Christine Mastromonaco

Associate

San Francisco
T +1.415.659.2654
F +1.415.659.2601

Overview

Christine Mastromonaco counsels clients in a variety of industries on privacy compliance and reporting issues, including tech, retail, healthcare and financial services. She is a trusted advisor on the California Consumer Privacy Act (CCPA) and other U.S. state privacy laws. Christine has previously represented financial services and fintech clients in state and federal courts in a wide array of commercial and class action matters.

Christine drafts and updates organizations’ privacy policies and data governance procedures as the privacy legal landscape continues to evolve. She also helps answer clients’ complex questions related to data mapping, online tracking technologies and vendor risk assessment. Christine also advises clients on their compliance obligations related to the honoring of opt-out preference signals such as the Global Privacy Control (GPC).

Christine also negotiates data privacy agreements, digital advertising contracts and data security agreements. Her thoughtful approach to counseling and representing clients is informed by her background as a litigator. Having seen where disputes can arise, she is well positioned to help clients anticipate legal risk to mitigate the possibility of litigation.  

Select Experience

  • Drafted U.S. and state-specific privacy policies and online terms of use. Drafted internal procedures for responding to data requests and consumer response templates.
  • Served as legal secondee and initial point of contact for large social media company. Advised client on matters concerning user privacy, content moderation, consumer benchmarking analyses and children’s privacy as well as on the privacy risks related to numerous product launches and coordinated with regional counsel where such launches occurred in jurisdictions outside the U.S. Additionally, prepared regulatory briefings and provided risk analyses to proposed policy changes affecting the platform.
  • Advised Fortune 500 energy company regarding the applicability of CCPA/CPRA to its subsidiary under the statute’s common branding provision.
More »

Experience

  • Drafted U.S. and state-specific privacy policies and online terms of use. Drafted internal procedures for responding to data requests and consumer response templates.
  • Served as legal secondee and initial point of contact for large social media company. Advised client on matters concerning user privacy, content moderation, consumer benchmarking analyses and children’s privacy as well as on the privacy risks related to numerous product launches and coordinated with regional counsel where such launches occurred in jurisdictions outside the U.S. Additionally, prepared regulatory briefings and provided risk analyses to proposed policy changes affecting the platform.
  • Advised Fortune 500 energy company regarding the applicability of CCPA/CPRA to its subsidiary under the statute’s common branding provision.
  • Counseled international cruise and hospitality company on GDPR and CCPA/CPRA risk with respect to SMS and email marketing campaigns.

Marketing and AdTech Advice

  • Negotiated online advertising agreements for retail client.
  • Advised social media company on use of augmented reality ads.
  • Advised consumer products company on the privacy considerations under various state laws regarding financial incentive program wherein a consumer would receive a discount in exchange for providing the client with the name and email address of a friend.
  • Counseled medical device company on the privacy, HIPAA and TCPA considerations in sending SMS appointment reminders and marketing materials related to health services.

Regulatory Compliance

  • Advised asset management firm in its acquisition of an online pharmacy. Conducted due diligence with respect to the target company’s privacy program including internal review of CCPA and HIPAA policies and procedures.
  • Drafted U.S. and California privacy policies and cookie policies for a national food distribution corporation and its various subsidiaries as well as internal procedures for responding to data requests, which included issues concerning verification of consumer identity, designation of a response team and training of key personnel, grounds for denying a consumer request, methods of delivery of consumer data pursuant to a verified request and the necessity of keeping confidential personal information belonging to consumers other than the requesting party.
  • Developed online privacy policies, online terms of use and HIPAA compliant practices for videoconferencing for mental healthcare client.
  • Represented clients in a variety of sectors including food and beverage, manufacturing, management consulting and telehealth in the negotiation of DPAs.

Data Strategy and Product Counseling

  • Advised cruise ship company in the cross-marketing via SMS and email campaigns to customers of its European subsidiary regarding the implications under the CCPA, GDPR and TCPA.
  • Counseled digital payments company on the user flow and cookie policy related to the adoption of tracking technology enabling their app to remember the user’s external banking and account information.

Recognitions and Memberships

Prior Positions

  • Kiavi (LendingHome): Law Clerk (2016)

Admissions

  • U.S. District Court, Central District of California
  • U.S. District Court, Eastern District of California
  • U.S. District Court, Northern District of California
  • U.S. District Court, Southern District of California
  • U.S. Court of Appeals, Ninth Circuit
  • California

Education

  • J.D., University of California, Hastings College of Law, 2017, cum laude; Hastings Business Law Journal, Senior Editor (2016) and Staff Editor (2015 to 2016)
  • B.A., California Polytechnic State University, San Luis Obispo, 2013

Blog

In The Blogs

Previous Next
Data Counsel
California's Landmark Age-Appropriate Design Code Act: What You Need to Know
By Christine Mastromonaco, Jennifer L. Mitchell, Jeewon K. Serrato, Justin T. Yedor
September 8, 2022
On Aug. 29, California’s Senate unanimously passed Assembly Bill 2273, known as the Age-Appropriate Design Code Act (the CA AADC or the Bill). The Bill, which is anticipated to be signed into law by Gov. Gavin Newsom, is aimed at promoting...
Read More ->
Data Counsel
CPPA Publishes Notice of Proposed Rulemaking
By Shruti Bhutani Arora, Christine Mastromonaco, Jeewon K. Serrato
July 8, 2022
On July 8, the California Privacy Protection Agency Board (CPPA, Agency or Board) announced the Notice of Proposed Rulemaking (NPRM), which begins the 45-day comment period for the draft regulations. As we previously reported, the...
Read More ->