Amy L. Carlson

Amy L. Carlson

Of Counsel
Washington, D.C.

About Amy

Amy Carlson is Of Counsel in the Corporate group with more than 20 years of experience assisting clients with a wide range of privacy matters. Using her understanding of the intersection of law and technology along with her understanding of business, she helps companies develop and implement privacy policies, plans and audits, as well as manage data breaches. Amy also has experience with e-commerce, intellectual property, telecommunications, security policy, international privacy and export control issues. Amy is a Certified Information Privacy Professional and a Certified Information Privacy Manager by the International Association of Privacy Professionals. She co-leads the firm's privacy initiative.

Before joining Stoel Rives, Amy was the Chief Privacy Officer at Leidos, Inc. (2013-2015), Chief Privacy Officer and Vice President for Legal (2007-2013) and Corporate Counsel (2004-2007) at SAIC, a partner at Kilpatrick Stockton LLP (2001-2004) and at Preston Gates Ellis & Rouvelas Meeds (1994-2001), and an associate at Dewey Ballantine LLP (1992-1994).


Expand to Read More + See Less -


  • Assisted multibillion-dollar companies which have international health, national security and engineering business lines.
  • Managed the response to the largest reported U.S. health data breach affecting approximately 4.9 million individuals and another health data breach affecting approximately 880,000 individuals.
  • Provided privacy counseling and negotiated contracts in the following areas: Privacy Act of 1974, state privacy laws, Federal government and state agency privacy regulations, GLB, FCRA, FACTA, CAN-SPAM, EU Data Protection Directive, UK Data Protection Act, Canada PIPEDA, PCI DSS, BYOD, outsourcing of IT and other corporate functions, ethics and compliance, genetic testing and biometrics. 
Expand to Read More + See Less -

Honors & Activities

  • Recipient, Excellence in Ethics: Mind Our Business Campaign, Leidos, 2014
  • Recipient, Achievement Award for Excellence in Corporate Responsibility, Team Member of the Protecting Information Program, SAIC, May 2013 
Expand to Read More + See Less -
Insights & Presentations

Insights & Presentations

  • Regular contributor to Stoel Rives’ Global Privacy & Security Blog®
  • ”Healthcare Data Breaches: Unique Industry Issues and Prevention Strategies," Privacy + Security Forum, Washington, DC, Oct. 2017
  • ”HIPAA Health: A How-To Guide and Case Study on HIPAA Risk Assessment," Privacy. Security. Risk., San Diego, CA, Oct. 2017
  • “Three (More) Questions to Ask Yourself About Cyberrisk” (co-author), Corporate Counsel, Aug. 10, 2017
  • “Privacy and Security for Federal Agencies and Government Contractors,” Privacy + Security Forum, Washington, DC, Oct. 2016
  • “Cyber Security and Patient Privacy,” Alaska State of Reform Health Policy Conference, Anchorage, Alaska, Oct. 2015
  • Trade Secrets and Data Breaches: A Privacy Perspective," ABA Section of Intellectual Property Law Annual Meeting, Chicago, Illinois, July 2015
  • Presenter, Data Protection & Privacy Law Compliance Seminar, Marcus Evans Conference, Arlington, Virginia, July 2012

Related News & Publications

Expand to Read More + See Less -
Saved Pages

Use the arrows to arrange content.  Download pages as a .pdf file or share links via email..

{{ item.Title }} {{ item.AttorneyPosition }}, {{ item.AttorneyLocation }} , C. {{ item.AttorneyCell }} , P. {{ item.AttorneyPhone }} , F. {{ item.AttorneyFax }} {{ item.TypeText }} Remove
You have no pages saved
            {{ state | json }}