Dustin Berger

Dustin Berger



Dustin helps his clients find practical ways to navigate their global data security and privacy obligations, respond to security incidents, and manage the data-related aspects of relationships with vendors and customers. Dustin also helps clients to assess and mitigate deal-related data risks.

As a former technology professional with deep experience managing information technologies and technology-related relationships, Dustin is uniquely positioned to help clients thrive in a rapidly evolving global legal environment.

Prior to joining Dorsey, Dustin was the chief data security and privacy counsel for a major global IT services firm. Before that, Dustin served as the chief technology officer for a Denver-area suburban city.

Although Dustin has deep experience coaching clients that have experienced data security breaches, Dustin particularly enjoys helping clients assess and mature their data security and privacy programs to help them avoid a costly and challenging data-related incident.

His work often includes drafting privacy policies and data protection agreements, aiding clients with international data transfers, and instituting training programs for clients.

Dustin often counsels clients on compliance with the EU and UK General Data Protection Regulations (“GDPR”), Canadian privacy law, HIPAA, FTCA, GLBA, FERPA, FCRA, COPPA, CAN-SPAM, TCPA, and U.S. state privacy laws.

Dustin’s expertise in data privacy and security is widely recognized. He is recognized as a Certified Information Systems Security Professional (CISSP) through ISC2. He is also recognized by the International Association of Privacy Professionals as a Fellow of Information Privacy, a Certified Information Privacy Professional for the United States, Europe, and Canada (CIPP/US, CIPP/E, and CIPP/C), a Certified Information Privacy Manager (CIPM), and a Certified Information Privacy Technologist (CIPT). He also holds the Security+ designation from CompTIA.

Dustin is a frequent speaker on topics related to data privacy and cybersecurity and has been an adjunct professor at the University of Wyoming College of Law.

Education & Admissions

University of Denver, Sturm College of Law (J.D., 2009), Faculty Prize (valedictorian award), Order of St. Ives, Denver University Law Review

Columbia University (LL.M., 2011), Harlan Fiske Stone Scholar

University of Denver (M.B.A., 2003), Daniels Scholar

University of Wyoming (B.S., Computer Science, 2001), University Honors Program


  • Colorado
  • Washington
  • Wyoming
  • District of Wyoming
  • U.S. Court of Appeal for the Tenth Circuit


  • U.S. Court of Appeals for the Tenth Circuit, Honorable Terrence O'Brien, 2011-2014
  • Colorado Court of Appeals, Honorable Alan Loeb, 2009-2010


  • Advised an emerging technology company to develop privacy notices and terms of use for their product
  • Counseled a major healthcare provider in response to a serious ransomware incident
  • Assisted a major technology hardware company revise its process for conducting data protection impact assessments
  • Advised a major retailer regarding California privacy law compliance
  • Advised a major IT services firm regarding international transfers of personal data and other data protection issues
  • Drafted a written information security program and group data transfer agreement for a major U.S. charity
  • Advised a global IT services firm regarding a number of security incidents involving its vendors and clients
  • Negotiated a number of significant agreements between a financial institution and its information technology system providers
  • Counseled a major professional employer organization in the wake of a security incident caused by social engineering
  • Provided guidance to a client whose top executive was personally targeted by regulators alleging lax security oversight

News & Resources

  • Law360, Employers Can Prepare For New Colo. Data Privacy Law (2018), https://www.law360.com/publicpolicy/articles/1064287/employers-can-prepare-for-new-colo-data-privacy-law
  • Moving Toward Law: Refocusing the Federal Courts’ Plain Error Doctrine in Criminal Cases, 67 U. Miami L. Rev. 521 (2013).
  • The Management of Health Care Costs: Independent Medical Review after 'Obamacare', 42 U. Memphis L. Rev. 255 (2012).
  • Balancing Consumer Privacy with Behavioral Targeting, 27 Santa Clara Comp. & High Tech L.J. 3 (2011).
  • E-Discovery’s Threat to Civil Litigation: Reevaluating Rule 26 for the Digital Age, 63 Rutgers L. Rev. 521 (2011) (with Robert Hardaway and Andrea Defield).

Select Presentations

  • Cybersecurity: A Practical Guide to Risk Assessment, State Bar of South Dakota (June 2017)
  • Cybersecurity Issues in the Workplace, National Association of Professional Employer Organizations, Capitol Summit, Washington, D.C. (May 2018)
  • Data Wars: How the California Consumer Privacy Act Affects California Employers, Salt Lake City, UT (May 2019)
  • Corporate Contracting Conundrum: Dealing with Data Security & Privacy Issues, Assoc. of Corporate Counsel Institute, St. Louis, MO (May 2022)

Industries & Practices

  • Banking & Financial Institutions
  • Corporate Governance & Compliance
  • Cybersecurity, Privacy & Social Media
  • Energy & Natural Resources
  • Healthcare & Life Sciences
  • Technology
  • Technology Commerce
  • Telecommunications

Professional & Civic

Community Involvement

  • Colorado LGBT Bar Association


  • Recognized as a Certified Information Systems Security Professional (CISSP) through ISC2
  • Recognized by the International Association of Privacy Professionals as a Fellow of Information Privacy
  • Certified Information Privacy Professional for the United States, Europe, and Canada (CIPP/US, CIPP/E, and CIPP/C)
  • Certified Information Privacy Manager (CIPM)
  • Certified Information Privacy Technologist (CIPT)
  • Holds the Security+ designation from CompTIA
Dustin Berger