Nilou Massachi is a senior associate in the Data Privacy, Cybersecurity & Digital Assets Practice. She focuses her practice on data privacy and protection, technology transactions, advertising, sales and digital media practices, cybersecurity, and consumer protection law.
A certified information privacy professional (CIPP/US), Nilou works collaboratively with clients to develop and implement information governance and privacy compliance programs. Counseling multinational companies spanning a variety of industries, she regularly evaluates privacy impact assessments, drafts policies and procedures for providing consumer data privacy transparency and choice, advises clients on data inventory and mapping, and negotiates privacy and data security provisions for various types of multiparty commercial agreements, such as data protection agreements. In advising clients, she applies her in-depth understanding of state and federal privacy laws, including the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (CDPA), the California Shine the Light Act, the California Online Privacy Protection Act (CalOPPA), the Video Privacy Protection Act (VPPA) and the Children’s Online Privacy Protection Act (COPPA). In her role as privacy counsel, Nilou coordinates and leads the implementation of global privacy programs such as for international organizations subject to the CCPA and the EU General Data Protection Regulation (GDPR).
Nilou’s experience also encompasses counseling clients on developing incident response plans and responding to security incidents, including addressing notification obligations and regulatory investigations.