More Legal and Business Bylines From Niloufar Massachi
- Are you Ready for Washington and Nevada’s Consumer Health Data Laws? - (Posted On Wednesday, April 17, 2024)
- Potential CCPA Fines “Significant”, California AG’s Office “Plotting” and Other Takeaways From Privacy Regulators during Privacy Summit in Los Angeles - (Posted On Friday, February 16, 2024)
- CCPA Regs Effective Immediately, No One-Year Delay for Future Regs: Court of Appeal Sides with California Privacy Protection Agency in Regulations Delay Case - (Posted On Tuesday, February 13, 2024)
- California’s Potential Approach to Regulations on Risk Assessments and Cybersecurity Audits Could Be a Game Changer - (Posted On Tuesday, September 12, 2023)
- The Bare Minimum and More: Complying with the Contracting Requirements under U.S. Privacy Laws - (Posted On Tuesday, March 07, 2023)
- Malcolm Dowden and Niloufar Massachi Discuss Vendor Contracting Requirements Under New US Privacy Laws and the GDPR - (Posted On Monday, September 26, 2022)
- HR and B-to-B Data Compliance Deadline Looming – Legislative Efforts to Extend California Consumer Privacy Act Exemptions Fail - (Posted On Thursday, September 08, 2022)
- Colorado Becomes Latest State With a Comprehensive Privacy Law - (Posted On Friday, July 09, 2021)
- New Laws on Biometric, RFD and Other “Sensitive” Data Collection and Use - (Posted On Tuesday, June 15, 2021)