Golding Elliot

Elliot Golding

Partner

Elliot Golding is a member of our Data Privacy & Cybersecurity Practice where he provides business-oriented privacy and cybersecurity advice to a wide range of clients, with a particular focus on companies handling healthcare and other personal data.

Elliot partners with clients to proactively manage risk by developing and implementing information governance programs, drafting privacy and security policies, preparing and testing data breach response plans and negotiating complex data agreements. He not only counsels clients about what the law currently requires, but also provides industry context and forward-looking advice that takes into account trends and best practices in developing areas, such as the Internet of Things. In particular, Elliot helps clients understand how personal information may be used and disclosed to support business needs so that companies can stay competitive and compliant in a rapidly evolving environment.

Elliot has also managed dozens of breach response matters for companies through all aspects of investigation, notification, remediation and engagement with regulators (including federal regulators such as the Office of Civil Rights (OCR) and State Attorneys General). Elliot has defended clients in litigation by State Attorneys General under state security breach notification laws and the Health Insurance Portability and Accountability Act (HIPAA) and has helped clients successfully avoid enforcement actions altogether by working directly with regulators during investigations.

Elliot is a Certified Information Privacy Professional (CIPP/US) and co-chairs the E-privacy Committee within the ABA Section of Science and Technology Law.

Elliot's practice covers a wide range of laws, regulations, industry standards and best practices, such as: HIPAA and HITECH; 42 CFR Part 2 (Federal Confidentiality of Alcohol and Drug Abuse Patient Records); Federal Trade Commission (FTC) Act and FTC guidance; State laws and guidance governing privacy, security, and breach notification (such as the California Shine the Light law, Lanterman-Petris-Short Act, Confidentiality of Medical Information Act, CalOPPA, and state laws governing sensitive health information); Telephone Consumer Protection Act (TCPA); CAN-SPAM; Gramm-Leach-Bliley Act (GLBA); Children's Online Privacy Protection Act (COPPA); NIST Security Standards; and Payment Card Industry Data Security Standards (PCI-DSS).

Explore

  • Served as primary outside counsel for a major health plan, assisting with a wide range of day-to-day privacy and cybersecurity issues.
  • Assisted a health plan to develop a program integrating medical products with the Internet of Things by collecting vital signs, alerting physicians and transmitting data to a consumer-facing cloud environment.
  • Drafted incident response plans and data breach response toolkits for healthcare clients; led tabletop exercises to test those plans.
  • Conducted comprehensive privacy and cybersecurity assessments for several large clients (in sectors such as healthcare, defense and transportation), which included performing data surveys and interviews, assessing governance and recommending improvements, providing vendor contracting advice and drafting policies and procedures (e.g., internal and external-facing privacy statements, security policies, document retention policies, etc.).
  • Assisted a major automobile company to identify personal information and other sensitive information within the organization and take steps to ensure the privacy and security of that data.
  • Advised a large cloud service provider regarding HIPAA and GLBA compliance, including designing and revising HIPAA privacy and security policies.
  • Assisted a major health insurance company to investigate and respond to several potential breaches, including providing advice regarding government investigations, planning and overseeing remedial efforts, and defending client in resulting litigation.
  • Assisted a large insurer/reinsurer to establish a data classification system as part of a complete privacy and security policy overhaul and provided detailed advice regarding implementation of best practices and compliance with wide-ranging state and federal laws (e.g., HIPAA, GLBA, FTC Act, and state security breach and record disposal laws).

Education

  • George Washington University Law School, J.D., magna cum laude, Order of the Coif
  • University of Virginia, B.A., with distinction

Admissions

  • District of Columbia, 2010
  • Maryland, 2009

{{insights.date}} {{insights.source}} {{insights.type}}

  • Bloomberg BNA, “CardioNet $2.5M Settlement Is Wireless Health Privacy First”, April 24, 2017
    Wireless cardiac monitoring service CardioNet Inc has agreed to pay US$2.5 million for allegedly losing a laptop containing the health information of 1,391 individuals, the US Department of Health and Human Services Office for Civil Rights (OCR) announced. Elliot Golding discusses OCR settlements in the CardioNet case and its implications for the healthcare sector more broadly with Bloomberg BNA.
  • Privacy Advisor, “Squire Patton Boggs continues privacy build-out”, March 9, 2017
    Robin Campbell, CIPP/US, CIPM, and Elliot Golding, CIPP/US, have both transitioned to new positions at Squire Patton Boggs’ Washington office. Campbell is now co-chairing the Data Privacy & Cybersecurity Group at Squire Patton Boggs, where she will focus specifically on automotive issues. Golding took on the role of partner, with a healthcare focus. Squire Patton Bogg’s vast network of global offices and perspectives was a draw for both privacy pros.
  • Bloomberg BNA, “Horizon Healthcare to Pay N.J. $1.1M Over Stolen Laptops”, February 21, 2017
    New Jersey-based insurance provider Horizon Healthcare Services Inc. agreed to pay the state US$1.1 million to settle allegations that the theft of two laptops compromised the privacy of some 690,000 policyholders. Elliot R. Golding, a data privacy and cybersecurity partner at Squire Patton Boggs LLP in Washington, discusses with Bloomberg BNA.
  • Commercial Dispute Resolution, “Specialist partners join Squire Patton Boggs”, February 17, 2017
    Data protection and cybersecurity partners head to Squire Patton Boggs as regulation in the US and Europe tightens. Squire Patton Boggs has made a string of hires on both sides of the Atlantic, adding expertise to its specialist disputes practices. In Washington, DC, the firm has hired a pair of data and cybersecurity partners.
  • Law360, “Squire Patton Boggs Snags Crowell & Moring Privacy Lawyers”, February 14, 2017 (Subscription required)
    Squire Patton Boggs LLP has made further inroads into one of the legal industry’s fastest growing practice areas with the addition of two partners to its data privacy and cybersecurity practice who join in their Washington DC offices.

  • Moderator, "Evolving HIPAA Issues: Cloud, Mobile Apps, Access, and More," ABA Webinar, January 31, 2017.
  • Co-author, “Highlights Of HHS Privacy Guidelines For Cloud Providers,” Law360, October 2016.
  • Presenter, “Healthy Data Management: Essential Strategies for Governing PHI, PII, and Highly Sensitive Data during an Acquisition or Divestiture," Webinar, September 8, 2016.
  • Co-author, "Critical Next Steps: Addressing Health Privacy and Security Gaps Identified by ONC,"Bloomberg BNA Health Care Policy Report, August 8, 2016.
  • Facilitator, “Cybersecurity Table Top for a Congressional Cyber Security Lab Program,” Wilson Center, Washington DC, June 10, 2016.
  • Panelist, “ABA Young Leaders on Cybersecurity, Privacy, & Information Law: Rapid-Fire Retrospectives on 2014 and Predictions for 2015,” ABA's PCL and SciTech Sections, teleconference, December 8, 2014.
  • Co-author, "FTC Data Security Authority Remains Murky Despite Wyndham," Law360, April 8, 2014.
  • Author, "NIST Eliminates Privacy Appendix from Cybersecurity Framework," The Secure Times by The Privacy and Information Security Committee, ABA Section of Antitrust Law, January 24, 2014.
  • Presenter, “Guess What? You're Now Subject to HIPAA (Yes, You!): The Broad Reach of HIPAA over Business Associates,” AllClear ID Data Breach Response Services Webinar, November 12, 2013.
  • Presenter, “How to Manage a Data Breach Crisis (and Prevent the Next One), ABA Section of Science and Technology Law,” Information Security Committee Fall Meeting, Washington DC, October 26-27, 2013.
  • Author, "Dismissal of $16 Million Class Action Based on Theft of Patient Information Where No Evidence that Data Was "Released" May Provide Ammunition for Defending Breach Class Actions," The Secure Times by The Privacy and Information Security Committee, ABA Section of Antitrust Law, October 25, 2013.
  • Presenter, “Cybersecurity and Data Privacy in 2013: Contracting in a Time of Increased Scrutiny,” L2 Federal Resources Webinar, September 19, 2013.
  • Presenter, “Cyber Contracting Workshop for Contractors & Agencies,” Thomson West Federal Publications Seminar, Washington DC, August 21-22, 2013.
  • Co-author, "FEATURE COMMENT: Regulating Cybersecurity On A Piecemeal Basis − Can The Executive Order Harmonize The Cyber Law Patchwork?" The Government Contractor, Vol. 55, No. 24, June 26, 2013.
  • Presenter, “Cyber Contracting Workshop for Contractors & Agencies,” Thomson West Federal Publications Seminar, Alpharetta, GA, May 30-31, 2013.
  • Co-author, “Managed Behavioral Health Care Litigation, Managed Care Litigation,” 2012 Cumulative Supplement, Ch. 6, 1st Ed. (2012) and 2nd Ed., 2013.