Elliot R. Golding - Privacy & Cybersecurity Lawyer - McDermott Will & Emery


Elliot Golding provides business-oriented privacy and cybersecurity advice to global companies spanning virtually every sector of the economy, with a particular focus in the technology, healthcare, life sciences, retail, e-commerce, automotive and financial sectors. His practical approach gives clients actionable advice to help balance legal risk with business needs. He routinely counsels clients on the latest cutting-edge issues, such as online advertising and tracking technologies, digital health tools, data monetization strategies, and artificial intelligence. He provides both day-to-day product counseling and helps companies develop global compliance programs that harmonize the California Consumer Privacy Act (and equivalent state privacy laws in Virginia, Colorado and other states); GDPR and other international laws; specific rules in the highly regulated health and financial sectors (HIPAA/HITECH, ONC Information Blocking Rule, 42 CFR Part 2, the Common Rule, GLBA and state equivalents); marketing rules (TCPA, CANSPAM and industry self-regulatory standards); security standards (such as PCI-DSS, NIST and ISO); and many others. Elliot has also managed hundreds of breaches and ransomware attacks, guiding clients through all aspects of investigation, notification, remediation and engagement with regulators.

Show More


  • Led an engagement with a German multinational auto manufacturer on responding to a vendor security incident affecting information regarding approximately 3.3 million people in the US and Canada. Coordinated key internal stakeholders across US and Canadian business units, as well as third-party data analytics, cybersecurity and notification/credit monitoring vendors. We identified individuals impacted and the types of data at issue for each person; managed the notification process, including drafting notifications to individuals, regulators, credit reporting agencies and other third parties; prepared FAQs, press statements and other communications; and coordinated the establishment of a call center and informational website*
  • Advised a leading multinational telecommunications technology company on privacy considerations related to its US$500 million strategic partnership transactions with a cloud communications provider. Helped develop a mobile centric Identity as a Service solution designed to authenticate identity using biometrics, quantum-safe computing and distributed ledger technology (including designing compliance with HIPAA, GLBA, CCPA, GDPR and many other laws and best practices)*
  • Worked with a large integrated health system with provider and payer operations on complex digital health issues related to the new Information Blocking Rules, including the evaluation of information and entities in scope, the development of strategies for making information available through patient portals, and the development of policies and procedures*

Show More


  • Chambers USA, Up and Coming, Privacy & Data Security, 2023
  • The Legal 500 US, Recommended Lawyer, 2023
  • Thomson Reuters, Stand-out Lawyer – independently rated lawyers, 2023-2024

Show More


  • American Bar Association, SciTech Privacy, Security and Emerging Technology Division, co-chair; E-Privacy Committee, co-chair; Biotechnology, Healthcare Technology, and Medical Device Committee, co-chair
  • American Health Lawyers Association, member
  • Certified Information Privacy Professional (CIPP/US)

Show More


George Washington University Law School, JD, magna cum laude, Order of the Coif, 2009
University of Virginia, BA, with distinction, 2006

District of Columbia