Press & Publications

Joshua Carlson is regularly quoted, interviewed, and published on data privacy, cybersecurity, and AI compliance. Below are recent insights from the firm and selected media features.

Recent insights from The Carlson Firm

Our latest analysis on privacy, AI governance, and compliance. Click any article for the full piece.

California’s Automated Decision-Making Rules Are Now Live — What HR, lending, healthcare, and marketing teams need to do under California’s new ADMT regulations.

Colorado Just Walked Back Its AI Act. Here’s What That Signals. — SB 189 passed May 12, 2026, replacing the risk-management framework with disclosure rules.

Anthropic’s $1.5B Settlement and the New AI Training Data Liability — Bartz v. Anthropic and the practical vendor due diligence framework.

California’s First Dark-Pattern Enforcement — “Choice asymmetry” as a CCPA violation, and the fixes your cookie banner needs now.

The EU AI Act Is Here — Extraterritorial scope, high-risk AI obligations, and the August 2026 deadlines.

Selected media features

2024 — CrowdStrike incident. Quoted on the cybersecurity and regulatory implications of the July 2024 CrowdStrike outage. LinkedIn post.

CCPA feature. Joshua Carlson featured in CCPA implementation article on practical compliance considerations for mid-market businesses.

Rebuilding Empires, by Tom Lee. Quoted in this book on retail industry transformation. Available on Amazon.

Earlier coverage

Joshua has been quoted as an expert source on major data breaches and cybersecurity incidents including the Target breach, the Sony breach, and cybersecurity incidents involving Medtronic, Boston Scientific, and St. Jude. He has presented as a National Strafford speaker on healthcare risk mitigation and HIPAA compliance and prevailed on Fourth Amendment claims in federal court.