Elliot Golding (CIPP/US) is a member of our Data Privacy, Cybersecurity & Digital Assets Practice and Healthcare Industry Group leadership team, where he provides business-oriented privacy and cybersecurity advice to a wide range of clients, particularly those that manage health information and other personal data. He is recognized in Global Data Review’s inaugural 40 Under 40 list, which represents the best of the data law bar around the world.
Elliot partners with clients to proactively manage risk by developing and implementing information governance programs, drafting privacy and security policies, preparing and testing data breach response plans, and negotiating complex data agreements. Clients rely on his forward-looking advice and insight, which takes into account trends and best practices in areas that are driving innovation – the Internet of Things, AdTech and biometrics, among others – amid the myriad ever-evolving state legal requirements. Elliot helps clients understand how to balance legal risk while leveraging customer data to gain a marketplace advantage.
A considerable portion of Elliot’s work involves managing hundreds of breach responses for companies, providing guidance through all aspects of investigation, notification, remediation and engagement with regulators (including federal regulators such as the Office of Civil Rights [OCR] and state attorneys general). His deep experience includes defending clients in singular or multistate litigation alleging violations of security breach notification laws and HIPAA and helps clients avoid enforcement actions altogether by interacting directly with regulators during investigations.
Drawing on a wealth of legal, regulatory and industry experience, Elliot counsels clients on the Health Insurance Portability and Accountability Act (HIPAA) and HITECH; the California Consumer Privacy Act; 42 CFR Part 2 (Federal Confidentiality of Substance Use Disorder Patient Records); Federal Trade Commission (FTC) Act; state laws governing privacy, security and breach notification (such as the California Shine the Light law, Lanterman-Petris-Short Act, Confidentiality of Medical Information Act, CalOPPA and state laws governing sensitive health information); Telephone Consumer Protection Act (TCPA); CAN-SPAM; Gramm-Leach-Bliley Act (GLBA); Children's Online Privacy Protection Act (COPPA); NIST Security Standards; and Payment Card Industry Data Security Standards (PCI-DSS).
Elliot has several appointments in the American Bar Association’s Science & Technology Law Section, including serving as the co-chair of the E-Privacy Law Committee, co-chair of the Privacy, Security and Emerging Technology Division, vice-chair of the Biotechnology, Healthcare Technology, and Medical Device Committee, and a Council Member. He also is a member of the Bloomberg BNA Health Care Innovations Board, a sought-after speaker and a prolific writer.