They’ve Got Next: Privacy and Cybersecurity Fresh Face Elliot Golding
Squire Patton Boggs partner Elliot Golding started his career as a litigator and health-care attorney. Now, he’s his clients’ go-to for privacy and cybersecurity questions.
When Avaya Inc., a multinational technology company, performed a $500 million strategic partnership transaction with cloud company RingCentral in late 2019 and 2020, Golding was there to advise Avaya on privacy considerations.
He also counseled Avaya in creating a tool that’s designed to authenticate identity using biometrics and blockchain technology.
Golding worked with Avaya to craft the tech in compliance with a bevy of privacy and security rules including the Health Insurance Portability and Accountability Act, known as HIPAA; the California Consumer Privacy Act, and the EU’s General Data Protection Regulation.
“I love working really closely with the team and helping architect new products and brainstorming operationally how those things would work across the board,” Golding said. “I’m in the weeds and in the trenches with clients—I love building things from the ground up.”
Golding was born in Atlanta but has called the D.C. area home since he was a toddler. A “reluctant” Washington Football Team fan raised in Montgomery County, Maryland, Golding attended the University of Virginia and graduated in three years before landing at the George Washington University Law School.
He graduated in 2009—"not the best time to go out into the working world,” Golding said—but stayed at the Washington office of his previous firm, Crowell & Moring LLP, for over seven years.
Early in his career, Golding got staffed on a trade secrets matter that resulted in a 6-week jury trial in Richmond, where he worked 300 hours a month in the central Virginia heat.
“I decided after that that I didn’t want to be a litigator,” Golding said. “I remember looking around and saying: How am I going to distinguish myself and not be a fungible cog in the wheel?”
In 2009, HIPAA had been amended in a “meaningful way,” Golding said, by Congress’ passage of the Health Information Technology for Economic and Clinical Health or HITECH Act, establishing breach notification requirements, making business associates directly subject to HIPAA requirements and liable for violations, and increasing the penalties for violations.
But examining the intersection of health privacy, security, and related tech issues was still novel, so Golding threw himself at it, taking weekends to read through the new rules and promoting himself as someone who could tackle assignments.
One of the firm’s health-care clients had a massive breach, and Golding immersed himself in the matter as the “only associate who really knew anything about HIPAA and data issues.” After making health-care privacy his niche, Golding in 2017 made the jump to Squire Patton Boggs, where he was named partner at age 32.
Alan Friel, co-chair of Squire’s data privacy, cybersecurity, and digital assets practice, attributes much of Golding’s success to his passion for novel topics and complex regulations—both of which he tackles with “unending energy.”
“The more challenging the issue is, the more attracted he is to it,” Friel said. “He has a curious mind and is constantly looking to get involved in the tough use cases.”
Outside of product counseling, Golding serves as coordinator of the data privacy and cybersecurity group’s health-care practice and helps shepherd clients through incident responses.
He assisted Volkswagen Group of America this year in investigating and responding to a vendor security incident impacting information regarding about 3.3 million people in the U.S. and Canada, working with business units and third-party cyber and credit monitoring vendors. Golding managed the notification process, including drafting notifications to individuals, regulators, and credit reporting agencies.
His passion for helping companies tackle thorny issues has earned him a stellar reputation internally and externally, Friel said, noting his particular expertise in health-care privacy with issues such as information blocking and interoperability rules.
“He’s really wrapped his arms around the client service element as well,” Friel said. “To be a partner you have to be able to have clients and attract them—clients find him practical and responsive, and those are the two most important skills for outside counsel.”
Golding said he loves the privacy law community, which bands together and collaborates frequently since there aren’t often clear answers to new rules.
“Every day there’s something new and novel that I can seek my teeth into,” Golding said. “It’s very intellectually stimulating, but what keeps me going is helping clients and saying, ‘Here’s how we’re going to solve this problem.’”
Gloss