Dustin Berger
PEOPLE

Dustin Berger

Associate
berger.dustin@dorsey.com

Overview

Dustin helps his clients find practical ways to navigate their global data security and privacy obligations, respond to security incidents, and manage the data-related aspects of relationships with vendors and customers. Dustin also helps clients to understand and mitigate deal-related data and technology risks.

In the rapidly changing world of technology, many leaders feel overwhelmed by the rapid emergence of new technologies and the complex laws and regulations that come with them. Dustin's clients don't. That's because he brings a unique perspective to the table—he's not just a lawyer, he's a former technology leader who has walked in their shoes. Having served as a chief technology officer and the chief data security and privacy counsel for a leading global technology services firm, he understands the technology behind the law.

Dustin helps his clients move beyond reactive damage control to build proactive, resilient privacy and security programs. While he is an expert at navigating the aftermath of a security incident, he finds true satisfaction in helping clients prevent them altogether. His work is both strategic and practical, whether he’s helping with international data transfers under the GDPR, ensuring compliance with HIPAA, negotiating a technology deal, or managing data risks during a corporate acquisition. Dustin provides a steady, expert hand, translating legal complexities into clear, actionable strategies that help his clients use technology to thrive.

Dustin often counsels clients on compliance with the EU and UK General Data Protection Regulations (“GDPR”), Canadian privacy law, federal sectoral privacy laws (including HIPAA, FTCA, GLBA, FERPA, FCRA, COPPA, CAN-SPAM, and TCPA) , and U.S. state privacy laws. Dustin also frequently aids clients in their efforts to leverage emerging artificial intelligence technologies in a way that protects their operations from unnecessary risks.

Dustin’s expertise in data privacy and security is widely recognized. He is recognized as a Certified Information Systems Security Professional (CISSP) through ISC2. He is also recognized by the International Association of Privacy Professionals as a Fellow of Information Privacy, a Certified Information Privacy Professional for the United States, Europe, and Canada (CIPP/US, CIPP/E, and CIPP/C), a Certified Information Privacy Manager (CIPM), and a Certified Information Privacy Technologist (CIPT). He also holds the Security+ designation from CompTIA.

Dustin is a frequent speaker on topics related to data privacy and cybersecurity and has been an adjunct professor at the University of Wyoming College of Law.

Education & Admissions

University of Denver, Sturm College of Law (J.D., 2009), Faculty Prize (valedictorian award), Order of St. Ives, Denver University Law Review

Columbia University (LL.M., 2011), Harlan Fiske Stone Scholar

University of Denver (M.B.A., 2003), Daniels Scholar

University of Wyoming (B.S., Computer Science, 2001), University Honors Program

Admissions

  • Colorado
  • Washington
  • Wyoming
  • District of Wyoming
  • U.S. Court of Appeal for the Tenth Circuit

Clerkships

  • U.S. Court of Appeals for the Tenth Circuit, Honorable Terrence O'Brien, 2011-2014
  • Colorado Court of Appeals, Honorable Alan Loeb, 2009-2010

Experience

Representative Experience

  • Represented a startup bank to negotiate agreements with its financial software vendors for a comprehensive cloud-based technology infrastructure
  • Led legal negotiations on behalf of a regional bank to negotiate cost and data protection-related improvements to its contract with its core information systems vendor 
  • Provided guidance to a regional bank on exercising oversight relating to the use of generative artificial intelligence in its information system vendor agreements 
  • Guided an aerospace business in responding to a security incident affecting the data of its employees nationwide
  • Advised an emerging technology company to develop privacy notices and terms of use for their product
  • Advised a global franchisor on revisions to their terms of use in response to changes in law and the franchisor’s practices
  • Counseled a major healthcare provider in response to a serious ransomware incident
  • Provided counsel to a national bank on compliance with emerging data privacy laws
  • Assisted a major technology hardware company revise its process for conducting data protection impact assessments
  • Aided an emerging artificial intelligence business in developing agreements for the sale of its services to healthcare businesses around the globe
  • Advised a major retailer regarding California privacy law compliance
  • Advised a major IT services firm regarding international transfers of personal data and other data protection issues
  • Counseled a software-as-a-service provider on developing a framework for discussing and negotiating artificial intelligence issues with customers and prospective customers
  • Aided a trust company in analyzing and negotiating information system agreements to offer its customers a best-in-class wealth management experience
  • Drafted a written information security program and group data transfer agreement for a major U.S. charity
  • Advised a global IT services firm regarding a number of security incidents involving its vendors and clients
  • Negotiated a number of significant agreements between a financial institution and its information technology system providers
  • Counseled a major professional employer organization in the wake of a security incident caused by social engineering
  • Provided guidance to a client whose top executive was personally targeted by regulators alleging lax security oversight

News & Resources

Articles

FTC Finalizes Click to Cancel and Negative Option Rule
Cybercrime Trends: A Midyear Review
Guidance from European Data Protection Board Requires Consent for Tracking
Leaning Toward Commonality: States Enact New Comprehensive Consumer Data Privacy Laws
Leaning Toward Commonality: States Enact New Comprehensive Consumer Data Privacy Laws
  • Law360, Employers Can Prepare For New Colo. Data Privacy Law (2018), https://www.law360.com/publicpolicy/articles/1064287/employers-can-prepare-for-new-colo-data-privacy-law
  • Moving Toward Law: Refocusing the Federal Courts’ Plain Error Doctrine in Criminal Cases, 67 U. Miami L. Rev. 521 (2013).
  • The Management of Health Care Costs: Independent Medical Review after 'Obamacare', 42 U. Memphis L. Rev. 255 (2012).
  • Balancing Consumer Privacy with Behavioral Targeting, 27 Santa Clara Comp. & High Tech L.J. 3 (2011).
  • E-Discovery’s Threat to Civil Litigation: Reevaluating Rule 26 for the Digital Age, 63 Rutgers L. Rev. 521 (2011) (with Robert Hardaway and Andrea Defield).

Select Presentations

  • Cybersecurity: A Practical Guide to Risk Assessment, State Bar of South Dakota (June 2017)
  • Cybersecurity Issues in the Workplace, National Association of Professional Employer Organizations, Capitol Summit, Washington, D.C. (May 2018)
  • Data Wars: How the California Consumer Privacy Act Affects California Employers, Salt Lake City, UT (May 2019)
  • Corporate Contracting Conundrum: Dealing with Data Security & Privacy Issues, Assoc. of Corporate Counsel Institute, St. Louis, MO (May 2022)

Industries & Practices

  • Artificial Intelligence
  • Banking & Financial Institutions
  • Corporate Governance & Compliance
  • Cybersecurity
  • Energy & Natural Resources
  • Healthcare & Life Sciences
  • Privacy & Social Media
  • Technology
  • Technology Commerce
  • Telecommunications

Professional & Civic

Community Involvement

  • Colorado LGBT Bar Association

Accolades

  • Recognized as a Certified Information Systems Security Professional (CISSP) through ISC2
  • Recognized by the International Association of Privacy Professionals as a Fellow of Information Privacy
  • Certified Information Privacy Professional for the United States, Europe, and Canada (CIPP/US, CIPP/E, and CIPP/C)
  • Certified Information Privacy Manager (CIPM)
  • Certified Information Privacy Technologist (CIPT)
  • Holds the Security+ designation from CompTIA
Dustin Berger