Elliot is IAPP certified (CIPP/US) and has been recognized in a number of industry rankings and awards, including by Bloomberg Law, Global Data Review and the National Law Journal. Elliot also co-chairs the American Bar Association’s SciTech Privacy, Security and Emerging Technology Division; E-Privacy Committee; and Biotechnology, Healthcare Technology, and Medical Device Committee.

Show Less

• Represented a provider of substance use disorder care in connection with leveraging the data analytics, patient communication and other advanced technologies. Developed an overall privacy and security compliance program, which included drafting policies and procedures, preparing consent forms and processes and conducting training*
• Advises companies on compliance requirements under the California Consumer Privacy Act, including by analyzing complex legal questions related to ambiguous provisions; drafting detailed policies and procedures; conducting data mapping; developing personalized individual rights response processes; preparing work plans and presentations; drafting and negotiating service provider contracts and data sharing agreements; and other similar compliance tasks*
• Advised a leading multinational technology company on privacy and security issues, including compliance with HIPAA and other US laws, as well as international laws (including the GDPR). This included partnering with the client to create a mobile centric Identity as a Service solution from scratch to help authenticate identity using biometrics and distributed ledger technology*
• Assisted one of the preeminent grants management software providers in conducting a comprehensive privacy and cybersecurity review, negotiating data protection agreements, navigating cross-border data protection requirements and strengthening its processes. As an intermediary between numerous parties, including grant funders, grant applicants and other third parties, the client’s data handling practices raised nuanced issues and we helped ensure those practices were deemed essential*
• Served as primary outside counsel for a major health plan, assisting with a wide range of high priority, as well as day-to-day privacy and cybersecurity issues*
• Assisted a major health insurance company in responding to a governmental investigation into data breaches; advised on planning and remedial efforts and defended the client in resulting litigation*
• Assisted a health plan organization in the development of a program that integrates medical products with the Internet of Things by collecting vital signs, alerting physicians and transmitting data to a consumer-facing cloud environment*
• Drafted incident response plans and data breach response toolkits for multiple healthcare clients; led tabletop exercises to test those plans*
• Conducted comprehensive privacy and cybersecurity assessments for several large clients (in sectors such as healthcare, defense and transportation), which included performing data surveys and interviews, assessing governance and recommending improvements, providing vendor contracting advice and drafting policies and procedures (e.g., internal and external-facing privacy statements, security policies, document retention policies, etc.) *
• Assisted a major automobile company in identifying personal information and other sensitive information within the organization and advised on data privacy and security issues*
• Advised a large cloud service provider in HIPAA and GLBA compliance, including the design and revision of HIPAA privacy and security policies*
• Assisted a large insurer/reinsurer in establishing a data classification system as part of a complete privacy and security policy overhaul and provided detailed advice regarding implementation of best practices and compliance with wide-ranging state and federal laws (e.g., HIPAA, GLBA, FTC Act and state security breach and record disposal laws) *
• Conducted overall due diligence assessment of compliance practices for network advertiser, including under DAA, NAI, etc. Reviewed and provided feedback on applicable contracts, designed a CCPA compliance program and provided other assistance*
• Evaluated and analyzed obligations under the NAI Code with respect to the use of a data broker that collected potential health-related data for targeted advertisements*
• Assessed distribution of ad tech across multinational systems for an international e-commerce platform, where data and practices are shared between multiple legal entities, in order to assess and improve compliance efforts under CCPA and other US laws. This included understanding complex and layered advertising practices, creation and use of custom audience segments (both as publisher and advertiser), third-party integration and involvement, assessing industry positions on evolving laws and regulations and providing risk-conscious and practical guidance. Developed templates and documentation for the exercise*

*Matter handled prior to joining McDermott.

Show Less