Katie L. Butler

609 SW 8th Street, Suite 600
Bentonville, AR 72712

Office: (267) 930-1613


University of Arkansas School of Law
Juris Doctor, 2012

University of Texas at Arlington
Bachelor of Arts, Spanish and English, 2007, cum laude


  • Arkansas
  • Colorado
  • U.S. District Court for the District of Colorado

Practice Areas

Professional Memberships

  • Colorado Bar Association
  • Colorado Women’s Bar Association
  • Colorado Intellectual Property American Inn of Court


  • U.S. Certified Information Privacy Professional (CIPP/US)
  • Europe Certified Information Privacy Professional (CIPP/E)

Katie L. Butler, CIPP/US, CIPP/E is a Partner at Mullen Coughlin. She focuses her practice on counseling technology industry organizations on their data privacy and security compliance programs and the coordination of third parties during a data privacy and security incident. Katie also works with organizations prior to an incident to develop data privacy and security policies, terms-of-use and other contract-related terms.

Furthermore, using her background in intellectual property and technology, she advises companies in how they can incorporate “privacy-by-design” into new and existing technologies.

Prior to joining Mullen Coughlin, Katie was a partner in the Data Privacy & Cybersecurity practice of a mid-size full-service law firm. She also practiced intellectual property and corporate law as Senior Corporate Counsel at Sphero, a STEM-based toy robot manufacturer.


  • Assisted state university system in the investigation of data event, including detection of ransomware prior to execution of encryption such that all student and employee records could be secured without compromise
  • Assisted national university with pre-breach services and remediation, investigation and response to a data event involving unauthorized access to university email accounts impacting personal information and FERPA data
  • Assisted nationwide grocery distribution company in the investigation of and response to a data event, which included notification to individuals and regulators
  • Assisted nationwide managed healthcare company in negotiating HIPAA-compliant agreements with vendors


  • “Who Should Lead Cyber Incident Response Reporting? A Debate Among Experts,” BreachRx Webinar, Virtual, December 13, 2022
  • “Negotiating Cyber Insurance,” Rocky Mountain Information Security Conference, June 9, 2021
  • “The Year Ahead in Privacy,” OneTrust Privacy Connect, October 23, 2020
  • “Disaster-Proofing Your Startup,” Denver Startup Week, September 14, 2020