Your Global Partner for Data Privacy, Data Security and Overall Data Protection and Lawful Compliance.

We provide the full range of data protection services to fit the changing needs of your organization and the regulatory landscape

Take advantage of our holistic data protection program services, including legally compliant data security programs (policies and procedures, audits, reviews, training), data privacy programs, privacy by design and security by design, data breach, illegal data disclosure, privacy violations, and legal claims response. In addition to our breadth of invaluable knowledge and experience in the realm of data protection programs, we are also here to provide you everything you need from from policies and procedures, to documentation services to audits to risk assesments to security program development and more. 


Healthcare: HIPAA Data Privacy Law and HIPAA Compliance Counsel, Security Risk Analysis, Compliance & Advisory Services: Audits, Risk Assessments, Vendor Risk Assessments, BA Assessments, BAA Services, Subcontractor Assessments, Breach Assessments, Policies and Documentation Assessments, Attestation Reviews and Remediation Services. HIPAA Privacy and Security Policy and Procedure Advisory and Delivery.

Retail: Privacy by Design, data privacy programs, data security programs, regulatory and PCI compliance programs for retail industry and retail industry vendors and suppliers.

Government: State & Fed Contracting Security/Privacy Compliance Guidance, GDPR, Medical Devices, NIST, 800-53 and 800-53A Compliance, Authority to Operate (ATOs), Memorandum of Understandings (MOUs), FISMA, PCI, SOX, HIPAA, HITECH, FEDRAMP, ISO, VA6500, Privacy Shield, Energy sector & critical infrastructure cyber security framework.

GDPR: Data Privacy Impact Assessments (DPIA), GDPR compliance audits, Privacy Shield Certification, GDPR privacy by default, privacy by design, security by design/default, privacy programs design, build, delivery. Ongoing GDPR advisory services.



CCPA: CCPA compliance audits, policy review and development, privacy by default, privacy by design, security by design/default, privacy programs design, build, delivery. Ongoing CCPA advisory services.


*Legal compliance reviews and services, legal representation related to data security and privacy compliance, governmental, industry and contractual data security and privacy compliance.

*PCI-ISA:Trained by PCI-SSC and received certification from PCI Security Standards Council (PCI-SSC) as a PCI Internal Security Assessor. (PCI-ISA)

* Energy: Cybersecurity framework compliance, cybersecurity risk.



Your global partner for data privacy, data security and overall data protection compliance programs.


Our number #1 goal is to deliver to you preeminent knowledge and superior service in the area of data privacy, data security and the full risk management and the full regulatory cycle that goes along with a data protection program.

We are experienced technology attorneys with deep backgrounds in data privacy and data security from the administrative (policies, procedures, training) to the legal constructs of understanding and managing the legal risk landscape.  We have worked in roles with technical and engineering all the way up to executive level providing executives with strategic and management consulting.  We are certified and credentialed in both data security and data privacy technical criteria as well as practitioners of the law.  We can work with the Board, CEO, CIO, CIPO, CISO, the government regulators, all the way across and over to the developers and coders.

The Carlson Firm provides a deep and specialized knowledge of data security and data privacy risk advisory services.  We have provided risk advisory and management consulting services to companies of all sizes, fortune 50 healthcare and retail, to midsize companies, to startup companies, U.S. based to 100s of locations around the globe, heavily regulated industries to serving state and federal government agencies.

If you have data privacy and/or data security regulatory/compliance issues or just want answers on how to improve your compliance program, or want to learn how to win business or need help with government NIST, FISMA, VA6500 type requirements, we are here to deliver.


Global Data Protection Regulation (GDPR), we have performed (and are performing now) dozens of Data Protection Impact Assessments (DPIAs), for companies of all sizes, all over the world, providing our own, or, using the companies desired technology, including working with OneTrust.  We also perform GDPR data mappings, Article 30 records of processing reports, GDPR compliance reviews, GDPR training, GDPR vendor assessments and reviews. 

We will give you confidence and solid footing for any GDPR inquiry from governments your clients or customers. 



Call today and safeguard your company’s data security from breaches.

Why our in-depth industry expertise sets us apart 

The Carlson Firm was formed with one goal and only one goal in mind—to empower each and every one of its clients so it may leverage strong data protection programs to grow business, win business, keep business as well as to help them operationally and strategically differentiate themselves in the market.  The firm’s work is rooted in data privacy and data security compliance and protection, customizing the necessary guides based on your company’s industry and specific risk posture. These tailor-made programs are made to support your company’s unique position (and regulatory burden/opportunity) as it relates to the legal, governmental, and contractual obligations you currently face.


Print | Sitemap

© The Carlson Firm
200 Southdale Center, Edina, MN 55435
Telephone: (612) 961-3748