Overview
Dominic is co-chair of the firm’s national Data Privacy and Cybersecurity Practice Group. He advises organizations on data privacy and cybersecurity risks on both a national and international basis, including pre-breach services, incident response strategies and management, and defense of regulatory enforcement actions and single-plaintiff and class action litigation.
Dominic and the McDonald Hopkins Data Privacy team have counseled clients through over 15,000 data breaches and privacy incidents where he works closely with local, state and federal law enforcement, forensic investigators and third-party cybersecurity vendors to offer his clients efficient and effective breach response services in compliance with the numerous state, federal, international and industry-specific legal obligations. Dominic has significant experience defending organizations in third-party and regulatory enforcement actions arising out of a data breach. He also focuses his practice on proactively protecting clients’ personal, sensitive and confidential information and minimizing the risk of a data privacy incident. He has conducted more than 500 breach response workshops and training sessions for organizations and their risk management teams, and helps clients with the development of their written information security programs and incident response plans. In recognition of his efforts in this area, Michigan Lawyers Weekly honored Dominic as one of 30 lawyers selected as the “Leaders in the Law” Class of 2020. Dominic was also named to Cybersecurity Docket’s Incident Response 30 in 2016 and 2018, their Incident Response 40 in 2022, and their Incident Response 50 in 2023 and 2024, a list of the “best and brightest” data breach response attorneys and compliance professionals in the industry. He was recently recognized in the 2025 edition of "Best Lawyers in America" and was named a "Leader in Privacy & Data Security" from Chambers USA. In addition, Dominic and his team were also named a finalist for Advisen’s Cyber Risk Awards for Cyber Law Firm of the Year and Cyber Risk Pre-Breach Team of the Year category.
His work in this area covers a multitude of industries, including, higher education, healthcare, hospitality, retail, automotive, utilities, accounting, financial services, banking, law, information technology, staffing services, manufacturing, food services, professional services, franchises, non-profits, real estate, property management, drug and pharmacy, municipalities, public entities and insurance. Dominic is also a frequent speaker and writer on data privacy law. If you suspect that your organization has suffered a data breach, call our 24/7 Hotline: 855-MH-DATA1 (855-643-2821).
Dominic earned a J.D./M.B.A., cum laude, from University of Detroit Mercy School of Law in 2007. He received a B.S.A., summa cum laude, from University of Detroit Mercy in 2004.
Honors & Recognition
Best Lawyers in America, Michigan, (2025)
Cybersecurity Docket's Incident Response 50 (2023, 2024)
Cybersecurity Docket’s Incident Response 40 (2022)
Chambers USA, Recognized Leader in Privacy & Data Security: Cybersecurity (2024)
Michigan Lawyers Weekly Leaders in the Law, Class of 2020
Selected for inclusion in Michigan Rising Stars (2013-2021)
Cybersecurity Docket’s Incident Response 30 (2016, 2018)
Jason Long Editing Award, University of Detroit Mercy Law Review
Wall Street Journal Award, University of Detroit Mercy College of Business Administration
Credentials
Education
University of Detroit Mercy School of Law
University of Detroit Mercy
Admissions – Court
- U.S. District Court for the Eastern District of Michigan
Admissions – State
- Michigan
Professional & Civic
Professional Activities
State Bar of Michigan
American Bar Association
Detroit Metropolitan Bar Association
Italian-American Bar Association
Phi Alpha Delta
Beta Gamma Sigma
Community Involvement
St. John Hospital and Medical Center Guild (Board of Directors)
University of Detroit Mercy School of Law Alumni Association (Board of Directors)
University of Detroit Mercy College of Business Administration Alumni Association (Board of Directors)
News & Insights
External News & Publications
"Look for These Cyber Regulatory Trends in 2022," NetDiligence, March 18, 2022.
"The Ultimate Guide to Vendor Data Breach Response," Whitepaper, Corvus Insurance Holdings, Inc., August 2020
"A Different Kettle of Phish: Protecting against Email Impersonation and Spoofing During COVID-19," Travelers: Tips from the Bar, June 2020
"Medical devices open Pandora's box of cyber risks," quoted in Business Insurance, October 9, 2018
"Digging Into the President’s Data Breach Notification Bill," JUNTO Blog, March 10, 2015
"President Obama’s New Personal Data Notification & Protection Act: Overview, Analysis, and Challenges," ID Experts Webinar Q&A, February 12, 2015
"Florida toughens breach notice law," quoted in Data Breach Today, June 27, 2014
“Data Privacy: Protecting PEO Assets, Data, and Client Information,” PEO Insider, August 2013
"Aloha! Uh oh! Data Breach in Hawaii after Physician's Computer is Stolen on Vacation," RBMA Monthly Legal Update Digest April 2013
"Risky Business: Sharing Health Data while Protecting Privacy," Trafford Publishing, 2013
“HITECH Final Rule Revises Privacy, Security and Breach Notification Rules,” Northern Ohio Physician – Academy of Medicine of Cleveland & Northern Ohio, March/April 2013
"Anatomy of a Data Breach: A 3 Part Series – Part 3: Immediate Action Items Upon a Data Breach," Risky Business – The Privacy Analytics Newsletter, August 2012
"How to minimize the risk of, or respond to, a data breach," Smart Business Magazine, August 2012
"Data Breach at Your Laboratory? Immediate Action Items! How to Deal with a PHI Violation," G2 Intelligence Compliance Report – Perspectives, July-August 2012
"Anatomy of a Data Breach: A 3 Part Series – Part 2: Proactive Measures and Requirements to Minimize the Risk of a Data Breach," Risky Business – The Privacy Analytics Newsletter, June 2012
"Data Breach? Immediate Action Items!," PEO Insider, April 2012
"Anatomy of a Data Breach: A 3 Part Series – Part 1: Data Privacy Regulations, Penalties and Statistics," Risky Business – The Privacy Analytics Newsletter, March 2012
"3 New state data breach notifications statutes and expiration of a grandfather clause in 2012," RBMA Monthly Legal Update Digest, March 2012
"Attorneys General and FTC continue to increase legal standards for data privacy compliance and penalties for noncompliance," RBMA Monthly Legal Update Digest November 2011
"OESA North American OEM Production P.O. Terms and Conditions Comparative Analysis," co-author, September 2008, 2009
"Trade Secrets and Agreements Not to Compete," co-author, Michigan Chapter, Defense Research Institute (DRI), Winter 2008
Beard v. Whitmore Lake School District, 84 U. DET. MERCY L. REV. 15, Fall 2006
VIEW LESS
Multimedia
McDonald Hopkins' Dominic Paluzzi spoke as part of a panel during this virtual event at the 2023 Incident Response Forum Masterclass
Events
Speaking Engagements
"Cyber Updates: How Can We Best Serve Our Clients on Cyber Claims," Assurex Global Loss & Control Claims Meeting | September 14, 2022
"Cyber Hygiene", Oswald Webinar Series | August 31, 2022
"Anatomy of a Ransomware Attack," Horton Webinar | July 26, 2022
"Look for These Cyber Regulatory Trends in 2022," NetDiligence | March 18, 2022
Cybersecurity Webinar Series: Calming the Chaos of an IT Vendor Breach | October 13, 2020
"COVID-19 Complications: Cyber and Litigation Preparedness," Avalon Webinar, May 13, 2020
"Be Ready for the Billion Dollar Scam,"ePlace Solutions Webinar, October 29, 2019
“Data Breach Response: Before and After the Breach," Financial Poise Cybersecurity & Data Privacy 2018 Webinar Series, December 17, 2018
"Legal and Security Solutions," NetDiligence Cyber Risk Summit, June 12, 2018
Incident Response Forum 2018, April 18, 2018
Educational Institutions Risk Management Day, August 17, 2017
"Third Party Risk and Auditing in Today's Cybersecurity Environment," May 25, 2017
2017 MPL Leadership Conference, "Cyber Panel: Are You Ready For An Attack?," March 9, 2017
"Corporate Governance Developments," 20th Annual Donnelley Financial Solutions SEC Hot Topics Institute, November 17, 2016
Understanding Risk Assessments: Key issues in managing data privacy risk and implementing measures to combat security threats, November 15, 2016
Cyber 2.0 - Demystifying the Coverage and Coverage Triggers of Cyber/Crime Coverage, October 11, 2016
"Attorney/Client Privilege Issues Arising out of Breach Notification: Attorneys’ Ethical Duties When Clients Seek Advice During a Breach, Examining the Communication That is Considered Privileged, and Determining Whether Forensic Reports Should be Turned Over," 2nd National Forum on Data Breach & Privacy Litigation and Enforcement, September 2016
"Attorney/Client Privilege Issues Arising out of Breach Notification: Attorney’s Ethical Duties When Clients Seek Advice During a Breach, Examining the Communication That is Considered Privileged and Determining Whether Forensic Reports Should be Turned Over," American Conference Institute's Data Breach and Privacy Litigation and Enforcement Conference, March 18, 2016
"Public Entity Cybersecurity Risks," IAPD/IPRA Soaring to New Heights conference, January 29, 2016
"Cybersecurity: Protecting Your Information, Assets, & Officers," Clear Law Institute webinar, October 28, 2015
“Tales from the Crypt XIV: The Anatomy of a Data Breach,” Worldwide Employee Benefits Network, October 22, 2015
"Tabletop Exercise on Different Breach Scenarios and With Various Departments (IT, Security, Privacy Officers, CIO)," American Conference Institute's 11th National Advanced Forum on Cyber & Data Risk Insurance, September 30, 2015
“Handling a Cyber Incident from Beginning to End,” Assurex Loss Control & Claims Seminar, September 22, 2015
“Cyber Security, Defenses and Handling a Cyber Incident,” Assurex E&O Plus Quality Management Seminar, September 22, 2015
“Lessons from the Anthem Breach - What PEOs Need to Know and Need to Do with Respect to their Health Plans and 401(k)s,” NAPEO’s 2015 Annual Conference & Marketplace, September 12, 2015
“How Cyber Liability Can Jump Up & Bite You!,” Assurex Global Financial Management Conference, June 26, 2015
“The Evolving Liabilities of Healthcare Cyber, Privacy & Security Risks,” Connecticut Orthopaedic Society, June 16, 2015
“Do you have appropriate data privacy policies and a response plan in place? Will the regulators and the courts agree?,” Third Annual Michigan Cyber Range Cybersecurity Conference, May 12, 2015
“How to Properly Respond to a Data Breach and Regulatory Investigation,” Third Annual Michigan Cyber Range Cybersecurity Conference, May 12, 2015
“Exercising Your Data Breach Response Plan,” RIMS 2015 Annual Conference, April 28, 2015
“The Latest Legal and Financial Implications of Today’s Cyber Risks for US Organizations,” New England Association for Financial Professionals Annual Conference, April 16, 2015
"A Pound of Cure: Strategies for Preventing and Responding to Data Breaches, Part 2," webinar with Epiq Systems, March 31, 2015
"An Ounce of Prevention: Preparing for a New Era of Data Breaches, Part 1," webinar with Epiq Systems, March 24, 2015
"Cybersecurity: Crimes & Consequences," University of Detroit Mercy College of Business Administration Alumni Week, March 17, 2015
"President Obama’s New Personal Data Notification & Protection Act," webinar with ID Experts, February 12, 2015
"Data Breaches: From Prevention to Reaction," The Institute of Internal Auditors (IIA) and Information Systems Audit and Control Association (ISACA), December 8, 2014
"Yes, it CAN happen to you! Are you prepared?," webinar with Enterprise Risk Management, November 14, 2014
“Establishing a Perimeter – Data Privacy & Security in Practice,” The American Pathology Foundation, October 30, 2014
“Managing Public Entity Cyber Risk Exposure,” National League of Cities Risk Information Sharing Consortium Staff Conference, October 21, 2014
"Emerging Regulatory and Enforcement Activities and the Growing Authority of the State AG Offices," American Conference Institute's 9th National Advanced Forum on Cyber & Data Risk Insurance, September 29, 2014
"Data Privacy: Legal Risks, Mitigation, Response and the Impact of the New Florida Information Protection Act," Hospitality Financial and Technology Professionals South Florida Chapter, August 21, 2014
"Mobile Technology, Health Care, and Data Security: Minimizing the Risks and Leveraging the Benefits," The American Law Institute Continuing Legal Education, Webinar, June 26, 2014
"Small entity cyber liability," NetDiligence Cyber Risk & Privacy Liability Forum, June 12, 2014
"Data Security Breaches and Why HR Professionals Should Care," American Society of Employers' Selected Insights Series, May 9, 2014
Breach Response Workshops to Insureds, October 2010-present
"Cyber Risk Seminar: The Maze of Legal Requirements," January 2013
"Data Breach Planning & Response Basics," Webinar, November 2012
"Privacy and Security: What You Need to Know to Keep Your Company Safe," Privacy and Security Seminar, November 2012
"Data Privacy & Security: Why It's the New Top Concern for Directors and General Counsel," presentation for Fortune 100 Company, September 2012
"The Ignored Security Crisis," February 2012
"Cyber and Privacy Liability," Seminar, November 2011
"Data Privacy and Security – Limit Exposure and Penalties," Seminar, September 2011
"Anatomy of a Data Breach," McDonald Hopkins presentation to insureds, July-September 2011
"Take a Smarter Approach to Securing your Data," McDonald Hopkins, TouchWorld and IBM Data Privacy Seminar, March 2011
“Administering New Severance Agreements," September 2009
“Administering New Restrictive Agreements,” June 2009
View Less