McDermott Will & Schulte, a global law firm

Elliot Golding (CIPP/US) has spent nearly 20 years providing privacy and cyber advice to hundreds of clients spanning virtually every sector of the economy, with a particular focus on working with technology, healthcare, life sciences, financial and insurance, automotive, e-commerce, advertising technology, and telecommunication companies. He provides uniquely practical, risk-based, industry-benchmarked, and actionable advice to enable businesses to maximize data, support business needs while managing risk, and “get to yes” as an extension of his clients’ internal teams.

Elliot is a leading industry practitioner with deep technical experience in cutting-edge topics including advertising and cookies and online tracking technologies, data monetization strategies, digital health tools, and artificial intelligence (AI). He also has deep technical and operational experience – including a two-year Chief Privacy Officer secondment to a large health insurance company – designing and technically implementing global privacy programs that harmonize US state laws (like the California Consumer Privacy Act, Washington My Health My Data, and equivalent laws in over 20 states); health and financial-specific laws such as the Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), and insurance rules; marketing rules such as the Telephone Consumer Protection Act and CAN-SPAM Act; and global laws such as the General Data Protection Regulation (GDPR). Elliot has also managed hundreds of breaches and ransomware attacks, guiding clients through all aspects of investigation, notification, remediation, and engagement with regulators.

Recognized in many industry rankings and awards, Elliot has been featured in Chambers USA, Legal 500 US, Bloomberg Law, Global Data Review, and the National Law Journal. Elliot also chairs the American Bar Association’s E-Privacy Committee.

Stephen Reynolds (CIPP/US, CISSP) advises some of the largest companies in the world on complex data security and privacy matters.

A former computer programmer and IT analyst, Stephen is uniquely able to use his computer background to the advantage of his clients in matters involving data security, privacy, artificial intelligence and computer forensic investigations. He assists with responding to cybersecurity incidents, such as ransomware attacks, fund transfer fraud, data breaches and business email compromise matters. This work includes helping companies comply with regulatory obligations in the event of these incidents—including Securities and Exchange Commission (SEC) filings for publicly traded companies. Having litigated data security and privacy cases from the trial court level and through the highest levels of appeals, Stephen also represents clients in litigation and regulatory investigations regarding data security, privacy and technology matters.

Stephen has advised multiple publicly traded companies, including technology companies, professional services firms and consumer facing organizations, on compliance with the SEC’s recently adopted requirements for disclosing cybersecurity incidents, risk management and governance within 10-K annual reports. This guidance has included helping clients draft language for SEC reporting obligations and craft internal policies related to SEC disclosure obligations. Additionally, Stephen has helped clients with evaluating the potential need for and in making disclosures of material cybersecurity incidents on Form 8-Ks.

Stephen frequently educates others on data security and privacy at industry conferences and other forums. He is on the board of the International Association of Privacy Professionals (IAPP) and an instructor of the IAPP’s CIPP/US certification. In addition, Stephen is an instructor for the CISSP certification through the ISC(2). He also lectures on Data Security and Privacy Law at Indiana University Robert H. McKinney School of Law.