Dustin Berger is a skilled cybersecurity and data privacy attorney with decades of experience working with clients on matters involving technology, cybersecurity, data privacy and human capital.
His varied experience—both directing the in-house privacy program for a top 10 global IT services provider, and in private practice—makes him a valued asset to his clients and peers.
Dustin has advised clients on data privacy laws around the world, including the Global Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA), the California Consumer Privacy Act/California Privacy Rights Act (CCPA/CPRA) and emerging state privacy laws in states such as Colorado, Virginia and Nevada. He also regularly advises clients on contractual data protection obligations with their customers, service providers and other vendors. He has worked with clients to develop global privacy programs to address privacy law obligations in a structured, practical and risk-based manner. He has helped clients:
- develop and refine privacy notices and other transparency mechanisms;
- improve their management of third-party data protection risks;
- handle data subject rights requests;
- develop data inventories, maps and flows, including records of processing activity;
- conduct data protection impact assessments/privacy impact assessments;
- understand rules regarding cookies and other persistent identifiers;
- comply with requirements associated with the international transfer of personal data;
- evaluate residual risk and risk transfers associated with privacy law compliance;
- determine when the appointment of a data protection officer or representative is necessary for compliance;
- evaluate the privacy and security practices of acquisition targets and provide counsel regarding the integration of acquired businesses;
- advocate with management for the resources necessary to mature their data privacy and security programs;
- evaluate the risks associated with the use of biometric data; and
- assess the security of Internet of Things (IOT) devices against applicable laws.
His experience further extends to working with commercial contract teams in negotiating data protection terms with vendors and supporting them with template data protection agreements, educational seminars and playbooks.
He has also assisted clients in maturing their information security programs and handling information security incidents of all sizes, including data breaches requiring notifications to data subjects and regulators. Clients recognize Dustin as a lawyer who can successfully bridge the gap between technical experts, businesspeople and lawyers, even during the pressure of a security incident.
Dustin’s experience is also reflected in top credentials from a number of data security and privacy industry organizations. He is an ISC2 Certified Information System Security Professional (CISSP). He is also recognized by the International Association of Privacy Professionals as a Fellow of Information Privacy (FIP), Certified Information Privacy Manager (CIPM), Certified Information Privacy Technologist (CIPT), and Certified Information Privacy Professional for the United States, Canada and Europe (CIPP/US, CIPP/C and CIPP/E). Dustin is also CompTIA Security+ certified.
Services and Industries
- Privacy and Data Security
- Technology Transactions
- Class Action Litigation
- Emerging Companies
- Governance and Compliance
- Government Contracts
- Mergers and Acquisitions
- White-Collar Criminal Defense and Government Investigations
- Consumer Products and Services
- Financial Services and Banking
- Health Care and Life Sciences
- Higher Education
- Manufacturing and Innovation
Prior to joining Armstrong Teasdale, Dustin served as lead data privacy and security counsel to a top 10 global IT services provider. There, he directed the organization’s privacy program and was served as primary data privacy/security counsel to the company's information security team, the commercial contracts team, audit/compliance and procurement. He regularly produced playbooks, procedures and educational materials to assist the business’s many customer-facing teams with spotting and handling data protection issues for clients around the world.
Before that, he spent several years in-house for large law firms, practicing in the areas of cybersecurity, data privacy, litigation and employment law. He also served as a judicial clerk at the U.S. Court of Appeals for the Tenth Circuit and the Colorado Court of Appeals.
Earlier in his career, Dustin worked in a number of technical roles, including serving for nearly a decade as Chief Technology Officer for one of the larger suburban cities in the Denver, Colorado metro area.
- Columbia University (LL.M., 2011)
- Technology, Innovation and the Law
- Harlan Fiske Stone Scholar
- University of Denver (J.D., 2009)
- Faculty Prize (Valedictorian)
- Order of St. Ives
- Denver University Law Review
- University of Denver (M.B.A., 2003)
- Daniels Scholar
- University of Wyoming (B.S., 2001)
- Computer Science
- University Honors Program
- International Association of Privacy Professionals
Charitable and Civic Involvement
- Equal Justice Wyoming (Volunteer Attorney, 2015-2018)
- University of Wyoming College of Law (Adjunct Professor of Law, 2016)
- Certified Information System Security Professional (CISSP)
- Fellow of Information Privacy (FIP)
- Certified Information Privacy Manager (CIPM)
- Certified Information Privacy Technologist (CIPT)
- Certified Information Privacy Professional certified for the United States, Canada and Europe (CIPP/US, CIPP/C and CIPP/E)
- CompTIA Security+ Certification