Elliot Golding, Counsel Washington, D.C.
Phone: +1 202.624.2677
1001 Pennsylvania Avenue NW
Washington, DC 20004-2595

Elliot Golding is a counsel in the firm's Privacy & Cybersecurity Group. 

Elliot's practice emphasizes partnering with clients to develop efficient and effective privacy and cybersecurity solutions that enable business. Starting from a deep understanding of his client's industries—such as health care, defense, education, and consumer products and services—Elliot provides holistic compliance counseling that integrates legal, technical, and practical advice. This holistic approach takes into consideration not only what the law currently requires, but also forward looking best practices to help both large and emerging companies remain competitive and compliant in the rapidly evolving privacy and cyber landscape. For example, Elliot helps clients understand how personal information may be used and disclosed to support business needs, advises clients regarding cyber security and information governance best practices, designs privacy and security policies, and assists with policy implementation. Elliot also helps clients develop incident response plans and breach toolkits, conducts tabletop exercises for clients to prepare for handling a breach, and provides practical training to clients and their employees regarding privacy and security requirements (such as training on HIPAA and state laws).

In addition to counseling, Elliot has managed dozens of breach response matters for companies in nearly every sector of the economy through all aspects of investigation, notification, remediation, and regulator interface (including federal regulators such as the Office of Civil Rights (OCR) and State Attorneys General). Similar to compliance counseling, Elliot takes a practical approach to address immediate incident response needs and then implement long term remediation solutions. Elliot has defended clients in litigation by State Attorneys General under state security breach notification laws and HIPAA, and has helped clients successfully avoid enforcement actions altogether by working directly with regulators during investigations. 

Elliot's practice covers a wide range of laws, regulations, industry standards, and best practices, such as:

  • Health Insurance Portability and Accountability Act (HIPAA) and HITECH
  • Telephone Consumer Protection Act (TCPA)
  • Federal Trade Commission (FTC) Act
  • State laws and guidance governing privacy, security, and breach notification (such as the California Shine the Light law, Lanterman-Petris-Short Act, Confidentiality of Medical Information Act, and CalOPPA)
  • Defense Federal Acquisition Regulation Supplement (DFARS) Safeguarding Rule
  • Gramm-Leach-Bliley Act (GLBA)
  • Children's Online Privacy Protection Act (COPPA)
  • NIST Security Standards
  • Payment Card Industry Data Security Standards (PCI-DSS)

Elliot is a Certified Information Privacy Professional/United States (CIPP/US) and is currently the co-chair of the E-Privacy Committee within the ABA Section of Science and Technology Law.

Representative Engagements

  • Serve as primary outside counsel for a major health plan assisting with a wide range of day-to-day privacy and cybersecurity issues.
  • Assisted health plan to develop a program integrating medical products with the Internet of Things by collecting vital signs, alerting physicians, and transmitting data to a consumer-facing cloud environment.
  • Conducted comprehensive privacy and cybersecurity assessment for large defense contractor, which included performing data surveys and interviews, assessing governance and recommending improvements, providing vendor contracting advice, and reviewing policies and procedures.
  • Assisted major automobile company to identify personal information and other sensitive information within the organization and take steps to ensure the privacy and security of that data.
  • Drafted comprehensive policies and procedures for several health plans, retail clients, financial services organizations, and others, including policies governing privacy, cybersecurity, physical security, mobile and web privacy statements, incident response plans, and document retention and destruction.
  • Advised large cloud service provider regarding HIPAA and GLBA compliance, including designing and revising HIPAA privacy and security policies.
  • Assisted major health insurance company investigate and respond to several potential breaches, including providing advice regarding government investigations, planning and overseeing remedial efforts such as overhaul of privacy and security policies and customer protection programs, and defending client in resulting litigation.
  • Assisted large insurer/reinsurer to establish a data classification system as part of complete privacy and security policy overhaul and provide detailed advice regarding implementation of best practices and compliance with wide-ranging state and federal laws (e.g., HIPAA, GLBA, FTC Act, and state security breach and record disposal laws).

Elliot received his J.D. from The George Washington University Law School in 2009, magna cum laude, Order of the Coif. While at George Washington, Elliot was an associate editor on the George Washington Law Review. Elliot graduated from the University of Virginia with a B.A in economics, with distinction.


Admitted to practice: District of Columbia, Maryland

Highlights, News & Knowledge

Speeches & Presentations


Client Alerts & Newsletters

In the News

Firm News & Announcements

Jan.02.2015 Crowell & Moring Elects Six New Partners and Promotes Eight Associates to Counsel
Jun.05.2014 Crowell & Moring Releases "Data Law Trends & Developments" Report
Background image