Welcome to Joshua Carlson P.A.

Joshua Carlson P.A. (PCI-ISA, CISSP, CIPP/G) knows privacy law, and advises companies of all sizes in the areas of technology law, compliance, data security, data privacy and the organizational programs required to achieve and maintain compliance with the governing laws, rules, regulations or private contracts.  Joshua Carlson P.A. also advises companies of all sizes on the technology impacts on organizational culture and effectiveness.


Joshua Carlson P.A. also offers expertise to firms in matters concerning legally compliant data security programs, data privacy programs, Privacy by Design and Security by Design, data breach, illegal data disclosure, privacy violations, and class action.


Mr. Carlson has litigated in state and federal court, and has represented clients on data privacy incidents, unlawful data disclosures, breach handlingand won a significant case in federal court on summary judgment on a critical Fourth Amendment illegal search an seizure issue, by locating and admitting electronic surveillance.


Please read more below about our involvement in current laws, regulations and areas of expertise.


We would like the opportunity to work with you and your firm no matter how large or complex to provide expert guidance in the areas of data privacy and security.

Areas of Consultation and Practice

Technology Law, Data Security, Privacy & Compliance:


Joshua Carlson P.A. can provide your company, division, organization, firm, municipality, government agency, covered entity, business associate, or regulating agency expertise in working in the areas of data security, data privacy and compliance with the governing laws, regulations or contracts that are in place. 


He has worked with small startups and with some of the largest global retail, technology, manufacturing and healthcare companies.  Mr. Carlson tailors his approach to the needs and scope of the organizations regulatory and contractual compliance needs.  He has helped build security and compliance programs for small companies and huge global corporations, he has helped mature existing programs for large companies and provided solutions for companies that found out the hard way that compliance is a very important and strategic part of their business, and isn't necessarily easy or well defined. 


Mr. Carlson is skilled at working with companies of all sizes and complexities, from startups to large global companies with 100's of locations all over the world.  He will make sure to help your company reach for, and attain, (and maintain), proper levels of reasonable security and privacy safeguards, he will also help you understand and clarify for your firm what reasonable measures are. 


Mr. Carlson advises companies and helps them prepare and work through audits related to PCI-DSS, HIPAA, HITECH, Breach Response, GLBA, SOX, FISMA, NIST, SSAE16, f/k/a SAS70.  He has been on the ground for SSAE16, FISMA, PCI-DSS, SOX, SAS70 audits and has performed and written Risk Assessments, System Test and Evaluation Plans (ST&E), audited for FISMA compliance as it relates to 800-53A (and others) and completed and prepared letters related to the above.


Services:  confidential risk evaluation and remediation services, company-auditor liason services, risk assessments, audit liason services, pre-audit assessment, post-audit assessment, complete risk assessment, PCI-DSS readiness assessment, HIPAA compliance review, remediation for all audit and compliance work, consent decree remediation, security program development.


Technology Contract Audits, 3rd Party Audit of Technology Delivery & Organizational Effectiveness:


Technology contracts can be some of the most complex contracts to understand, they involve not only key tenants of contract law, but often 100's of confusing and sometimes conflicting technology terms, new technology abbreviations, new acronyms and functionality of technologies, sometimes which aren't yet proven.  As a result, sometimes parties don't agree on if what was promised and contracted for was actually delivered, especially on large multi-year projects.  When there is a question as to whether technologies are being delivered correctly, and as promised, there is great value in bringing in an expert in technology and law to review from a third party perspective what was done and what may have been missed.  It also helps to have a third party keeping an eye on the contract and changes in technology who has an experienced perspective on major projects; as it is often the case that the customer becomes overwhelmed with all of the moving parts, people, technologies and budgets.


Provide counsel to entities related to the challenges of organizational effectiveness, corporate culture and technology.


Mr. Carlson is licensed to practice in:

  • Minnesota State Court;
  • Minnesota Court of Appeals;
  • United States District Court - District of Minnesota. 


Mr. Carlson holds or has held data security and privacy certifications in:

  • Computer Information Security, (CISSP);
  • Information Privacy, (CIPP /G);
  • PCI-ISA (PCI Internal Security Assessor);
  • Data Forensics. 


He received his Bachelor of Science from the University of Minnesota's Carlson School of Management, and was a part of the honors program while there.


Memberships/Affiliations Involved In:

  • Vice Chair - Computer & Technology Law Section - Minnesota State Bar Association

  • International Association of Privacy Professionals, (IAPP)

  • International Information Systems Security Certification Consortium (ISC2), (CISSP)
  • PCI Security Standards Council (PCI-DSS, PCI Internal Security Assessor) PCI-ISA
  • National Health Lawyers Association (NHLA)
  • Minnesota State Bar Association (MSBA)
  • Hennepin County Bar Association (HCBA)
  • 4th District Ethics Committee
  • Computer and Technology Bar Section
  • Consumer Law Bar Section

Data Privacy and Compliance Laws, Regulations and Rules Joshua Carlson P.A. advises in:

  • TCPA
  • PPA
  • Privacy Act of 1974
  • Breach Response
  • GLBA
  • SOX
  • NIST
  • SAS70
  • SSAE16
  • DPPA

Who We Are

Joshua Carlson P.A. attorneys offer a high degree of specialized knowledge in data security, data privacy, compliance and consumer law. 

The Legal Team

What We Offer

Learn about the fields of law in which we specialize. 



By accessing the Joshua Carlson P.A. web site (TheCarlsonFirm.com),
you are requesting information. The information you are requesting is not legal advice,
advertising or solicitation. Transmission and receipt of the materials on the
web site do not constitute legal advice, establish an attorney-client
relationship, or create any duty of Joshua Carlson P.A. to any reader. An
attorney-client relationship with Joshua Carlson P.A. may be established only
by an engagement letter signed by a Joshua Carlson P.A. lawyer. Unsolicited
information sent to Joshua Carlson P.A. by persons who are not clients of the
firm is not subject to any duty of confidentiality on the part of the firm.