Services
The Carlson Firm provides sophisticated counsel on every facet of privacy, security, and AI compliance — tailored to your industry, your risk posture, and your business objectives. Choose the practice area that matches your need, or contact us if you’re not sure where you fit.
Core practice areas
- Fractional Privacy Officer & General Counsel — ongoing legal counsel for organizations that need senior privacy expertise without a full-time hire.
- Contracts – Expert and experienced contract negotiation services, including DPAs, addendums, SLAs, SaaS, PaaS, and IT agreements.
- HIPAA & Healthcare Privacy — covered entities, business associates, subcontractors, vendors. Security Risk Analyses, audits, BAA services, breach response.
- GDPR & International Privacy — DPIAs, Article 30 records, vendor assessments, cross-border transfers, SCCs, EU representative coordination.
- CCPA, CPRA, & State Privacy Laws — California, Colorado, Texas, Minnesota CDPA, and the patchwork of state regimes. Compliance audits, policy drafting, choice-asymmetry remediation.
- AI Governance & the EU AI Act — AI inventories, risk classification, ADMT compliance, vendor due diligence, EU AI Act readiness.
- Audits & Assessments — Privacy Impact Assessments (PIAs), DPIAs, vendor risk assessments, PCI assessments, NIST and FISMA compliance reviews.
Audit readiness and regulatory representation
We work alongside — and have worked for — PwC and KPMG on audits for GDPR, CCPA, HIPAA, HITECH, and other frameworks. We provide risk assessments, System Test and Evaluation (ST&E) plans, and the documentation regulators expect to see. If you’re heading into an audit, a regulator inquiry, or a complex contract negotiation, we’re equipped to represent you.
Industries we serve
- Healthcare and life sciences (HIPAA covered entities, BAs, subcontractors)
- Medical Devices: Independent, objective, and experienced audits and assessments of medical devices, mobile apps, and platforms. Expertise in lawful data collection, usage, and sharing, with comprehensive audit support.
- Retail and consumer products (PCI-DSS, CCPA, biometric privacy)
- Government and federal contractors (FISMA, FEDRAMP, NIST)
- Financial services and fintech
- Energy and critical infrastructure
- AI/ML developers and deployers
