Dustin helps his clients find practical ways to navigate their global data security and privacy obligations, respond to security incidents, and manage the data-related aspects of relationships with vendors and customers. Dustin also helps clients to assess and mitigate deal-related data risks.
As a former technology professional with deep experience managing information technologies and technology-related relationships, Dustin is uniquely positioned to help clients thrive in a rapidly evolving global legal environment.
Prior to joining Dorsey, Dustin was the chief data security and privacy counsel for a major global IT services firm. Before that, Dustin served as the chief technology officer for a Denver-area suburban city.
Although Dustin has deep experience coaching clients that have experienced data security breaches, Dustin particularly enjoys helping clients assess and mature their data security and privacy programs to help them avoid a costly and challenging data-related incident.
His work often includes drafting privacy policies and data protection agreements, aiding clients with international data transfers, and instituting training programs for clients.
Dustin often counsels clients on compliance with the EU and UK General Data Protection Regulations (“GDPR”), Canadian privacy law, HIPAA, FTCA, GLBA, FERPA, FCRA, COPPA, CAN-SPAM, TCPA, and U.S. state privacy laws.
Dustin’s expertise in data privacy and security is widely recognized. He is recognized as a Certified Information Systems Security Professional (CISSP) through ISC2. He is also recognized by the International Association of Privacy Professionals as a Fellow of Information Privacy, a Certified Information Privacy Professional for the United States, Europe, and Canada (CIPP/US, CIPP/E, and CIPP/C), a Certified Information Privacy Manager (CIPM), and a Certified Information Privacy Technologist (CIPT). He also holds the Security+ designation from CompTIA.
Dustin is a frequent speaker on topics related to data privacy and cybersecurity and has been an adjunct professor at the University of Wyoming College of Law.
Education & Admissions
University of Denver, Sturm College of Law (J.D., 2009), Faculty Prize (valedictorian award), Order of St. Ives, Denver University Law Review
Columbia University (LL.M., 2011), Harlan Fiske Stone Scholar
University of Denver (M.B.A., 2003), Daniels Scholar
University of Wyoming (B.S., Computer Science, 2001), University Honors Program
- District of Wyoming
- U.S. Court of Appeal for the Tenth Circuit
- U.S. Court of Appeals for the Tenth Circuit, Honorable Terrence O'Brien, 2011-2014
- Colorado Court of Appeals, Honorable Alan Loeb, 2009-2010
- Counseled a major healthcare provider in response to a serious ransomware incident
- Assisted a major technology hardware company revise its process for conducting data protection impact assessments
- Advised a major retailer regarding California privacy law compliance
- Advised a major IT services firm regarding international transfers of personal data and other data protection issues
- Drafted a written information security program and group data transfer agreement for a major U.S. charity
- Advised a global IT services firm regarding a number of security incidents involving its vendors and clients
- Negotiated a number of significant agreements between a financial institution and its information technology system providers
- Counseled a major professional employer organization in the wake of a security incident caused by social engineering
- Provided guidance to a client whose top executive was personally targeted by regulators alleging lax security oversight
News & Resources
- Law360, Employers Can Prepare For New Colo. Data Privacy Law (2018), https://www.law360.com/publicpolicy/articles/1064287/employers-can-prepare-for-new-colo-data-privacy-law
- Moving Toward Law: Refocusing the Federal Courts’ Plain Error Doctrine in Criminal Cases, 67 U. Miami L. Rev. 521 (2013).
- The Management of Health Care Costs: Independent Medical Review after 'Obamacare', 42 U. Memphis L. Rev. 255 (2012).
- Balancing Consumer Privacy with Behavioral Targeting, 27 Santa Clara Comp. & High Tech L.J. 3 (2011).
- E-Discovery’s Threat to Civil Litigation: Reevaluating Rule 26 for the Digital Age, 63 Rutgers L. Rev. 521 (2011) (with Robert Hardaway and Andrea Defield).
- Cybersecurity: A Practical Guide to Risk Assessment, State Bar of South Dakota (June 2017)
- Cybersecurity Issues in the Workplace, National Association of Professional Employer Organizations, Capitol Summit, Washington, D.C. (May 2018)
- Data Wars: How the California Consumer Privacy Act Affects California Employers, Salt Lake City, UT (May 2019)
- Corporate Contracting Conundrum: Dealing with Data Security & Privacy Issues, Assoc. of Corporate Counsel Institute, St. Louis, MO (May 2022)
Industries & Practices
Banking & Financial InstitutionsExplore This Practice View client achievements related to this practice View resources related to this practice
Energy & Natural ResourcesExplore This Practice View client achievements related to this practice View resources related to this practice
Healthcare & Life SciencesExplore This Practice View client achievements related to this practice View resources related to this practice
Corporate Governance & ComplianceExplore This Practice View client achievements related to this practice View resources related to this practice
Cybersecurity, Privacy & Social MediaExplore This Practice View client achievements related to this practice View resources related to this practice
- Banking & Financial Institutions
- Corporate Governance & Compliance
- Cybersecurity, Privacy & Social Media
- Energy & Natural Resources
- Healthcare & Life Sciences
- Technology Commerce
- Recognized as a Certified Information Systems Security Professional (CISSP) through ISC2
- Recognized by the International Association of Privacy Professionals as a Fellow of Information Privacy
- Certified Information Privacy Professional for the United States, Europe, and Canada (CIPP/US, CIPP/E, and CIPP/C)
- Certified Information Privacy Manager (CIPM)
- Certified Information Privacy Technologist (CIPT)
- Holds the Security+ designation from CompTIA