Elliot R. Golding - McDermott Will & Emery


Elliot Golding provides business-oriented privacy and cybersecurity advice to global companies spanning virtually every sector of the economy, with particular expertise in the technology, health care/life sciences, retail/ecommerce, automotive and financial sectors. His practical approach gives clients actionable advice to help balance legal risk with business needs, particularly relating to innovative issues such as “digital health” technologies, biometrics, the Internet of Things, data monetization, online advertising technology and Artificial Intelligence/Machine Learning tools. He provides both day-to-day product counseling and helps companies develop global compliance programs that harmonize CCPA/CPRA (and equivalent laws in Virginia, Colorado, and Utah); GDPR and other international laws; specific rules in the highly regulated health and financial sectors (HIPAA/HITECH, ONC Information Blocking and CMS Interoperability Rules, 42 CFR Part 2, the Common Rule, GLBA, and state equivalents); marketing rules (TCPA, CANSPAM, and industry self-regulatory standards); security standards (such as PCI-DSS, NIST, and ISO); and many others. Elliot has also managed hundreds of breaches and ransomware attacks, guiding clients through all aspects of investigation, notification, remediation and engagement with regulators.

Show More


  • Led an engagement with a German multinational auto manufacturer on responding to a vendor security incident affecting information regarding approximately 3.3 million people in the US and Canada. Coordinated key internal stakeholders across US and Canadian business units, as well as third-party data analytics, cybersecurity and notification/credit monitoring vendors. We identified individuals impacted and the types of data at issue for each person; managed the notification process, including drafting notifications to individuals, regulators, credit reporting agencies and other third parties; prepared FAQs, press statements and other communications; and coordinated the establishment of a call center and informational website*
  • Advised a leading multinational telecommunications technology company on privacy considerations related to its US$500 million strategic partnership transactions with a cloud communications provider. Helped develop a mobile centric Identity as a Service solution designed to authenticate identity using biometrics, quantum-safe computing and distributed ledger technology (including designing compliance with HIPAA, GLBA, CCPA, GDPR and many other laws and best practices) *
  • Worked with a large integrated health system with provider and payer operations on complex digital health issues related to the new Information Blocking Rules, including the evaluation of information and entities in scope, the development of strategies for making information available through patient portals, and the development of policies and procedures*

Show More


  • Chambers USA, Up and Coming, Privacy & Data Security, 2023
  • Legal 500 US, Recommended Lawyer, 2023
  • Thomson Reuters, Stand-out Lawyer – independently rated lawyers, 2023

Show More


  • American Bar Association, SciTech Privacy, Security and Emerging Technology Division, co-chair; E-Privacy Committee, co-chair; Biotechnology, Healthcare Technology, and Medical Device Committee, co-chair
  • American Health Lawyers Association, member
  • Bloomberg BNA Health Care Innovations Board, member

Show More


George Washington University Law School, JD, magna cum laude, Order of the Coif, 2009
University of Virginia, BA, with distinction, 2006

District of Columbia