Overview
Dustin helps his clients find practical ways to navigate their global data security and privacy obligations, respond to security incidents, and manage the data-related aspects of relationships with vendors and customers. Dustin also helps clients to understand and mitigate deal-related data and technology risks.
As a former technology professional with deep experience managing information technologies and technology-related relationships, Dustin is uniquely positioned to help clients thrive in a rapidly evolving global legal environment.
Prior to joining Dorsey, Dustin was the chief data security and privacy counsel for a major global IT services firm. Before that, Dustin served as the chief technology officer for a Denver-area suburban city.
Although Dustin has deep experience coaching clients that have experienced data security breaches, Dustin particularly enjoys helping clients assess and mature their data security and privacy programs to help them avoid costly and challenging data-related incidents.
His work often includes drafting privacy policies and data protection agreements, aiding clients with international data transfers, helping clients adopt policies relating to data privacy and security, drafting terms of service for websites and mobile apps, and instituting training programs for clients.
Dustin often counsels clients on compliance with the EU and UK General Data Protection Regulations (“GDPR”), Canadian privacy law, HIPAA, FTCA, GLBA, FERPA, FCRA, COPPA, CAN-SPAM, TCPA, and U.S. state privacy laws.
Dustin’s expertise in data privacy and security is widely recognized. He is recognized as a Certified Information Systems Security Professional (CISSP) through ISC2. He is also recognized by the International Association of Privacy Professionals as a Fellow of Information Privacy, a Certified Information Privacy Professional for the United States, Europe, and Canada (CIPP/US, CIPP/E, and CIPP/C), a Certified Information Privacy Manager (CIPM), and a Certified Information Privacy Technologist (CIPT). He also holds the Security+ designation from CompTIA.
Dustin is a frequent speaker on topics related to data privacy and cybersecurity and has been an adjunct professor at the University of Wyoming College of Law.
Education & Admissions
University of Denver, Sturm College of Law (J.D., 2009), Faculty Prize (valedictorian award), Order of St. Ives, Denver University Law Review
Columbia University (LL.M., 2011), Harlan Fiske Stone Scholar
University of Denver (M.B.A., 2003), Daniels Scholar
University of Wyoming (B.S., Computer Science, 2001), University Honors Program
Admissions
- Colorado
- Washington
- Wyoming
- District of Wyoming
- U.S. Court of Appeal for the Tenth Circuit
Clerkships
- U.S. Court of Appeals for the Tenth Circuit, Honorable Terrence O'Brien, 2011-2014
- Colorado Court of Appeals, Honorable Alan Loeb, 2009-2010
Experience
- Advised an emerging technology company to develop privacy notices and terms of use for their product
- Advised a global franchisor on revisions to their terms of use in response to changes in law and the franchisor’s practices
- Counseled a major healthcare provider in response to a serious ransomware incident
- Assisted a major technology hardware company revise its process for conducting data protection impact assessments
- Aided an emerging artificial intelligence business in developing agreements for the sale of its services to healthcare businesses around the globe
- Advised a major retailer regarding California privacy law compliance
- Advised a major IT services firm regarding international transfers of personal data and other data protection issues
- Counseled a software-as-a-service provider on developing a framework for discussing and negotiating artificial intelligence issues with customers and prospective customers
- Drafted a written information security program and group data transfer agreement for a major U.S. charity
- Advised a global IT services firm regarding a number of security incidents involving its vendors and clients
- Negotiated a number of significant agreements between a financial institution and its information technology system providers
- Counseled a major professional employer organization in the wake of a security incident caused by social engineering
- Provided guidance to a client whose top executive was personally targeted by regulators alleging lax security oversight
News & Resources
Articles
- Law360, Employers Can Prepare For New Colo. Data Privacy Law (2018), https://www.law360.com/publicpolicy/articles/1064287/employers-can-prepare-for-new-colo-data-privacy-law
- Moving Toward Law: Refocusing the Federal Courts’ Plain Error Doctrine in Criminal Cases, 67 U. Miami L. Rev. 521 (2013).
- The Management of Health Care Costs: Independent Medical Review after 'Obamacare', 42 U. Memphis L. Rev. 255 (2012).
- Balancing Consumer Privacy with Behavioral Targeting, 27 Santa Clara Comp. & High Tech L.J. 3 (2011).
- E-Discovery’s Threat to Civil Litigation: Reevaluating Rule 26 for the Digital Age, 63 Rutgers L. Rev. 521 (2011) (with Robert Hardaway and Andrea Defield).
Events & Speaking Engagements
Select Presentations
- Cybersecurity: A Practical Guide to Risk Assessment, State Bar of South Dakota (June 2017)
- Cybersecurity Issues in the Workplace, National Association of Professional Employer Organizations, Capitol Summit, Washington, D.C. (May 2018)
- Data Wars: How the California Consumer Privacy Act Affects California Employers, Salt Lake City, UT (May 2019)
- Corporate Contracting Conundrum: Dealing with Data Security & Privacy Issues, Assoc. of Corporate Counsel Institute, St. Louis, MO (May 2022)
Industries & Practices
Banking & Financial Institutions
Explore This Practice View client achievements related to this practice View resources related to this practiceEnergy & Natural Resources
Explore This Practice View client achievements related to this practice View resources related to this practiceHealthcare & Life Sciences
Explore This Practice View client achievements related to this practice View resources related to this practiceCorporate Governance & Compliance
Explore This Practice View client achievements related to this practice View resources related to this practice- Artificial Intelligence
- Banking & Financial Institutions
- Corporate Governance & Compliance
- Cybersecurity
- Energy & Natural Resources
- Healthcare & Life Sciences
- Privacy & Social Media
- Technology
- Technology Commerce
- Telecommunications
Accolades
- Recognized as a Certified Information Systems Security Professional (CISSP) through ISC2
- Recognized by the International Association of Privacy Professionals as a Fellow of Information Privacy
- Certified Information Privacy Professional for the United States, Europe, and Canada (CIPP/US, CIPP/E, and CIPP/C)
- Certified Information Privacy Manager (CIPM)
- Certified Information Privacy Technologist (CIPT)
- Holds the Security+ designation from CompTIA
